{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `hyperswitch-demo` image uses the latest tag", "shortDescription": {"text": "Compose service `hyperswitch-demo` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Add a database-native healthcheck such as pg_isready, mysqladmin ping, redis-cli ping, or the vendor's readiness command."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Mount the database data directory to a named Docker volume or managed persistent disk, and document backup and restore testing."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `mailhog` image has no explicit tag", "shortDescription": {"text": "Compose service `mailhog` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "Give the database a healthcheck and change the dependency to `depends_on: { db: { condition: service_healthy } }`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility", "category": "injection", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CFG002", "name": "[CFG002] Docker Uses :latest Tag: Using :latest tag makes builds non-reproducible.", "shortDescription": {"text": "[CFG002] Docker Uses :latest Tag: Using :latest tag makes builds non-reproducible."}, "fullDescription": {"text": "Pin to a specific version (e.g., python:3.12-slim)."}, "properties": {"scanner": "repobility", "category": "docker", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CFG003", "name": "[CFG003] Docker COPY Everything: Copying entire directory may include secrets and build artifacts.", "shortDescription": {"text": "[CFG003] Docker COPY Everything: Copying entire directory may include secrets and build artifacts."}, "fullDescription": {"text": "Use .dockerignore and COPY specific files/directories."}, "properties": {"scanner": "repobility", "category": "docker", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 189 more): Same pattern found in 189 ad", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 189 more): Same pattern found in 189 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC030", "name": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without vali", "shortDescription": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but"}, "fullDescription": {"text": "Validate the redirect URL against an allowlist of safe destinations:\n  # Django:\n  from django.utils.http import url_has_allowed_host_and_scheme\n  if not url_has_allowed_host_and_scheme(url, allowed_hosts={request.get_host()}):\n      url = '/'  # safe default\nOr restrict to relative paths only: `if not url.startswith('/'): abort(400)`. Never accept external schemes without verification."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "SEC010", "name": "[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code.", "shortDescription": {"text": "[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code."}, "fullDescription": {"text": "Remove immediately and rotate the token. Use environment variables."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "DKC008", "name": "Compose service mounts the Docker socket", "shortDescription": {"text": "Compose service mounts the Docker socket"}, "fullDescription": {"text": "Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/44"}, "properties": {"repository": "https://github.com/juspay/hyperswitch.git", "repoUrl": "https://github.com/juspay/hyperswitch.git", "branch": "main"}, "results": [{"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bce0a410ce533cb8f7063d6189d5d7113a69d80cf916fd8dc069544184c68804", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/refunds.rs", "correlation_key": "fp|bce0a410ce533cb8f7063d6189d5d7113a69d80cf916fd8dc069544184c68804"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/refunds_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e03b73d0da89456cabb6b36588801f1c31ba56a567e62a2afc2865b0abe36ed5", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/payouts.rs", "correlation_key": "fp|e03b73d0da89456cabb6b36588801f1c31ba56a567e62a2afc2865b0abe36ed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/payouts_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1c4f739f2ae4dc32e5d63886baed105520d0f8dfa406c34b0b3ecae7c312aab", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/payments.rs", "correlation_key": "fp|f1c4f739f2ae4dc32e5d63886baed105520d0f8dfa406c34b0b3ecae7c312aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/payments_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3251f1002ed567b667b0c2eab4740d857eb8a657eac137061e950032fd0a6207", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/merchant_connector_webhook_management.rs", "correlation_key": "fp|3251f1002ed567b667b0c2eab4740d857eb8a657eac137061e950032fd0a6207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/merchant_connector_webhook_management_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2db4ec8c627867c76e05fbfc914b92b5127ab3ccd14a373f76e82e764917bcd", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/fraud_check.rs", "correlation_key": "fp|e2db4ec8c627867c76e05fbfc914b92b5127ab3ccd14a373f76e82e764917bcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/fraud_check_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2867d513725d5f2900c6335c3323c4b24726d1c0d4d45dcf14b7459bebd79de", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/files.rs", "correlation_key": "fp|a2867d513725d5f2900c6335c3323c4b24726d1c0d4d45dcf14b7459bebd79de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/files_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "161c69b6538d71ef2094fe0a6fc051e3202a725e9e4ad7f6a528160488b0fa91", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/disputes.rs", "correlation_key": "fp|161c69b6538d71ef2094fe0a6fc051e3202a725e9e4ad7f6a528160488b0fa91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/disputes_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d1072d30853c86681011ab9616dae4dc1e29fe5da584d0ae83d08cd7cce06d2", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/types/api/authentication.rs", "correlation_key": "fp|5d1072d30853c86681011ab9616dae4dc1e29fe5da584d0ae83d08cd7cce06d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/types/api/authentication_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed7c19c1febebf28b454f8064d76d6853b46a74d5d933ec461e96f0686593d81", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/core/webhooks/outgoing.rs", "correlation_key": "fp|ed7c19c1febebf28b454f8064d76d6853b46a74d5d933ec461e96f0686593d81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/webhooks/outgoing_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d92a2152df7e6dad987c4e97bc2b3259be43b7f81690b8ba1bd94dee7e6c87d", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/core/webhooks/incoming.rs", "correlation_key": "fp|2d92a2152df7e6dad987c4e97bc2b3259be43b7f81690b8ba1bd94dee7e6c87d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/webhooks/incoming_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd22756628619829096ab810d182af9d5998d9afded18e2157db4ca795a3f1d1", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/core/payments/operations/payment_capture.rs", "correlation_key": "fp|dd22756628619829096ab810d182af9d5998d9afded18e2157db4ca795a3f1d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payments/operations/payment_capture_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9443dfdc7fb893212178c3762824d79d4ce2bb7f05798d6156dbe28db7208db7", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/core/payments/operations/payment_cancel.rs", "correlation_key": "fp|9443dfdc7fb893212178c3762824d79d4ce2bb7f05798d6156dbe28db7208db7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payments/operations/payment_cancel_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1080ef113252ef9d026fbb7493c36283decbe90639075cf8fe846d44b149f5c5", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/router/src/core/refunds.rs", "correlation_key": "fp|1080ef113252ef9d026fbb7493c36283decbe90639075cf8fe846d44b149f5c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/refunds_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "921b89bb979230563d9991fc6c745e06a897ff4ae429ed6cf93cea7990161f30", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/openapi/src/openapi.rs", "correlation_key": "fp|921b89bb979230563d9991fc6c745e06a897ff4ae429ed6cf93cea7990161f30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/openapi/src/openapi_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de7df5bcfa9639b914d70505981af77ec9e3479b5aee041ca9afe046ee323603", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/vault.rs", "correlation_key": "fp|de7df5bcfa9639b914d70505981af77ec9e3479b5aee041ca9afe046ee323603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/vault_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3623156983f8f9d90fdfb58e6b1731dda7f02866155f5c6f9676be92c60b4287", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/subscriptions.rs", "correlation_key": "fp|3623156983f8f9d90fdfb58e6b1731dda7f02866155f5c6f9676be92c60b4287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/subscriptions_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 27886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e04039e02c011eb7da6bb7e9e20f9538e0f8325e827586efce1603365aa5de83", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/revenue_recovery.rs", "correlation_key": "fp|e04039e02c011eb7da6bb7e9e20f9538e0f8325e827586efce1603365aa5de83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/revenue_recovery_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 27865, "scanner": "repobility-threat-engine", "fingerprint": "0f8edab72759779a34422a4d2372abf0ba6c40b984740866e796b722ece60260", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.5 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password = \"<redacted>\"", "reason": "Low entropy value (2.5 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|crates/hsdev/src/main.rs|10|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hsdev/src/main.rs"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 27864, "scanner": "repobility-threat-engine", "fingerprint": "fa5d4a0ee8e4f06ff784e167919f90a37d0f972d522edc4078b168226fdd2cb6", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "evidence": {"match": "DB_PASS=\"db_password\"", "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|install_dependencies.sh|1|db_pass db_password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "INSTALL_dependencies.sh"}, "region": {"startLine": 15}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4926, "scanner": "repobility-agent-runtime", "fingerprint": "8c7044bedf35440b545f62abec168242d83b0ad0d90f13ae6425d93c79adca65", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8c7044bedf35440b545f62abec168242d83b0ad0d90f13ae6425d93c79adca65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/development.toml"}, "region": {"startLine": 150}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-demo` image uses the latest tag"}, "properties": {"repobilityId": 4378, "scanner": "repobility-docker", "fingerprint": "9bed73171fd9218cd762a925f210a3ebad851940389b05852c9a09eb8bc06f5f", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-react-demo-app:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9bed73171fd9218cd762a925f210a3ebad851940389b05852c9a09eb8bc06f5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 522}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4374, "scanner": "repobility-docker", "fingerprint": "a2a11297cbebc75c0352e817ef6c9ead66338a90d121fc418648d4a809fb9452", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|a2a11297cbebc75c0352e817ef6c9ead66338a90d121fc418648d4a809fb9452"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 495}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4371, "scanner": "repobility-docker", "fingerprint": "e977bfc4e01450aaa9fa976d5b5b8d05afcbc5dcc58f0615c80483161397b26b", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|e977bfc4e01450aaa9fa976d5b5b8d05afcbc5dcc58f0615c80483161397b26b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 480}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4367, "scanner": "repobility-docker", "fingerprint": "b5ccdf71dca452c75bff0982b2e16d68f7307f023c8fb4a5dbf8dded02654bdc", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|b5ccdf71dca452c75bff0982b2e16d68f7307f023c8fb4a5dbf8dded02654bdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4361, "scanner": "repobility-docker", "fingerprint": "b785addbb50cf1a7e1eebac8bd96c32c3664d236295f1657319c11e189cd99ec", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|b785addbb50cf1a7e1eebac8bd96c32c3664d236295f1657319c11e189cd99ec", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 447}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `kafka-ui` image uses the latest tag"}, "properties": {"repobilityId": 4359, "scanner": "repobility-docker", "fingerprint": "ee059f754b8625c5b6bcdecc10e2e6f8e4e67e7cefd739c803d284c22a06203e", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/provectuslabs/kafka-ui:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ee059f754b8625c5b6bcdecc10e2e6f8e4e67e7cefd739c803d284c22a06203e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 447}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4357, "scanner": "repobility-docker", "fingerprint": "9d5ea700ef0575d44f7e3e6a19374e7fc42293b83421145d9cc929667975a0fa", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|9d5ea700ef0575d44f7e3e6a19374e7fc42293b83421145d9cc929667975a0fa", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 413}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4354, "scanner": "repobility-docker", "fingerprint": "f63422faa626aa761488b63ff4bff752b4b9a4ea3633e54e5040407bb87b8d20", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|f63422faa626aa761488b63ff4bff752b4b9a4ea3633e54e5040407bb87b8d20", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 402}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `redis-insight` image uses the latest