{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `linear_slope_patch` (list)", "shortDescription": {"text": "Mutable default argument in `linear_slope_patch` (list)"}, "fullDescription": {"text": "`def linear_slope_patch(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_make_param_dict` has cognitive complexity 9 (SonarSource scale). Cogniti", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_make_param_dict` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursi"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/rhysd/actionlint` pinned to mutable rev `v1.6.27`", "shortDescription": {"text": "pre-commit hook `https://github.com/rhysd/actionlint` pinned to mutable rev `v1.6.27`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/rhysd/actionlint` at `rev: v1.6.27`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:22.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._get_offset_coord_manager` used but never assigned in __init__", "shortDescription": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_merge_raise_snap_too_big` of class `TestMergeCoordManagers` reads `self._get_offset_coord_manager`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_indefinite_integrate", "shortDescription": {"text": "Phantom test coverage: test_indefinite_integrate"}, "fullDescription": {"text": "Test function `test_indefinite_integrate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `time` used but not imported", "shortDescription": {"text": "Missing import: `time` used but not imported"}, "fullDescription": {"text": "The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1156"}, "properties": {"repository": "DASDAE/dascore", "repoUrl": "https://github.com/DASDAE/dascore", "branch": "master"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 115603, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 115602, "scanner": "repobility-docker", "fingerprint": "02620fcf3f7b825af37686474c3486fb2a4648443c28c3df197f61b8681ae61e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|02620fcf3f7b825af37686474c3486fb2a4648443c28c3df197f61b8681ae61e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 115595, "scanner": "repobility-threat-engine", "fingerprint": "3b4adf87fc92c9f1c0407493a9427825eec9f6aef8b1f0f82329510a5f4a9d2f", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|dascore/io/pickle/core.py|43|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/pickle/core.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115551, "scanner": "repobility-ast-engine", "fingerprint": "df26cd912d084d72a71d137eaae743ffb47c88a94b4b0f4297d26cdbd17fadda", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df26cd912d084d72a71d137eaae743ffb47c88a94b4b0f4297d26cdbd17fadda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/tdms/core.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115550, "scanner": "repobility-ast-engine", "fingerprint": "d426088ec635c65947c87763dc4899e755ecb7be48f09cecea4ffc83868c8c4b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d426088ec635c65947c87763dc4899e755ecb7be48f09cecea4ffc83868c8c4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/core.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115549, "scanner": "repobility-ast-engine", "fingerprint": "2b8ad3df821439eef4f30cae773de2cdf7f985a70d885a51ca2a0850ee315e90", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b8ad3df821439eef4f30cae773de2cdf7f985a70d885a51ca2a0850ee315e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/core.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `linear_slope_patch` (list)"}, "properties": {"repobilityId": 115541, "scanner": "repobility-ast-engine", "fingerprint": "149eb3deb41b1991782032ad1c659ff484b8d3c8da31df4f1cecf4261c9b2954", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|149eb3deb41b1991782032ad1c659ff484b8d3c8da31df4f1cecf4261c9b2954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_transform/test_tau_p.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 115507, "scanner": "repobility-ast-engine", "fingerprint": "9af02b8eca5c34bd8894f83de0e361e73ab2cf46f2e347e0d6a1dc799a394a42", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9af02b8eca5c34bd8894f83de0e361e73ab2cf46f2e347e0d6a1dc799a394a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/conftest.py"}, "region": {"startLine": 542}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 115601, "scanner": "repobility-docker", "fingerprint": "9dba8b01f1838c10f5baf40a28b5023d73fcddf0605e10270db64ddd89e957ec", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9dba8b01f1838c10f5baf40a28b5023d73fcddf0605e10270db64ddd89e957ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 115600, "scanner": "repobility-docker", "fingerprint": "87dddfd588d4a2ce30b2df8deffa1276a8d3d6b738b14f5b5d06427392db8cbd", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|87dddfd588d4a2ce30b2df8deffa1276a8d3d6b738b14f5b5d06427392db8cbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_make_param_dict` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, for=1, if=2, nested_bonus=2, ternary=2."}, "properties": {"repobilityId": 115589, "scanner": "repobility-threat-engine", "fingerprint": "1bd28f48ffe4fd05abaa75cf00e624aacff42d32c7bfe4a2edaacda06e4177b5", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_make_param_dict", "breakdown": {"if": 2, "for": 1, "else": 1, "break": 1, "ternary": 2, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|1bd28f48ffe4fd05abaa75cf00e624aacff42d32c7bfe4a2edaacda06e4177b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/febus/g1utils.