tag"}, "properties": {"repobilityId": 4352, "scanner": "repobility-docker", "fingerprint": "13235c99dc8a248800ebcc04ca0bfacca6e16ba008d46633a4ebcb84ddeda889", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/redislabs/redisinsight:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|13235c99dc8a248800ebcc04ca0bfacca6e16ba008d46633a4ebcb84ddeda889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 402}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `tempo` image uses the latest tag"}, "properties": {"repobilityId": 4349, "scanner": "repobility-docker", "fingerprint": "7ce980bc196f58b48ce67b81632269ddf70dc431f1ff1718923f821a0e4754db", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/tempo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ce980bc196f58b48ce67b81632269ddf70dc431f1ff1718923f821a0e4754db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 388}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 4346, "scanner": "repobility-docker", "fingerprint": "fa2f24f42f41c0ce651643df9a6ba473f93dde169becefd00894344c598dab2b", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fa2f24f42f41c0ce651643df9a6ba473f93dde169becefd00894344c598dab2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 376}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `otel-collector` image uses the latest tag"}, "properties": {"repobilityId": 4343, "scanner": "repobility-docker", "fingerprint": "0aa5e457795dfc656c185c1e46e305442f17d647ca1a4dc1478816e4b3ab1be9", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/otel/opentelemetry-collector-contrib:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0aa5e457795dfc656c185c1e46e305442f17d647ca1a4dc1478816e4b3ab1be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 362}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `loki` image uses the latest tag"}, "properties": {"repobilityId": 4340, "scanner": "repobility-docker", "fingerprint": "b1b1b275f4c5e16c59832ce27fd5e3ab857333e185b4700f52fcedbd63c6d327", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/loki:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b1b1b275f4c5e16c59832ce27fd5e3ab857333e185b4700f52fcedbd63c6d327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 350}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `grafana` image uses the latest tag"}, "properties": {"repobilityId": 4337, "scanner": "repobility-docker", "fingerprint": "ba2fdea139a3c24a6ce4467ceccc564941d430000e9b7283888c3e63a4295d0e", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/grafana:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ba2fdea139a3c24a6ce4467ceccc564941d430000e9b7283888c3e63a4295d0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 333}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4335, "scanner": "repobility-docker", "fingerprint": "fbbd099c4d2fe1aa34496a506d10c3da064941820f3a7e72077a1f1b01696933", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-init", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|fbbd099c4d2fe1aa34496a506d10c3da064941820f3a7e72077a1f1b01696933", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 307}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4333, "scanner": "repobility-docker", "fingerprint": "eafadae35a4bf76799fdfe163e657909afb846ac7cef387b9975a31891e8562a", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|eafadae35a4bf76799fdfe163e657909afb846ac7cef387b9975a31891e8562a", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `poststart-hook` image uses the latest tag"}, "properties": {"repobilityId": 4331, "scanner": "repobility-docker", "fingerprint": "f87f39234e9ec530f64dd908c1d7d149aa8c2fa273ce507ec74f5d20ab23411d", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/curlimages/curl-base:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f87f39234e9ec530f64dd908c1d7d149aa8c2fa273ce507ec74f5d20ab23411d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 272}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `create-default-user` image uses the latest tag"}, "properties": {"repobilityId": 4330, "scanner": "repobility-docker", "fingerprint": "ef482bc0f921b065c44923d9dd92a2079cc159e5a0476ee4756b93e1423cb509", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/curlimages/curl-base:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ef482bc0f921b065c44923d9dd92a2079cc159e5a0476ee4756b93e1423cb509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 250}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-control-center` image uses the latest tag"}, "properties": {"repobilityId": 4327, "scanner": "repobility-docker", "fingerprint": "533b83e24246215487924a7ef76dad2f66b8489452536592f3b0f794f2e2840c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-control-center:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|533b83e24246215487924a7ef76dad2f66b8489452536592f3b0f794f2e2840c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 231}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-web` image uses the latest tag"}, "properties": {"repobilityId": 4324, "scanner": "repobility-docker", "fingerprint": "e2de85d47f9a4df36d073fc277d6609df00ad0fd8f9034d4a9bcf834e25ee74e", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-web:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e2de85d47f9a4df36d073fc277d6609df00ad0fd8f9034d4a9bcf834e25ee74e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 212}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `mailhog` image has no explicit tag"}, "properties": {"repobilityId": 4319, "scanner": "repobility-docker", "fingerprint": "cfe7bfbae6375398a100f08961172d6162b40c865b6d41796ab0b63f8c9cc358", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "docker.io/mailhog/mailhog", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cfe7bfbae6375398a100f08961172d6162b40c865b6d41796ab0b63f8c9cc358"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `superposition-init` image uses the latest tag"}, "properties": {"repobilityId": 4318, "scanner": "repobility-docker", "fingerprint": "b08a802a0ea5947c202a5937075b7c4fd7402e3cb7dc0d1be1b6a9be04ce63ea", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b08a802a0ea5947c202a5937075b7c4fd7402e3cb7dc0d1be1b6a9be04ce63ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 4074, "scanner": "repobility-agent-runtime", "fingerprint": "c811481d82d95b4bb5bb2d8ac41e04d2fd9a9deeecc19d2d414f69c5cdc36f29", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c811481d82d95b4bb5bb2d8ac41e04d2fd9a9deeecc19d2d414f69c5cdc36f29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 4073, "scanner": "repobility-agent-runtime", "fingerprint": "61b920c314a18375dc47e839cb5a7475608b2f2eeacc1f7d173bf1f9bbaedf47", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|61b920c314a18375dc47e839cb5a7475608b2f2eeacc1f7d173bf1f9bbaedf47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose-development.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4072, "scanner": "repobility-agent-runtime", "fingerprint": "62f1503c616b7a9260301d89cd8d6831a8f79823d8a25ec3c2b0ba1ac5d93499", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|62f1503c616b7a9260301d89cd8d6831a8f79823d8a25ec3c2b0ba1ac5d93499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cypress-tests/cypress/fixtures/create-mandate-cit.json"}, "region": {"startLine": 33}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4071, "scanner": "repobility-agent-runtime", "fingerprint": "4d5d232068312c73df23e83246fcfbba3db820fcb5b663423b98fba8c3211f9f", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4d5d232068312c73df23e83246fcfbba3db820fcb5b663423b98fba8c3211f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cypress-tests/cypress/fixtures/create-confirm-body.json"}, "region": {"startLine": 21}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4070, "scanner": "repobility-agent-runtime", "fingerprint": "39a1bd251883cac6cbc7434a3d99cd24fa478ea5e02a19644ee27a15ea4f9711", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|39a1bd251883cac6cbc7434a3d99cd24fa478ea5e02a19644ee27a15ea4f9711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cypress-tests/cypress/fixtures/confirm-body.json"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4069, "scanner": "repobility-agent-runtime", "fingerprint": "d469f351347d4f4e8a22dad3eb1a740014e90de6445e8cd78f0886d9a96ddcb8", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d469f351347d4f4e8a22dad3eb1a740014e90de6445e8cd78f0886d9a96ddcb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/development.toml"}, "region": {"startLine": 149}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `grafana` image uses the latest tag"}, "properties": {"repobilityId": 2652, "scanner": "repobility-docker", "fingerprint": "a3a5ac9b05a22901c28f4b9fb73e48a71bf74a0d60cafe10d411399e404a59c5", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/grafana:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a3a5ac9b05a22901c28f4b9fb73e48a71bf74a0d60cafe10d411399e404a59c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `tempo` image uses the latest tag"}, "properties": {"repobilityId": 2649, "scanner": "repobility-docker", "fingerprint": "cf2ac4f9422c1a9779d1969c2152390f83ffbb7f0a42f861401892f48967c90e", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/tempo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cf2ac4f9422c1a9779d1969c2152390f83ffbb7f0a42f861401892f48967c90e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 2646, "scanner": "repobility-docker", "fingerprint": "4d38003b456a4f4b19eb4f82c6ce4bca87975b502196513883eb421d62589e2f", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4d38003b456a4f4b19eb4f82c6ce4bca87975b502196513883eb421d62589e2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `otel-collector` image uses the latest tag"}, "properties": {"repobilityId": 2643, "scanner": "repobility-docker", "fingerprint": "20966ed5a46479a34662aaacd7bb3a36e2bad805edd1ddd40639f70434e5fba6", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "otel/opentelemetry-collector:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|20966ed5a46479a34662aaacd7bb3a36e2bad805edd1ddd40639f70434e5fba6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `loki` image uses the latest tag"}, "properties": {"repobilityId": 2640, "scanner": "repobility-docker", "fingerprint": "3d38a5a7827a516e72b6df5970f4a15e45f3924083f0deb2b5fa76e9d82409b4", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/loki:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3d38a5a7827a516e72b6df5970f4a15e45f3924083f0deb2b5fa76e9d82409b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `promtail` image uses the latest tag"}, "properties": {"repobilityId": 2639, "scanner": "repobility-docker", "fingerprint": "6ff57e465454541cb05940fe8c156ca10a20da60b8d2a757c75fdcb45ae474e0", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/promtail:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6ff57e465454541cb05940fe8c156ca10a20da60b8d2a757c75fdcb45ae474e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `grafana` image uses the latest tag"}, "properties": {"repobilityId": 2636, "scanner": "repobility-docker", "fingerprint": "f1769bdfc0074677369326f99dcb78eb7a1027e6f8a2c8f518f7c1bf8d32b766", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/grafana:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f1769bdfc0074677369326f99dcb78eb7a1027e6f8a2c8f518f7c1bf8d32b766"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 113}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `tempo` image uses the latest tag"}, "properties": {"repobilityId": 2635, "scanner": "repobility-docker", "fingerprint": "ce9f79d85dcc4bb7f624229c7de8e2f44ec0fa3ba93cb86e80b6935f2310cde0", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/tempo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ce9f79d85dcc4bb7f624229c7de8e2f44ec0fa3ba93cb86e80b6935f2310cde0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 104}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `otel-collector` image uses the latest tag"}, "properties": {"repobilityId": 2634, "scanner": "repobility-docker", "fingerprint": "c069ba76d2c3fb73834c842fce5357fe3d0d224896a397d450e74432511cf73a", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "otel/opentelemetry-collector:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c069ba76d2c3fb73834c842fce5357fe3d0d224896a397d450e74432511cf73a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 96}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2633, "scanner": "repobility-docker", "fingerprint": "bb3a0e485acf501a0ee11a89d427c8055bbd067d735c85bf62caac56525c6dc4", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "influxdb", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|bb3a0e485acf501a0ee11a89d427c8055bbd067d735c85bf62caac56525c6dc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 89}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `k6` image uses the latest tag"}, "properties": {"repobilityId": 2631, "scanner": "repobility-docker", "fingerprint": "cd0cacb85a0bb3d13449a29e76a4c496821ecfae4b740394f23d9241b62df05c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "loadimpact/k6:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cd0cacb85a0bb3d13449a29e76a4c496821ecfae4b740394f23d9241b62df05c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 75}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2626, "scanner": "repobility-docker", "fingerprint": "0095915e2ce90791b758b0b28e4fb16bc06ebfced1a51cbd1e365610df6b5fe0", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-queue", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|0095915e2ce90791b758b0b28e4fb16bc06ebfced1a51cbd1e365610df6b5fe0", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `stripe-mock` image uses the latest tag"}, "properties": {"repobilityId": 2625, "scanner": "repobility-docker", "fingerprint": "2e8be6634e6e9df28b17ec98115e3ae7b93329512353b4ee5141345c55bb1a99", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "heyrutvik/stripe-mock:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2e8be6634e6e9df28b17ec98115e3ae7b93329512353b4ee5141345c55bb1a99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `db` image has no explicit tag"}, "properties": {"repobilityId": 2622, "scanner": "repobility-docker", "fingerprint": "ae494e8e99dc85786c1b77413ed6221b8de4539ffa9f4fe644e0230ef75dd287", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "postgres", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ae494e8e99dc85786c1b77413ed6221b8de4539ffa9f4fe644e0230ef75dd287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-demo` image uses the latest tag"}, "properties": {"repobilityId": 2618, "scanner": "repobility-docker", "fingerprint": "31a388475fa52fe77fb4c0feb79bd291085b65333fd5b96f6d29a1f03322b2e4", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-react-demo-app:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|31a388475fa52fe77fb4c0feb79bd291085b65333fd5b96f6d29a1f03322b2e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 518}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2614, "scanner": "repobility-docker", "fingerprint": "562a2f854049ed41ea9601cacfd3b8dcb3b6d2544bae717ca04df479ee92e392", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|562a2f854049ed41ea9601cacfd3b8dcb3b6d2544bae717ca04df479ee92e392"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 491}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2611, "scanner": "repobility-docker", "fingerprint": "4d3fae9d735d8fb258625b53ae04f6101d16210505e0327ca102dda5ea0f9958", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|4d3fae9d735d8fb258625b53ae04f6101d16210505e0327ca102dda5ea0f9958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 476}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2607, "scanner": "repobility-docker", "fingerprint": "0322940538a9573615739ef3beed90e5d2b3d29d1e9b82fe623e073c2f9a1eb6", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0322940538a9573615739ef3beed90e5d2b3d29d1e9b82fe623e073c2f9a1eb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2601, "scanner": "repobility-docker", "fingerprint": "be6fd9dc61bde489d32b519b6059094e668cf6b7794e2c0949950d0fbc4c1a0e", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|be6fd9dc61bde489d32b519b6059094e668cf6b7794e2c0949950d0fbc4c1a0e", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `kafka-ui` image uses the latest tag"}, "properties": {"repobilityId": 2599, "scanner": "repobility-docker", "fingerprint": "62e497f236f316c3aa05eab20de7c10c92bb15293f76bfc6c5336c1247abf173", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/provectuslabs/kafka-ui:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|62e497f236f316c3aa05eab20de7c10c92bb15293f76bfc6c5336c1247abf173"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2597, "scanner": "repobility-docker", "fingerprint": "22aab6a4b2ae7d60a1f059ea13417611c73bffaa9a6afcea7dbba32ac411af79", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|22aab6a4b2ae7d60a1f059ea13417611c73bffaa9a6afcea7dbba32ac411af79", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 409}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2594, "scanner": "repobility-docker", "fingerprint": "f3cc0c6934d6c7ae1ab8fb30b71962e8f141ad2e338d8eecaac7b2802287fec7", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|f3cc0c6934d6c7ae1ab8fb30b71962e8f141ad2e338d8eecaac7b2802287fec7", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 398}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `redis-insight` image uses the latest tag"}, "properties": {"repobilityId": 2592, "scanner": "repobility-docker", "fingerprint": "dfdd53e528417972011a51f649050e0621c57e211a8db7958e63c17d0e47f222", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/redislabs/redisinsight:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dfdd53e528417972011a51f649050e0621c57e211a8db7958e63c17d0e47f222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 398}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `tempo` image uses the latest tag"}, "properties": {"repobilityId": 2589, "scanner": "repobility-docker", "fingerprint": "b58aab3ce698bbe4e660caf9a5e5a21bbc74eae16152571c9f137233894800ee", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/tempo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b58aab3ce698bbe4e660caf9a5e5a21bbc74eae16152571c9f137233894800ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 384}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 2586, "scanner": "repobility-docker", "fingerprint": "d486532f7b4c132104c2011fc137a25a8c6435469bf6e44d2912bd3772c173de", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d486532f7b4c132104c2011fc137a25a8c6435469bf6e44d2912bd3772c173de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 372}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `otel-collector` image uses the latest tag"}, "properties": {"repobilityId": 2583, "scanner": "repobility-docker", "fingerprint": "b10f83a439abc5f63d771cba3a7a9094fcc4ccbce27f01dbecc7275eead7dba6", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/otel/opentelemetry-collector-contrib:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b10f83a439abc5f63d771cba3a7a9094fcc4ccbce27f01dbecc7275eead7dba6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 358}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `loki` image uses the latest tag"}, "properties": {"repobilityId": 2580, "scanner": "repobility-docker", "fingerprint": "52525cb98cdb20d2131f3ae69e3c5efbd112431443d674d2b213375eeced4dbd", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/loki:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|52525cb98cdb20d2131f3ae69e3c5efbd112431443d674d2b213375eeced4dbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 346}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `grafana` image uses the latest tag"}, "properties": {"repobilityId": 2577, "scanner": "repobility-docker", "fingerprint": "8290d1d77f9a8d55acb4fb80f1115b6c50bf6f506bdeb032182c5b4196312c24", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/grafana/grafana:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8290d1d77f9a8d55acb4fb80f1115b6c50bf6f506bdeb032182c5b4196312c24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 329}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2575, "scanner": "repobility-docker", "fingerprint": "551355ef43a192ed1feb38fbbcc7cbc1e405b1b9294f44853625131189bb3ede", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-init", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|551355ef43a192ed1feb38fbbcc7cbc1e405b1b9294f44853625131189bb3ede", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 303}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2573, "scanner": "repobility-docker", "fingerprint": "f787bc5e3e42bad8c5503739b331ee3ef2dec0ec6420dab6b1b7608d9f47eb4e", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|f787bc5e3e42bad8c5503739b331ee3ef2dec0ec6420dab6b1b7608d9f47eb4e", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 288}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `poststart-hook` image uses the latest tag"}, "properties": {"repobilityId": 2571, "scanner": "repobility-docker", "fingerprint": "8056032f189cf1853366ba20592e106cb36ba60260aa08163899a287aed0e442", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/curlimages/curl-base:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8056032f189cf1853366ba20592e106cb36ba60260aa08163899a287aed0e442"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 268}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `create-default-user` image uses the latest tag"}, "properties": {"repobilityId": 2570, "scanner": "repobility-docker", "fingerprint": "2264c60efb87ddb9c4f74e4ff0ec2ea52708555bb4ef3aa64ac486866fd3f956", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/curlimages/curl-base:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2264c60efb87ddb9c4f74e4ff0ec2ea52708555bb4ef3aa64ac486866fd3f956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 246}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-control-center` image uses the latest tag"}, "properties": {"repobilityId": 2567, "scanner": "repobility-docker", "fingerprint": "71f0ff15dd0ebb9915fbcead26f04f7f173867fb3c8e248e0bef4fe63c98f334", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-control-center:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|71f0ff15dd0ebb9915fbcead26f04f7f173867fb3c8e248e0bef4fe63c98f334"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 227}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hyperswitch-web` image uses the latest tag"}, "properties": {"repobilityId": 2564, "scanner": "repobility-docker", "fingerprint": "246cae2889792b06efced1da104381372eac4d4661c5087692db1fc0925d6053", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "docker.juspay.io/juspaydotin/hyperswitch-web:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|246cae2889792b06efced1da104381372eac4d4661c5087692db1fc0925d6053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `mailhog` image has no explicit tag"}, "properties": {"repobilityId": 2559, "scanner": "repobility-docker", "fingerprint": "9a7015753854ad1e5e5b9214c4d33d8473777aad99300194000158f9eab5995d", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image reference has no tag or digest.", "evidence": {"image": "docker.io/mailhog/mailhog", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9a7015753854ad1e5e5b9214c4d33d8473777aad99300194000158f9eab5995d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `superposition-init` image uses the latest tag"}, "properties": {"repobilityId": 2558, "scanner": "repobility-docker", "fingerprint": "03331f6a8409000fd0a6e3f4d792ca99a0700877155cf497d2990f96b486264a", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|03331f6a8409000fd0a6e3f4d792ca99a0700877155cf497d2990f96b486264a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `superposition` image uses the latest tag"}, "properties": {"repobilityId": 2555, "scanner": "repobility-docker", "fingerprint": "fbca4662db4bb5f0ad28d30b2c7c07dc31e8e83d8aedd709dc2ba4e8f9d566bc", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/juspay/superposition-demo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fbca4662db4bb5f0ad28d30b2c7c07dc31e8e83d8aedd709dc2ba4e8f9d566bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2554, "scanner": "repobility-docker", "fingerprint": "50f36bc59cb47763f82c94e3da260233cbe89e586a5d692e3d15ef57f1d0b3fe", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "redis-standalone", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|50f36bc59cb47763f82c94e3da260233cbe89e586a5d692e3d15ef57f1d0b3fe", "expected_targets": ["/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `pg` image uses the latest tag"}, "properties": {"repobilityId": 2549, "scanner": "repobility-docker", "fingerprint": "68c55ff6364cfe4dd4a71e3b3f51ff37711349bbcdcba1b5ad2649ce000269f1", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/postgres:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|68c55ff6364cfe4dd4a71e3b3f51ff37711349bbcdcba1b5ad2649ce000269f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prestart-hook` image uses the latest tag"}, "properties": {"repobilityId": 2548, "scanner": "repobility-docker", "fingerprint": "0f2547cbc978c4624803710b4ff1a6932d791c9130c53387e109c2f7b4f7d183", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "docker.io/curlimages/curl-base:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0f2547cbc978c4624803710b4ff1a6932d791c9130c53387e109c2f7b4f7d183"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 2547, "scanner": "repobility-docker", "fingerprint": "e5785148b00c64c0508acf767c2b72429ee79f5bf193aef9cb2dee98a95c953f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "rust:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5785148b00c64c0508acf767c2b72429ee79f5bf193aef9cb2dee98a95c953f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 2546, "scanner": "repobility-docker", "fingerprint": "2a4d4d4e4932ef7e89c1d846bc277e7a0b7e1c3e0938b04ddf28ae923553d296", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 4 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 4, "correlation_key": "fp|2a4d4d4e4932ef7e89c1d846bc277e7a0b7e1c3e0938b04ddf28ae923553d296", "dependency_install_line": 5}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 2545, "scanner": "repobility-docker", "fingerprint": "cf916e9c04df70e923a046a4194dcd3b5f537b47a4aafd7fa6fda56ac6bf6dfb", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "rust:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cf916e9c04df70e923a046a4194dcd3b5f537b47a4aafd7fa6fda56ac6bf6dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 2544, "scanner": "repobility-docker", "fingerprint": "14349014f95f947f3ef206847ebfdc951a23ab55c64aa1680111bbb32b24facc", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|14349014f95f947f3ef206847ebfdc951a23ab55c64aa1680111bbb32b24facc", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 2543, "scanner": "repobility-docker", "fingerprint": "3373680236e349515fb5dc428508e50c23d5852efead605a6b5b14f6ca14ea79", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "rust:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3373680236e349515fb5dc428508e50c23d5852efead605a6b5b14f6ca14ea79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 2541, "scanner": "repobility-docker", "fingerprint": "79af79fcc2f0aee059e5b262fe69be37067c8b8c4d3b4ba918198ae757846b80", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 33 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 33, "correlation_key": "fp|79af79fcc2f0aee059e5b262fe69be37067c8b8c4d3b4ba918198ae757846b80", "dependency_install_line": 34}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 34}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 2538, "scanner": "repobility-docker", "fingerprint": "4a8cc253d8f771cea683754c1216b9a6c93ee0754de2a51fc9505cf223d3a3c6", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4a8cc253d8f771cea683754c1216b9a6c93ee0754de2a51fc9505cf223d3a3c6", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9a75336690131912261efa1dbf3555392c1f7783224cc111daa185393d5c792", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d9a75336690131912261efa1dbf3555392c1f7783224cc111daa185393d5c792"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payments/operations/payment_cancel_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2fefe25180980cac46eb3cd59e464cf1b4b9fe0f23a5025b54fa938166844086", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2fefe25180980cac46eb3cd59e464cf1b4b9fe0f23a5025b54fa938166844086"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/openapi/src/openapi_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcc9270d19f120f3cee79bc47a4ecf1cb897b9ac861a53d25b3fc3f705b287f8", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|bcc9270d19f120f3cee79bc47a4ecf1cb897b9ac861a53d25b3fc3f705b287f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/connector_integration_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "caa023e7d75eb8899a429b9249b2e8c975b94d5561ace8e2e501f310b3def8a1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|caa023e7d75eb8899a429b9249b2e8c975b94d5561ace8e2e501f310b3def8a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/merchant_connector_webhook_management_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 2519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "666de0eef0030743607bd7ee9f183d400e812dc52392a53db74a223087b21a5d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|666de0eef0030743607bd7ee9f183d400e812dc52392a53db74a223087b21a5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/default_implementations_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "596f0bfd32295eaecd5a0cb7e89ca8c9399b1bd2e23b1816874161bb9427fbb8", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/refunds.rs", "correlation_key": "fp|596f0bfd32295eaecd5a0cb7e89ca8c9399b1bd2e23b1816874161bb9427fbb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/refunds_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c180217bd8984d2b179a0ba7d507c9fe8126a6a422ff6e1b4ab6ffede4a5aa1", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/payouts.rs", "correlation_key": "fp|7c180217bd8984d2b179a0ba7d507c9fe8126a6a422ff6e1b4ab6ffede4a5aa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/payouts_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79e0587aee8a5b73e2058d321c8ecee27ee95a2ec0ab8b775d2eb561ed9e4501", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/payments.rs", "correlation_key": "fp|79e0587aee8a5b73e2058d321c8ecee27ee95a2ec0ab8b775d2eb561ed9e4501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/payments_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "350e7e997ed81e4917f73d29492509e2fcb6103830e187eb5a991c88d71de64a", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/merchant_connector_webhook_management.rs", "correlation_key": "fp|350e7e997ed81e4917f73d29492509e2fcb6103830e187eb5a991c88d71de64a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/merchant_connector_webhook_management_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5a83cda20d60f8d3ae1591b2dcf468aafbdef920f641702351d2c92d23d88bb", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/fraud_check.rs", "correlation_key": "fp|c5a83cda20d60f8d3ae1591b2dcf468aafbdef920f641702351d2c92d23d88bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/fraud_check_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9121c189a3bf04248e96d7b4a90834c4b1bb56f872dc3a7e0ea3d190521fba29", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/files.rs", "correlation_key": "fp|9121c189a3bf04248e96d7b4a90834c4b1bb56f872dc3a7e0ea3d190521fba29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/files_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1ab5f734f39c9438549c87d359216b20c38af0ed4b89129b6d62323ff993d55", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/disputes.rs", "correlation_key": "fp|c1ab5f734f39c9438549c87d359216b20c38af0ed4b89129b6d62323ff993d55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/disputes_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "789d045273d2571619e998a4ca96c7e28b808cb18b04fcdbba73112a67f96ede", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_interfaces/src/api/authentication.rs", "correlation_key": "fp|789d045273d2571619e998a4ca96c7e28b808cb18b04fcdbba73112a67f96ede"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/api/authentication_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f7e0b00da88dbb1d9d9a4be9005f1b907b1902053ee2adf66d37c450c2932f4", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_domain_models/src/router_data.rs", "correlation_key": "fp|9f7e0b00da88dbb1d9d9a4be9005f1b907b1902053ee2adf66d37c450c2932f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_domain_models/src/router_data_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc313e969ce7db44df3c520e761e2f1d27f472195cd0fd1e37c53f3636af873e", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/hyperswitch_connectors/src/default_implementations.rs", "correlation_key": "fp|cc313e969ce7db44df3c520e761e2f1d27f472195cd0fd1e37c53f3636af873e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/default_implementations_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49797b902606e8b518f27a1f72622acd56df4e45d5534505e261394fc90d90c3", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "crates/diesel_models/src/schema.rs", "correlation_key": "fp|49797b902606e8b518f27a1f72622acd56df4e45d5534505e261394fc90d90c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/diesel_models/src/schema_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c8cfc6ba5183e4c9535e7c8c2f35ab21ee3c8b43add6b1297dace923e15ced1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 47, "correlation_key": "fp|7c8cfc6ba5183e4c9535e7c8c2f35ab21ee3c8b43add6b1297dace923e15ced1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_funnel.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc1ca4c1a203b6de942f2f7ebca2eade3beedfbc793966d9d638366181472e0b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|dc1ca4c1a203b6de942f2f7ebca2eade3beedfbc793966d9d638366181472e0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_funnel.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24f894c7c7e765cee427e072b229907dc587e8366feee96c40eff6cc0a1bd22c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs", "duplicate_line": 18, "correlation_key": "fp|24f894c7c7e765cee427e072b229907dc587e8366feee96c40eff6cc0a1bd22c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_funnel.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e2d693b4f53180f10ab4648c26562976966c2a9755a3318f4ca3951b9eaf074", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 46, "correlation_key": "fp|2e2d693b4f53180f10ab4648c26562976966c2a9755a3318f4ca3951b9eaf074"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a84977b5a57859e9cdc7ffde66d8ce81b5e990134ae9755f7137ee2c3fae69e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 47, "correlation_key": "fp|7a84977b5a57859e9cdc7ffde66d8ce81b5e990134ae9755f7137ee2c3fae69e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35d03404a211926e14fcef05fe252765a866578b84febbc212317a9b474c4449", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|35d03404a211926e14fcef05fe252765a866578b84febbc212317a9b474c4449"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f8160749dbe2c9d25cc8cc899d2baaee1db9a140540cb20e5503b3734dbdd2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs", "duplicate_line": 18, "correlation_key": "fp|2f8160749dbe2c9d25cc8cc899d2baaee1db9a140540cb20e5503b3734dbdd2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0388273409dd44eda9ed24f0da864ceed27ebed06c1dece04b7700ca028f947", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_count.rs", "duplicate_line": 1, "correlation_key": "fp|e0388273409dd44eda9ed24f0da864ceed27ebed06c1dece04b7700ca028f947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f87dfbe2e87c240b3aec34a635f680a1de0e16135d07e62b5fa22e33651626c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 46, "correlation_key": "fp|7f87dfbe2e87c240b3aec34a635f680a1de0e16135d07e62b5fa22e33651626c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3965d5e2e4f9387fdfae60eb3afc6bca71c53e21dbab8654dc6090f9286d7b71", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 47, "correlation_key": "fp|3965d5e2e4f9387fdfae60eb3afc6bca71c53e21dbab8654dc6090f9286d7b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1c4a500e9011e4c824dd4cfb6dd5e8b4792218b8f2372a75e9537ad6134433d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|f1c4a500e9011e4c824dd4cfb6dd5e8b4792218b8f2372a75e9537ad6134433d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28f20357c47887894b3a4becf7a72904958ed6eb9dda5db408f5297c9029878d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs", "duplicate_line": 18, "correlation_key": "fp|28f20357c47887894b3a4becf7a72904958ed6eb9dda5db408f5297c9029878d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "900afbd13dc4a031b2d74700721d6b2fc6a748e405c821dc43ebfe702aa6cc31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_count.rs", "duplicate_line": 1, "correlation_key": "fp|900afbd13dc4a031b2d74700721d6b2fc6a748e405c821dc43ebfe702aa6cc31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4727b04f90e53f7e96b6fff56aab73a9edd91ff1644c224beaaafcb3ecbead34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 46, "correlation_key": "fp|4727b04f90e53f7e96b6fff56aab73a9edd91ff1644c224beaaafcb3ecbead34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_error_message.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eaca009b7f7e48f91871cc3d887262ffcd73087ac5039fde5d62a83b1cc80e55", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 48, "correlation_key": "fp|eaca009b7f7e48f91871cc3d887262ffcd73087ac5039fde5d62a83b1cc80e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_error_message.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdae64057094ec9fc34a672460c95c24603caab4dc6cec3aacd1937c4bbe0f43", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|cdae64057094ec9fc34a672460c95c24603caab4dc6cec3aacd1937c4bbe0f43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_error_message.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6df7f508ff589aa0385d37174ee11219fea8a771bec5458825234955574f68e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs", "duplicate_line": 18, "correlation_key": "fp|6df7f508ff589aa0385d37174ee11219fea8a771bec5458825234955574f68e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_error_message.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 27904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d1fea396feb49a731e54217717443961bef7f3b26ae5f0a5d7797cd6c073e887", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 46, "correlation_key": "fp|d1fea396feb49a731e54217717443961bef7f3b26ae5f0a5d7797cd6c073e887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_count.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 27891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f7e630700cf2a7ab7fbedd5edda0c34c6e6cd2047e451140f7b634dae01d9d4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9f7e630700cf2a7ab7fbedd5edda0c34c6e6cd2047e451140f7b634dae01d9d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payments/operations/payment_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 27883, "scanner": "repobility-threat-engine", "fingerprint": "4fdfe8cf9015b68867ca8a8790dd9f61a967ad436193690bf0894500580c5a25", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = t", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|18|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payment_link/payment_link_initiate/secure_payment_link_initiator.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 27882, "scanner": "repobility-threat-engine", "fingerprint": "000d416bd09366277514fb182c98e3a1efcca94dd3045626219cbcb7d80b12c1", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = a", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|971|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/payment_link/payment_link_initiate/payment_link.js"}, "region": {"startLine": 971}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 27881, "scanner": "repobility-threat-engine", "fingerprint": "c9d5c18730dd409dc916dd4181ee08076d1d100711460311fe0ed9957883b3c0", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = e", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|24|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/core/generic_link/payout_link/initiate/script.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4381, "scanner": "repobility-docker", "fingerprint": "19a887644f077ec15f738793db8f1fe0020e71ba236dd60ca0ee2f25af6fe4fa", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-demo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|19a887644f077ec15f738793db8f1fe0020e71ba236dd60ca0ee2f25af6fe4fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 522}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4379, "scanner": "repobility-docker", "fingerprint": "3ae206215b265f67089b3d36e4c1e39f6d630fd7b84a9b7ec03a1014a17db3ef", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-demo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3ae206215b265f67089b3d36e4c1e39f6d630fd7b84a9b7ec03a1014a17db3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 522}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4377, "scanner": "repobility-docker", "fingerprint": "7cf556c7690e25374b5fadde05db609ba66095aef263dd9a2cfd553788f05ea9", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7cf556c7690e25374b5fadde05db609ba66095aef263dd9a2cfd553788f05ea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 506}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4375, "scanner": "repobility-docker", "fingerprint": "6d3a2066db7e191cbdb2cfea322fc72080a32075e82eb00db26d6643a0883ca5", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6d3a2066db7e191cbdb2cfea322fc72080a32075e82eb00db26d6643a0883ca5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 506}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4364, "scanner": "repobility-docker", "fingerprint": "74faae36a1312aaebe64ed9b9c450decef176b23deadff9b5f4cd957f97a9485", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|74faae36a1312aaebe64ed9b9c450decef176b23deadff9b5f4cd957f97a9485"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4363, "scanner": "repobility-docker", "fingerprint": "9bcba48e1eac07ae3635bb9da60131a1e813d31c4dbb82ae0ef73de845be4949", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9bcba48e1eac07ae3635bb9da60131a1e813d31c4dbb82ae0ef73de845be4949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4362, "scanner": "repobility-docker", "fingerprint": "66ae43b56d8e12ca8bc5f19553c53c0d45f3b0f2437602ef5862b73e9f13c838", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|66ae43b56d8e12ca8bc5f19553c53c0d45f3b0f2437602ef5862b73e9f13c838"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 447}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4358, "scanner": "repobility-docker", "fingerprint": "e09a971f0dac8e32927c52b24d77adecc88ddb19e5c23bedbf932b508617174e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|e09a971f0dac8e32927c52b24d77adecc88ddb19e5c23bedbf932b508617174e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 413}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4355, "scanner": "repobility-docker", "fingerprint": "0ea1729392966d5435049c322a24d7db8d8cc2234f61af1137220e688fcf5feb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0ea1729392966d5435049c322a24d7db8d8cc2234f61af1137220e688fcf5feb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 402}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4351, "scanner": "repobility-docker", "fingerprint": "5f7e156384fae356e3f60bb2e9a153b02c7fb2dde868c937fb9ab363bbd11dab", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5f7e156384fae356e3f60bb2e9a153b02c7fb2dde868c937fb9ab363bbd11dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 388}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4350, "scanner": "repobility-docker", "fingerprint": "fa029e6a08305eefa26a6827e3cd30f045681a420d1cae6e38a0f304f5d8e164", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|fa029e6a08305eefa26a6827e3cd30f045681a420d1cae6e38a0f304f5d8e164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 388}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4348, "scanner": "repobility-docker", "fingerprint": "11ab3b3bc3e88a34afc7b2d3bb80aa8c00ef1672a3bd44dc63ee57686129f36a", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|11ab3b3bc3e88a34afc7b2d3bb80aa8c00ef1672a3bd44dc63ee57686129f36a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 376}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4347, "scanner": "repobility-docker", "fingerprint": "8276a462b413039a9331354e2deb2379ad1cdaca7961384b0e02db4ee988808e", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8276a462b413039a9331354e2deb2379ad1cdaca7961384b0e02db4ee988808e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 376}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4345, "scanner": "repobility-docker", "fingerprint": "8df8b86681a2c4075b3452efb98d33f6b62ab0bc9a07776e21aeda1e329d3381", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8df8b86681a2c4075b3452efb98d33f6b62ab0bc9a07776e21aeda1e329d3381"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 362}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4344, "scanner": "repobility-docker", "fingerprint": "9fac3196f0f9a2051153d832f788c7e9592598ad5b559844c18720e1a501b0fd", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9fac3196f0f9a2051153d832f788c7e9592598ad5b559844c18720e1a501b0fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 362}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4342, "scanner": "repobility-docker", "fingerprint": "b6ba075aa8eeaf6507081df2c4fe29d4256d0e887e1c8c1d53ea771602db2559", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b6ba075aa8eeaf6507081df2c4fe29d4256d0e887e1c8c1d53ea771602db2559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 350}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4341, "scanner": "repobility-docker", "fingerprint": "ce4680753a17e1c5d01c919505ddecbbc6da32bbc7c5d61a6286b517611a6096", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ce4680753a17e1c5d01c919505ddecbbc6da32bbc7c5d61a6286b517611a6096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 350}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4339, "scanner": "repobility-docker", "fingerprint": "f671908991198c42b2745b40b27df3436cb50f44ec19bce35041cc1ab9f5517e", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f671908991198c42b2745b40b27df3436cb50f44ec19bce35041cc1ab9f5517e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 333}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4338, "scanner": "repobility-docker", "fingerprint": "e5d01d652a7a85839ae46cd5e93f312bbda91178392544f9680077cab620e0a6", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e5d01d652a7a85839ae46cd5e93f312bbda91178392544f9680077cab620e0a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 333}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4336, "scanner": "repobility-docker", "fingerprint": "f6f76792bf0c2b17027a2a97504f2a7b0234129217787f8f87bf7252a6290ef4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-init", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f6f76792bf0c2b17027a2a97504f2a7b0234129217787f8f87bf7252a6290ef4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 307}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 4334, "scanner": "repobility-docker", "fingerprint": "83fc5e8e78c153fe2df31f5c43f48a9848f6712eb2349ec643b4459798be6367", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|83fc5e8e78c153fe2df31f5c43f48a9848f6712eb2349ec643b4459798be6367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4329, "scanner": "repobility-docker", "fingerprint": "bbcbf3f87e0c7e83829e3651a12778e56fdbaa6c3ff4e19a41e269910b167f32", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bbcbf3f87e0c7e83829e3651a12778e56fdbaa6c3ff4e19a41e269910b167f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 231}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4328, "scanner": "repobility-docker", "fingerprint": "6cf243c0623b502b19c12a6fe845107ea9f4751f6e577a1ed624db27c7f4c577", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6cf243c0623b502b19c12a6fe845107ea9f4751f6e577a1ed624db27c7f4c577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 231}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4326, "scanner": "repobility-docker", "fingerprint": "5c2b1646883ed203b22657629636694be0b8200198b28d599541e9ae177eb72e", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5c2b1646883ed203b22657629636694be0b8200198b28d599541e9ae177eb72e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 212}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4325, "scanner": "repobility-docker", "fingerprint": "94ce5e4667cd526eda1ac5ddd8f489c10caddf1c5d53bdcc46e2426894492502", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|94ce5e4667cd526eda1ac5ddd8f489c10caddf1c5d53bdcc46e2426894492502"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 212}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4323, "scanner": "repobility-docker", "fingerprint": "d464e40d584e19f7c120cc3d8e3ee227b5b490f4c8b6e7e77e4e6456f69a1f89", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d464e40d584e19f7c120cc3d8e3ee227b5b490f4c8b6e7e77e4e6456f69a1f89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4322, "scanner": "repobility-docker", "fingerprint": "63360fd77104a44fab350e163dc3895bc20d53d39460f0cb18d150b8907fd736", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|63360fd77104a44fab350e163dc3895bc20d53d39460f0cb18d150b8907fd736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 4321, "scanner": "repobility-docker", "fingerprint": "5842f698525a3152dee851595aad5e797773da3ace8ff48fca06c4216caed37f", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "mailhog", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5842f698525a3152dee851595aad5e797773da3ace8ff48fca06c4216caed37f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 4320, "scanner": "repobility-docker", "fingerprint": "d5481da8a516dadc04cfae329b5a3add1c45d0fe9205cfa63f64a5277e326305", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "mailhog", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d5481da8a516dadc04cfae329b5a3add1c45d0fe9205cfa63f64a5277e326305"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2654, "scanner": "repobility-docker", "fingerprint": "7240a4d0b396574b0de6f04680ae3d7a70ca2371f4637cc7392783b38fc8a6e0", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7240a4d0b396574b0de6f04680ae3d7a70ca2371f4637cc7392783b38fc8a6e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2653, "scanner": "repobility-docker", "fingerprint": "0083f16dce37b95b0246fb370b2b471dc7fb912deb2ac311f5e48c3ffead2342", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0083f16dce37b95b0246fb370b2b471dc7fb912deb2ac311f5e48c3ffead2342"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2651, "scanner": "repobility-docker", "fingerprint": "75373b8d8d80c00c4c522f1396041053cc2967e2a1e479e9df3d3bedaaf611f7", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|75373b8d8d80c00c4c522f1396041053cc2967e2a1e479e9df3d3bedaaf611f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2650, "scanner": "repobility-docker", "fingerprint": "0911ac87d346b30902e860772ea93d4132230d4edbb5ccd16613a8efec9b30e2", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0911ac87d346b30902e860772ea93d4132230d4edbb5ccd16613a8efec9b30e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2648, "scanner": "repobility-docker", "fingerprint": "1f15f7ef9aba4cdfc8b45166c1e428e1565683f5122ce1037e51a8da9c340978", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1f15f7ef9aba4cdfc8b45166c1e428e1565683f5122ce1037e51a8da9c340978"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2647, "scanner": "repobility-docker", "fingerprint": "a4dc5061f80190e19388a5a4c6f2705e51d1ed8cbd12627395f1773df62a8a99", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a4dc5061f80190e19388a5a4c6f2705e51d1ed8cbd12627395f1773df62a8a99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2645, "scanner": "repobility-docker", "fingerprint": "4b79afa4d4a592c7a25ab71caea9eff8efaede9061585c0d9791173d03d96df6", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4b79afa4d4a592c7a25ab71caea9eff8efaede9061585c0d9791173d03d96df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2644, "scanner": "repobility-docker", "fingerprint": "5732c5417f4770176cb9ff00e2217f04c679cb53d2bb797ef693ae2142df6cdf", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5732c5417f4770176cb9ff00e2217f04c679cb53d2bb797ef693ae2142df6cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2642, "scanner": "repobility-docker", "fingerprint": "d17814378e9fe0666da6066c04762c0a64426a3e87568d442a0826d7560fbe00", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d17814378e9fe0666da6066c04762c0a64426a3e87568d442a0826d7560fbe00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2641, "scanner": "repobility-docker", "fingerprint": "b993f5d3aef76161789acec3ba0d003bfdca8ccff0582db1b0c1fa1d930d9034", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b993f5d3aef76161789acec3ba0d003bfdca8ccff0582db1b0c1fa1d930d9034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "monitoring/docker-compose.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2638, "scanner": "repobility-docker", "fingerprint": "48ed8cc4834a443152c4c150802bdbb34e51f394816ee09ca270efaee6a4e700", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|48ed8cc4834a443152c4c150802bdbb34e51f394816ee09ca270efaee6a4e700"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 113}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2637, "scanner": "repobility-docker", "fingerprint": "6979c531c81b3b5d45990967e1e5538c1ffbaf43b6f5f5ea05b1e5768f371980", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6979c531c81b3b5d45990967e1e5538c1ffbaf43b6f5f5ea05b1e5768f371980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 113}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 2630, "scanner": "repobility-docker", "fingerprint": "0c569b4608799fd1fe8df1d7ca80097ffcd3ffcd04d8027600010930f111cfcd", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "router-server", "dependency": "redis-queue", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0c569b4608799fd1fe8df1d7ca80097ffcd3ffcd04d8027600010930f111cfcd", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2629, "scanner": "repobility-docker", "fingerprint": "4cd38717ede22d3304d88e28ee33cd3b835a1d889228652fccd0f5d4e49c4540", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "router-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4cd38717ede22d3304d88e28ee33cd3b835a1d889228652fccd0f5d4e49c4540"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2628, "scanner": "repobility-docker", "fingerprint": "cce6033581c9eedddab57d6ab00d832760cc562458ec785d94b2f2539894a525", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "router-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cce6033581c9eedddab57d6ab00d832760cc562458ec785d94b2f2539894a525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2627, "scanner": "repobility-docker", "fingerprint": "69b2ad35eda70fd631bca4cb5650ca00729ba4996a06ad02cb728ca041258b5d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-queue", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|69b2ad35eda70fd631bca4cb5650ca00729ba4996a06ad02cb728ca041258b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2621, "scanner": "repobility-docker", "fingerprint": "78287180ff3f434b497e8204d603ea906202074dcbc1eb82fd9ab5ee946a6683", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-demo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|78287180ff3f434b497e8204d603ea906202074dcbc1eb82fd9ab5ee946a6683"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 518}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2619, "scanner": "repobility-docker", "fingerprint": "7d80a7207d56180a3bdb174de99dd698bf796b075031aa2dd0a9440fc00d03cd", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-demo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7d80a7207d56180a3bdb174de99dd698bf796b075031aa2dd0a9440fc00d03cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 518}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2617, "scanner": "repobility-docker", "fingerprint": "1a6a3dcbe029d448559d50bd9d806992343604ef67246412188fb515c4a076b3", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1a6a3dcbe029d448559d50bd9d806992343604ef67246412188fb515c4a076b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 502}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2615, "scanner": "repobility-docker", "fingerprint": "d1ebea22882fd8e7a1cde21a24125c99a55e9074cef4e666ea3bb7e51c470f89", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d1ebea22882fd8e7a1cde21a24125c99a55e9074cef4e666ea3bb7e51c470f89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 502}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2604, "scanner": "repobility-docker", "fingerprint": "40349eab348623d116c25b602658c0434fda91daa0a8d734d82a62a9aa07d0de", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|40349eab348623d116c25b602658c0434fda91daa0a8d734d82a62a9aa07d0de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2603, "scanner": "repobility-docker", "fingerprint": "2ff9485698091bdfb3c0af505b2014b1c539f90da8ae31fcfb04d8f949f95de1", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2ff9485698091bdfb3c0af505b2014b1c539f90da8ae31fcfb04d8f949f95de1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2602, "scanner": "repobility-docker", "fingerprint": "d7ef5b45bc3c386c6a6f8c7ab4d023cc10c7971782f100aba20baa3f963c2902", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|d7ef5b45bc3c386c6a6f8c7ab4d023cc10c7971782f100aba20baa3f963c2902"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2598, "scanner": "repobility-docker", "fingerprint": "dafb6473a9414920c618bf71a6c7b2e3bfe2ca6820dbdcbcd64a2dd5e183cf42", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|dafb6473a9414920c618bf71a6c7b2e3bfe2ca6820dbdcbcd64a2dd5e183cf42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 409}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2595, "scanner": "repobility-docker", "fingerprint": "0dabd01297db4f5ad67100b7dbcdfff9508ccffa5511dcefe1581f52efb61099", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0dabd01297db4f5ad67100b7dbcdfff9508ccffa5511dcefe1581f52efb61099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 398}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2591, "scanner": "repobility-docker", "fingerprint": "322c7303c84888061b86ce3076f6fe473ca0ded20f0767535b35b7b3fcce31f8", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|322c7303c84888061b86ce3076f6fe473ca0ded20f0767535b35b7b3fcce31f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 384}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2590, "scanner": "repobility-docker", "fingerprint": "818bf4914479524167bbf03d46d781c6f59f948bc8ba9455c80de5c714cf9ed4", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|818bf4914479524167bbf03d46d781c6f59f948bc8ba9455c80de5c714cf9ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 384}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2588, "scanner": "repobility-docker", "fingerprint": "de9d8f540b049dd3846888e2349a3ba3e95bf27acba5b0d5b11a2f68857a8382", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|de9d8f540b049dd3846888e2349a3ba3e95bf27acba5b0d5b11a2f68857a8382"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 372}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2587, "scanner": "repobility-docker", "fingerprint": "8170c295be5ba0cfd820a99945d94d5233d0de014164b05c8686175f7feaa76f", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8170c295be5ba0cfd820a99945d94d5233d0de014164b05c8686175f7feaa76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 372}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2585, "scanner": "repobility-docker", "fingerprint": "ea31ead57865e848a44fc56771edc453c499475df70452b9e66bccd28ad8ba42", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ea31ead57865e848a44fc56771edc453c499475df70452b9e66bccd28ad8ba42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 358}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2584, "scanner": "repobility-docker", "fingerprint": "5dcf3cf4d21adeee88c3d5a3cd2ddb33ff5de448eedc5d1710d6d3fec09b746d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "otel-collector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5dcf3cf4d21adeee88c3d5a3cd2ddb33ff5de448eedc5d1710d6d3fec09b746d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 358}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2582, "scanner": "repobility-docker", "fingerprint": "2e2eb252a7644659645797f2f60e9e7613917da28b0f08fb32b62b35eb0637f9", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2e2eb252a7644659645797f2f60e9e7613917da28b0f08fb32b62b35eb0637f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 346}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2581, "scanner": "repobility-docker", "fingerprint": "6bcb928e44d1c5549f3a3dca12768259bd31b85811e88cdec7e8290f5595e2f4", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6bcb928e44d1c5549f3a3dca12768259bd31b85811e88cdec7e8290f5595e2f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 346}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2579, "scanner": "repobility-docker", "fingerprint": "3d8c19a9727d1d8284cd5e5f14f8edaf3f0a23f3e55bd039a1f9fa4b25afd277", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3d8c19a9727d1d8284cd5e5f14f8edaf3f0a23f3e55bd039a1f9fa4b25afd277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 329}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2578, "scanner": "repobility-docker", "fingerprint": "1cdeab1b7f79a8fde56761aa57bf2a0ccfc6863b0f0774ea5b39fed6c8409dcf", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1cdeab1b7f79a8fde56761aa57bf2a0ccfc6863b0f0774ea5b39fed6c8409dcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 329}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2576, "scanner": "repobility-docker", "fingerprint": "ec3950a7c9e6f21e3111ffa6f2749b64df33467a4a9c44b95a64a62fabd3f893", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-init", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|ec3950a7c9e6f21e3111ffa6f2749b64df33467a4a9c44b95a64a62fabd3f893"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 303}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2574, "scanner": "repobility-docker", "fingerprint": "2a1e1ec2ebbdbcf4c3778eecf1cfc5cece783248139b292fe4c33d9e37444220", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|2a1e1ec2ebbdbcf4c3778eecf1cfc5cece783248139b292fe4c33d9e37444220"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 288}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2569, "scanner": "repobility-docker", "fingerprint": "73210a16ad9b6331f2527d47e78b4502ae2b6ac0730cbafa142dcc29669aabfa", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|73210a16ad9b6331f2527d47e78b4502ae2b6ac0730cbafa142dcc29669aabfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 227}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2568, "scanner": "repobility-docker", "fingerprint": "296a0070ab02921875f68f244933b09d4a9c5009677e488d7f84c9cd550fc43c", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|296a0070ab02921875f68f244933b09d4a9c5009677e488d7f84c9cd550fc43c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 227}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2566, "scanner": "repobility-docker", "fingerprint": "1b6efc3c8b47c09ff2f0fff969c3fa75801d16e0cecc55c43365d3d8045e7c02", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1b6efc3c8b47c09ff2f0fff969c3fa75801d16e0cecc55c43365d3d8045e7c02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2565, "scanner": "repobility-docker", "fingerprint": "740cbb335ce84f2267119931a6590b27f7adfe2a8683e998110e3282a74b52d3", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|740cbb335ce84f2267119931a6590b27f7adfe2a8683e998110e3282a74b52d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2563, "scanner": "repobility-docker", "fingerprint": "9b07ca9e8f711895961e8694f84e074eeb93224f94183a239ef6d116ea3598c9", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "hyperswitch-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9b07ca9e8f711895961e8694f84e074eeb93224f94183a239ef6d116ea3598c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2562, "scanner": "repobility-docker", "fingerprint": "9f650d2bffdd2ab2b4915b349fc51eeb3411d86594be28efcb0df02820bad8c1", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hyperswitch-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9f650d2bffdd2ab2b4915b349fc51eeb3411d86594be28efcb0df02820bad8c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2561, "scanner": "repobility-docker", "fingerprint": "9b58d62704141ca4ec89e264817a05bb74e7f7e9ffd735c3d4eb3845c5b114fc", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "mailhog", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9b58d62704141ca4ec89e264817a05bb74e7f7e9ffd735c3d4eb3845c5b114fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2560, "scanner": "repobility-docker", "fingerprint": "be12f43183797ccc4d996a93e043b679e16a033965ae619838925d96863f8d37", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "mailhog", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|be12f43183797ccc4d996a93e043b679e16a033965ae619838925d96863f8d37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 2557, "scanner": "repobility-docker", "fingerprint": "7d0f06cc3a816410f4c9381104d3b50756e0e5ace8eba5b6941dc9a5f1cdd154", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "superposition", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7d0f06cc3a816410f4c9381104d3b50756e0e5ace8eba5b6941dc9a5f1cdd154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2556, "scanner": "repobility-docker", "fingerprint": "376bd31fed3f93e56d6d45bbab335b92073357fc3020372840096253a8677710", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "superposition", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|376bd31fed3f93e56d6d45bbab335b92073357fc3020372840096253a8677710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 2542, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 2540, "scanner": "repobility-docker", "fingerprint": "8cb65260be6d0ed32c8b59d9513c6f5ee52600271c4573994eb4b0a51d3226cb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8cb65260be6d0ed32c8b59d9513c6f5ee52600271c4573994eb4b0a51d3226cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 2539, "scanner": "repobility-docker", "fingerprint": "6a686da7a670f7f583a7b818f8060dc72d227206667bde0e1aac36bbd336342e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6a686da7a670f7f583a7b818f8060dc72d227206667bde0e1aac36bbd336342e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 2537, "scanner": "repobility-docker", "fingerprint": "580c5e0652ac8b5bface2cb49a9cb00187ad4ed928d711fcdf7c1598408be24c", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|580c5e0652ac8b5bface2cb49a9cb00187ad4ed928d711fcdf7c1598408be24c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 2536, "scanner": "repobility-docker", "fingerprint": "856b68d9ec35c097065e508a6c629556126ef8ff177e97fcc1951d487fdfda9e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|856b68d9ec35c097065e508a6c629556126ef8ff177e97fcc1951d487fdfda9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d4ee55bfa65ac1e4bfaa939b0e04826ced3cb8b95cd770b328416f05a8e1de5a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 47, "correlation_key": "fp|d4ee55bfa65ac1e4bfaa939b0e04826ced3cb8b95cd770b328416f05a8e1de5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_count.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2534, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24cbc0c8a10ea05e7f749766b609960a25767265e6f336d42b5411b8a85a0539", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|24cbc0c8a10ea05e7f749766b609960a25767265e6f336d42b5411b8a85a0539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_count.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2533, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16ea4b3dbad98d8fa806b81d3366f4d362929784b0e0c6012bbe6bd9dca08240", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs", "duplicate_line": 18, "correlation_key": "fp|16ea4b3dbad98d8fa806b81d3366f4d362929784b0e0c6012bbe6bd9dca08240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_count.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d0642c7e099677ffdff747bae9c89399eb99709e156463c4ffd99e8ef3b270f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 46, "correlation_key": "fp|d0642c7e099677ffdff747bae9c89399eb99709e156463c4ffd99e8ef3b270f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e25c3d03ba379eea6a83ab047cbc7db909454e232dd657d69241e15beae8b2c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 47, "correlation_key": "fp|e25c3d03ba379eea6a83ab047cbc7db909454e232dd657d69241e15beae8b2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e845aeaa6d8d85977577f8350a1300e15f61993d99b3c1997eae1897f7571db", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/metrics.rs", "duplicate_line": 90, "correlation_key": "fp|9e845aeaa6d8d85977577f8350a1300e15f61993d99b3c1997eae1897f7571db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "22260f8c08525b7efcb4edb2ed3a45e965c700b0434c0ad18a5bbc3f63c29fd4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/auth_events/filters.rs", "duplicate_line": 56, "correlation_key": "fp|22260f8c08525b7efcb4edb2ed3a45e965c700b0434c0ad18a5bbc3f63c29fd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/metrics.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab8e6e727e617129a3fd7d6f0974b151199db652f6fe537e4e88c88b8c37988d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/active_payments/core.rs", "duplicate_line": 37, "correlation_key": "fp|ab8e6e727e617129a3fd7d6f0974b151199db652f6fe537e4e88c88b8c37988d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/auth_events/core.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff8fec5b7e16e8cf636436d25604ecfc15dc782b6d7c601d8d20e17dd1ba72c4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/latency.rs", "duplicate_line": 48, "correlation_key": "fp|ff8fec5b7e16e8cf636436d25604ecfc15dc782b6d7c601d8d20e17dd1ba72c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/api_event/metrics/status_code_count.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5f81da2cbd7ff44a6618e09f3766b1f8ad13d0fe79276a7928b0fe7c5950cda", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 1, "correlation_key": "fp|a5f81da2cbd7ff44a6618e09f3766b1f8ad13d0fe79276a7928b0fe7c5950cda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/api_event/metrics/status_code_count.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "155ba6384d15e4e12806787ad26f325203103c62305abaf5a67bc3a4ed103147", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/api_event/metrics/api_count.rs", "duplicate_line": 16, "correlation_key": "fp|155ba6384d15e4e12806787ad26f325203103c62305abaf5a67bc3a4ed103147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/api_event/metrics/latency.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6b66aa7baea0e6f5c990c0ec2ce120649ab9ff82a9360c89e57ffdc6c9d5462", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/analytics/src/active_payments/metrics.rs", "duplicate_line": 37, "correlation_key": "fp|b6b66aa7baea0e6f5c990c0ec2ce120649ab9ff82a9360c89e57ffdc6c9d5462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/active_payments/metrics/active_payments.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 2510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d333571897d76a71d0f892e09e744e231f57a86be306d188721f9094bfaae62", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1d333571897d76a71d0f892e09e744e231f57a86be306d188721f9094bfaae62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_interfaces/src/connector_integration_v2.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC022", "level": "note", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 2132, "scanner": "repobility-threat-engine", "fingerprint": "85ebf8d85f5613cc0188f3ac413f4b9ce3078dfd45c918f573373dabfb99c12f", "category": "credential_exposure", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value contains development/placeholder marker", "evidence": {"match": "postgres://postgres:postgres@", "reason": "Value contains development/placeholder marker", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "secret|token|4|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 1321, "scanner": "repobility", "fingerprint": "6c886dc1d5ca17589dcda0a5ed1ee049af00e9ebfc8a60748a19f09af0a0154e", "category": "injection", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/router/src/routes/dummy_connector/utils.rs"}, "region": {"startLine": 131}}}]}, {"ruleId": "CFG002", "level": "note", "message": {"text": "[CFG002] Docker Uses :latest Tag: Using :latest tag makes builds non-reproducible."}, "properties": {"repobilityId": 1320, "scanner": "repobility", "fingerprint": "ccd425cd90c4a035708ad2a5ebb2341018095b32d66d2233f08027ee5324a996", "category": "docker", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "CFG003", "level": "note", "message": {"text": "[CFG003] Docker COPY Everything: Copying entire directory may include secrets and build artifacts."}, "properties": {"repobilityId": 1319, "scanner": "repobility", "fingerprint": "456f5c8e901c8aa9b5c8d0b5728229005456e38ba69e48eee63e4df667a87a52", "category": "docker", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "CFG003", "level": "note", "message": {"text": "[CFG003] Docker COPY Everything: Copying entire directory may include secrets and build artifacts."}, "properties": {"repobilityId": 1318, "scanner": "repobility", "fingerprint": "332a9b60b581708ac1c82e9fec70007a7f2909e43df269e67c6366795cd89ece", "category": "docker", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 27885, "scanner": "repobility-threat-engine", "fingerprint": "86ce8a676e2ba2ef425d2f2341cdfcdef7636fadcaf853131f239696424a6922", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|loadtest/k6/helper/misc.js|2|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/k6/helper/misc.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC006", "level": "none", "message": {"text": "[SEC006] XSS Risk (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 27884, "scanner": "repobility-threat-engine", "fingerprint": "d62afa18f06a325cee859bfc8963ff1f72b12cc2df69d78422fa7b9f881be030", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d62afa18f06a325cee859bfc8963ff1f72b12cc2df69d78422fa7b9f881be030"}}}, {"ruleId": "SEC035", "level": "none", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 27879, "scanner": "repobility-threat-engine", "fingerprint": "32181899fd70cd79eccb1f3d4a885720d5ff57f2275fc23a5edfd09bced21cc3", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|32181899fd70cd79eccb1f3d4a885720d5ff57f2275fc23a5edfd09bced21cc3"}}}, {"ruleId": "SEC022", "level": "none", "message": {"text": "[SEC022] Database URL With Embedded Credential (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 27873, "scanner": "repobility-threat-engine", "fingerprint": "ec9b3a827cd4f689de9428c0dcc547014bed588aa82416f76a37f2d7d6f0c83f", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ec9b3a827cd4f689de9428c0dcc547014bed588aa82416f76a37f2d7d6f0c83f"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 189 more): Same pattern found in 189 additional files. Review if needed."}, "properties": {"repobilityId": 27869, "scanner": "repobility-threat-engine", "fingerprint": "4f1bfb73b469cd1baed74cc43d8004a2a54b805e75d8dd2825cdf04d2103202a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 189 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 189 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4f1bfb73b469cd1baed74cc43d8004a2a54b805e75d8dd2825cdf04d2103202a"}}}, {"ruleId": "SEC030", "level": "error", "message": {"text": "[SEC030] Open Redirect \u2014 user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs that appear to come from your domain but land on attacker-controlled pages \u2014 common in OAuth callback flows, post-login redirects, and `next=` parameters. CWE-601."}, "properties": {"repobilityId": 27880, "scanner": "repobility-threat-engine", "fingerprint": "fa8032a5095f1185d4ff23e959c05ded4fa28bd06f7cd7ad9024d44f8fd278d4", "category": "open_redirect", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Redirect(redirect)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC030", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fa8032a5095f1185d4ff23e959c05ded4fa28bd06f7cd7ad9024d44f8fd278d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/connectors/nuvei/transformers.rs"}, "region": {"startLine": 1129}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 27878, "scanner": "repobility-threat-engine", "fingerprint": "d0ba749bdd0710bb1e97653ad9593d33d437bf61b28bbdc35fe757c2884b68f9", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0ba749bdd0710bb1e97653ad9593d33d437bf61b28bbdc35fe757c2884b68f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/connectors/mollie.rs"}, "region": {"startLine": 868}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 27877, "scanner": "repobility-threat-engine", "fingerprint": "f9d48b494ad34189f371196347615d6b8537638a84b6b9061408fec73b3b5eb4", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f9d48b494ad34189f371196347615d6b8537638a84b6b9061408fec73b3b5eb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/connectors/checkout/transformers.rs"}, "region": {"startLine": 2185}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 27876, "scanner": "repobility-threat-engine", "fingerprint": "98f0d63337e92c8d1e790fd5c3a57707e6f2cab22818f8c48a9ad2b748eb346d", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|98f0d63337e92c8d1e790fd5c3a57707e6f2cab22818f8c48a9ad2b748eb346d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/connectors/bluesnap.rs"}, "region": {"startLine": 1136}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27868, "scanner": "repobility-threat-engine", "fingerprint": "f64646caa186d00a1282fa16c8f5ac891b76f9e0fea76aacbda1fec1418c576c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f64646caa186d00a1282fa16c8f5ac891b76f9e0fea76aacbda1fec1418c576c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/sqlx.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27867, "scanner": "repobility-threat-engine", "fingerprint": "e1362341308921df8cc0569cdfab7f96c916e934095d313ffa51bad9a9aa8157", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1362341308921df8cc0569cdfab7f96c916e934095d313ffa51bad9a9aa8157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/errors.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27866, "scanner": "repobility-threat-engine", "fingerprint": "9a70f400b7f9c9cc6ca1ece6b09f2a177e06d6d1698ae2b5d99d5e444f40b58a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n                    s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a70f400b7f9c9cc6ca1ece6b09f2a177e06d6d1698ae2b5d99d5e444f40b58a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "connector-template/mod.rs"}, "region": {"startLine": 262}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4373, "scanner": "repobility-docker", "fingerprint": "3786d743a96c71cb331c854b48e585e75622b5475429d581ef53b4fd49fcdb2d", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|3786d743a96c71cb331c854b48e585e75622b5475429d581ef53b4fd49fcdb2d", "expected_targets": ["/usr/share/opensearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 495}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4372, "scanner": "repobility-docker", "fingerprint": "aa1d5a67a1c838b97fa7b0f02ddcffa32b31841ec915314ca4de8c1865e37fc0", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5601:5601", "target": "5601", "host_ip": "", "published": "5601"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|aa1d5a67a1c838b97fa7b0f02ddcffa32b31841ec915314ca4de8c1865e37fc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 495}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4370, "scanner": "repobility-docker", "fingerprint": "ff9af2a2418d9a08e8a4424885c80d4268344e3b1d4b08e1ec4a98f8fb07fd8c", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|ff9af2a2418d9a08e8a4424885c80d4268344e3b1d4b08e1ec4a98f8fb07fd8c", "expected_targets": ["/usr/share/opensearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 480}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4369, "scanner": "repobility-docker", "fingerprint": "b603fbe0a7c2dd5671f232552d4c63c7d0f68b065120229517599e56b422591e", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9200:9200", "target": "9200", "host_ip": "", "published": "9200"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|b603fbe0a7c2dd5671f232552d4c63c7d0f68b065120229517599e56b422591e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 480}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 4366, "scanner": "repobility-docker", "fingerprint": "c3c311b15c11d11984b0d139a8bbca7120deddaf5677a6194484382dace03cc4", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|c3c311b15c11d11984b0d139a8bbca7120deddaf5677a6194484382dace03cc4", "expected_targets": ["/var/lib/clickhouse"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4365, "scanner": "repobility-docker", "fingerprint": "0ea52d9f4d1462069b915fbcf7962361d7c7b3162c28c1c3ad630c3690f378fc", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9000", "target": "9000", "host_ip": "", "published": ""}, {"raw": "8123:8123", "target": "8123", "host_ip": "", "published": "8123"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|0ea52d9f4d1462069b915fbcf7962361d7c7b3162c28c1c3ad630c3690f378fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 462}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4360, "scanner": "repobility-docker", "fingerprint": "f437b08727f5fbb3b111a739000b44794b62231d5d90c9ea3de3666b99cf1364", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8090:8080", "target": "8080", "host_ip": "", "published": "8090"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|f437b08727f5fbb3b111a739000b44794b62231d5d90c9ea3de3666b99cf1364"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 447}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4356, "scanner": "repobility-docker", "fingerprint": "2d13378633a2195f0f95e1a2fa9d8a3b54cc5ca4950fe4f80aa9f8e2dc66afe6", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9092:9092", "target": "9092", "host_ip": "", "published": "9092"}, {"raw": "9093", "target": "9093", "host_ip": "", "published": ""}, {"raw": "9997", "target": "9997", "host_ip": "", "published": ""}, {"raw": "29092", "target": "29092", "host_ip": "", "published": ""}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|2d13378633a2195f0f95e1a2fa9d8a3b54cc5ca4950fe4f80aa9f8e2dc66afe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 413}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4353, "scanner": "repobility-docker", "fingerprint": "ce1fe56faa36eb42a9398ac72b1684494b7e6f4658729413ce89d2749063d6a6", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8001:8001", "target": "8001", "host_ip": "", "published": "8001"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|ce1fe56faa36eb42a9398ac72b1684494b7e6f4658729413ce89d2749063d6a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 402}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 4332, "scanner": "repobility-docker", "fingerprint": "ab067161c53ea9499fe08f1dad55a4decc138f78b80c9a9fb8be089ea3c67697", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "6379", "target": "6379", "host_ip": "", "published": ""}, {"raw": "16379", "target": "16379", "host_ip": "", "published": ""}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|ab067161c53ea9499fe08f1dad55a4decc138f78b80c9a9fb8be089ea3c67697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2632, "scanner": "repobility-docker", "fingerprint": "ced212749cd4a9e908b1f17f1ff7e4e53d4886de1fb5c420a74fb181f51dbacd", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "influxdb", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|ced212749cd4a9e908b1f17f1ff7e4e53d4886de1fb5c420a74fb181f51dbacd", "expected_targets": ["/var/lib/influxdb", "/var/lib/influxdb2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 89}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2624, "scanner": "repobility-docker", "fingerprint": "853e0bc31560b282279c6584b70a2a1266e1f7a4c5e92d7559d9b8311277d8c8", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|853e0bc31560b282279c6584b70a2a1266e1f7a4c5e92d7559d9b8311277d8c8", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2613, "scanner": "repobility-docker", "fingerprint": "b769b85b01825346fb1a0585ec5f311e9867169ba21288dfaf85aef08c0b3bee", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|b769b85b01825346fb1a0585ec5f311e9867169ba21288dfaf85aef08c0b3bee", "expected_targets": ["/usr/share/opensearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 491}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2612, "scanner": "repobility-docker", "fingerprint": "0961b2dcf17484b49109699a461470ad4fd6e8d350de0eb2a7fd0773c49ac2bb", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5601:5601", "target": "5601", "host_ip": "", "published": "5601"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "opensearch-dashboards", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|0961b2dcf17484b49109699a461470ad4fd6e8d350de0eb2a7fd0773c49ac2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 491}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2610, "scanner": "repobility-docker", "fingerprint": "ddc9c17da8d127a62c17ad10ae3f32ffa7861e3a71d8547083eaab2ddc6b2922", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|ddc9c17da8d127a62c17ad10ae3f32ffa7861e3a71d8547083eaab2ddc6b2922", "expected_targets": ["/usr/share/opensearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 476}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2609, "scanner": "repobility-docker", "fingerprint": "2621c36368d23426d55df4b8e9dfd132c6586666951e99308022bf78ac9c52f6", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9200:9200", "target": "9200", "host_ip": "", "published": "9200"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|2621c36368d23426d55df4b8e9dfd132c6586666951e99308022bf78ac9c52f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 476}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2606, "scanner": "repobility-docker", "fingerprint": "3a9b82ec5236ecd6c7af0c85e9a011d643ed3549d4343f796b516a7c114b54fa", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|3a9b82ec5236ecd6c7af0c85e9a011d643ed3549d4343f796b516a7c114b54fa", "expected_targets": ["/var/lib/clickhouse"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2605, "scanner": "repobility-docker", "fingerprint": "feda840ef6565c6382460f3859b1472889f0da5ee653c103e66239c60cf56a23", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9000", "target": "9000", "host_ip": "", "published": ""}, {"raw": "8123:8123", "target": "8123", "host_ip": "", "published": "8123"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "clickhouse-server", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|feda840ef6565c6382460f3859b1472889f0da5ee653c103e66239c60cf56a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2600, "scanner": "repobility-docker", "fingerprint": "814be989f3d1a457b95dc1fa1a95b513c8737cde292707811bca7727c7a95669", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8090:8080", "target": "8080", "host_ip": "", "published": "8090"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "kafka-ui", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|814be989f3d1a457b95dc1fa1a95b513c8737cde292707811bca7727c7a95669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2596, "scanner": "repobility-docker", "fingerprint": "e880f8448b193e8f6f6d2e995a288785235c927a629b5bfdd09385d2439ac359", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9092:9092", "target": "9092", "host_ip": "", "published": "9092"}, {"raw": "9093", "target": "9093", "host_ip": "", "published": ""}, {"raw": "9997", "target": "9997", "host_ip": "", "published": ""}, {"raw": "29092", "target": "29092", "host_ip": "", "published": ""}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "kafka0", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|e880f8448b193e8f6f6d2e995a288785235c927a629b5bfdd09385d2439ac359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 409}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2593, "scanner": "repobility-docker", "fingerprint": "ec405abcf3c138692148210af66f03eac4f51072e8b69e3d700fb379a45d1f90", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8001:8001", "target": "8001", "host_ip": "", "published": "8001"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-insight", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|ec405abcf3c138692148210af66f03eac4f51072e8b69e3d700fb379a45d1f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 398}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2572, "scanner": "repobility-docker", "fingerprint": "b6ab49cd4852b3cebcc30e38cba88f301779bde84b3d903eb0eae4d549e4954d", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "6379", "target": "6379", "host_ip": "", "published": ""}, {"raw": "16379", "target": "16379", "host_ip": "", "published": ""}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-cluster", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|b6ab49cd4852b3cebcc30e38cba88f301779bde84b3d903eb0eae4d549e4954d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 288}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2553, "scanner": "repobility-docker", "fingerprint": "7dd9ec4001d5cb516da61384a674fd65e8727094bb3ac6467153edf7a84340a2", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "6379:6379", "target": "6379", "host_ip": "", "published": "6379"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis-standalone", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|7dd9ec4001d5cb516da61384a674fd65e8727094bb3ac6467153edf7a84340a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 2552, "scanner": "repobility-docker", "fingerprint": "ba7dfeef99bf458ce76d0d6a1d7a7a57d39904e7275cab603dcf70072c5f6c6f", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "pg", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|ba7dfeef99bf458ce76d0d6a1d7a7a57d39904e7275cab603dcf70072c5f6c6f", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 2551, "scanner": "repobility-docker", "fingerprint": "e3cdd0b1749491dc7bb0a5cc3ad3d60e1f244983489177b3578417c96047fd70", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "pg", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|e3cdd0b1749491dc7bb0a5cc3ad3d60e1f244983489177b3578417c96047fd70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC010", "level": "error", "message": {"text": "[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code."}, "properties": {"repobilityId": 27875, "scanner": "repobility-threat-engine", "fingerprint": "90ce3e9969637a3432d2dcf9143b44643865a8d0e7c010fb34e255753b3871fe", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "akiaStatesAbbreviati", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC010", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|akiastatesabbreviati", "duplicate_count": 1, "duplicate_rule_ids": ["SEC002", "SEC010"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["90ce3e9969637a3432d2dcf9143b44643865a8d0e7c010fb34e255753b3871fe", "ab43242a981118b2b9e71f61923f9e6c511499ce49d91536a2cb8ac8009687d5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hyperswitch_connectors/src/utils.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC010", "level": "error", "message": {"text": "[SEC010] Cloud Provider Token: Cloud provider or SaaS API token found in source code."}, "properties": {"repobilityId": 27874, "scanner": "repobility-threat-engine", "fingerprint": "53b513910e1fc638dd6f8639c7c07d204522049279dede1052ccf12c873c105e", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "akiaiDistrictMunicip", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC010", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|656|akiaidistrictmunicip", "duplicate_count": 1, "duplicate_rule_ids": ["SEC002", "SEC010"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["24c8f455dae73dc9becb3eaaf90cd19700ac5db024d5b9332a0abe0c7e717d8b", "53b513910e1fc638dd6f8639c7c07d204522049279dede1052ccf12c873c105e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/common_enums/src/enums.rs"}, "region": {"startLine": 6565}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27872, "scanner": "repobility-threat-engine", "fingerprint": "5615abea91c20030de4f3ffb6d533b1bba8fb4d89bed891bfa8df95f44f59564", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://{}:{}@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|2|postgres:// :"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/hsdev/src/input_file.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27871, "scanner": "repobility-threat-engine", "fingerprint": "4b722868b0f7d6253246f43d45ca4ef41b9dfb78940ed8f1316b226d716c39a0", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://{}:{}@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|32|postgres:// :"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/common_utils/src/lib.rs"}, "region": {"startLine": 324}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27870, "scanner": "repobility-threat-engine", "fingerprint": "eac05e41923e37a21efde6424cf1158836e225d02628befa6b89891b37056ea6", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://{}:{}@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|4|postgres:// :"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/analytics/src/sqlx.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 4380, "scanner": "repobility-docker", "fingerprint": "8455aa4892303e6f508c0e949dbba207bd79b2e0e8d49bbf1ee74a5f2f0eddda", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "hyperswitch-demo", "variable": "HYPERSWITCH_SECRET_KEY", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|8455aa4892303e6f508c0e949dbba207bd79b2e0e8d49bbf1ee74a5f2f0eddda", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 522}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 4376, "scanner": "repobility-docker", "fingerprint": "20c59e928e9e71234cf26807d45bf5f459a2229fcf40c23ed5bfb36b1abcaeb2", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|20c59e928e9e71234cf26807d45bf5f459a2229fcf40c23ed5bfb36b1abcaeb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 506}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 4368, "scanner": "repobility-docker", "fingerprint": "e29a171fb64fb61320ad9d20d539e0a2cbfcf2123287af715314671f3a2dedc8", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "opensearch", "variable": "OPENSEARCH_INITIAL_ADMIN_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|e29a171fb64fb61320ad9d20d539e0a2cbfcf2123287af715314671f3a2dedc8", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 480}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 2623, "scanner": "repobility-docker", "fingerprint": "eabc60a3445b4e0b717931de1c48dd3a579cd3f40b18301401d0892ab9d3aaac", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "db", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|eabc60a3445b4e0b717931de1c48dd3a579cd3f40b18301401d0892ab9d3aaac", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "loadtest/docker-compose.yaml"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 2620, "scanner": "repobility-docker", "fingerprint": "89d0002af176ededd838d041d806602c643ebca368159969dbcb1067f6ee7065", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "hyperswitch-demo", "variable": "HYPERSWITCH_SECRET_KEY", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|89d0002af176ededd838d041d806602c643ebca368159969dbcb1067f6ee7065", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 518}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 2616, "scanner": "repobility-docker", "fingerprint": "482baedcd28498fa6e82e4b62144110383bb574837d17e4574392b99db4d3b74", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "vector", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|482baedcd28498fa6e82e4b62144110383bb574837d17e4574392b99db4d3b74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 502}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 2608, "scanner": "repobility-docker", "fingerprint": "3eb4cf2915bc5aa5c2e2b835f300d8a0d14ee0d45d49b389ced6ec10164b1359", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "opensearch", "variable": "OPENSEARCH_INITIAL_ADMIN_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|3eb4cf2915bc5aa5c2e2b835f300d8a0d14ee0d45d49b389ced6ec10164b1359", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 476}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 2550, "scanner": "repobility-docker", "fingerprint": "ea48f5f06c22c5207138e5d7338c5b905520d2426ba9c410164f6446b42b5214", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "pg", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|ea48f5f06c22c5207138e5d7338c5b905520d2426ba9c410164f6446b42b5214", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 2131, "scanner": "repobility-threat-engine", "fingerprint": "4dd7c94123f7f2cb618ca5ecb5c9476e99f9bc3b005257d749a586f05d79eb7a", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://db_user:db_pass@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|docker-compose.yml|7|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 78}}}]}]}]}