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `update` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=3, nested_bonus=1, recursion=2."}, "properties": {"repobilityId": 115588, "scanner": "repobility-threat-engine", "fingerprint": "45e951f36a1b9139f39675e7e4c0c4800404961752b07b0c8ec35205b2cb1b91", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update", "breakdown": {"if": 3, "for": 1, "else": 1, "recursion": 2, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|45e951f36a1b9139f39675e7e4c0c4800404961752b07b0c8ec35205b2cb1b91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/core/attrs.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `flat_dump` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=2, if=3, nested_bonus=7."}, "properties": {"repobilityId": 115587, "scanner": "repobility-threat-engine", "fingerprint": "bce0e948b54d8e347e42191f1c3aa0de2bf81970aff2f6844fa5e03cff5467f0", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "flat_dump", "breakdown": {"if": 3, "for": 2, "elif": 1, "nested_bonus": 7}, "complexity": 13, "correlation_key": "fp|bce0e948b54d8e347e42191f1c3aa0de2bf81970aff2f6844fa5e03cff5467f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/core/attrs.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 115471, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 115599, "scanner": "repobility-threat-engine", "fingerprint": "3605c2f1247edfc5b2338b96925b0eb069e843d62daa2512c60bd65d9254d43f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3605c2f1247edfc5b2338b96925b0eb069e843d62daa2512c60bd65d9254d43f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/utils/downloader.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 115598, "scanner": "repobility-threat-engine", "fingerprint": "89ada05fafa6182f4083632c684e34bd1aa7f2349e6ef14f63f15365b7c3ad87", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89ada05fafa6182f4083632c684e34bd1aa7f2349e6ef14f63f15365b7c3ad87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/prodml/utils.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 115594, "scanner": "repobility-threat-engine", "fingerprint": "b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "aggregated_count": 2}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115593, "scanner": "repobility-threat-engine", "fingerprint": "a8a994d86861f620f786ee9c2c3b0d147b9277fd8aab7315f45a92a200574626", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8a994d86861f620f786ee9c2c3b0d147b9277fd8aab7315f45a92a200574626"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/terra15/utils.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115592, "scanner": "repobility-threat-engine", "fingerprint": "721dee96a46f7d3696c74113a3d59dd0e61692039933b35423aaa9f6a5f0f59f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|721dee96a46f7d3696c74113a3d59dd0e61692039933b35423aaa9f6a5f0f59f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/febus/g1utils.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 115591, "scanner": "repobility-threat-engine", "fingerprint": "b2b97ebccdd769199a12ca26eeef036766505b825979e39d99295769a32d93f5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2b97ebccdd769199a12ca26eeef036766505b825979e39d99295769a32d93f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/febus/core.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 115590, "scanner": "repobility-threat-engine", "fingerprint": "e9bc4633a06f2bf4595d7f34f7ac12cf2190890ac481591c0f6c8fb84954f54a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "flat_dump", "breakdown": {"if": 3, "for": 2, "elif": 1, "nested_bonus": 7}, "aggregated": true, "complexity": 13, "correlation_key": "fp|e9bc4633a06f2bf4595d7f34f7ac12cf2190890ac481591c0f6c8fb84954f54a", "aggregated_count": 28}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 115586, "scanner": "repobility-threat-engine", "fingerprint": "b716e452fc69f198dd09d9395b6a9646e9c76178cc7a871b1d6ec822f8589b1c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b716e452fc69f198dd09d9395b6a9646e9c76178cc7a871b1d6ec822f8589b1c"}}}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 115585, "scanner": "repobility-threat-engine", "fingerprint": "9cac12532460b430a2d3ad10a6a63c50a4eb549c0a0a75c9aee7f4b4ce65f690", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "attrs.update(extras)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9cac12532460b430a2d3ad10a6a63c50a4eb549c0a0a75c9aee7f4b4ce65f690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/ap_sensing/core.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 115584, "scanner": "repobility-threat-engine", "fingerprint": "dfafe6e702f8b2e5bca011714176b9f4cfd6f48d5692c7e2d93ed2166552151b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "out.update(attr_info)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dfafe6e702f8b2e5bca011714176b9f4cfd6f48d5692c7e2d93ed2166552151b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/core/attrs.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 115583, "scanner": "repobility-threat-engine", "fingerprint": "e45862e6b40dfb187203edb8491353b3499d1c8be0074fe2220a78c8433ee53a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "final_kwargs.update(self._select_kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e45862e6b40dfb187203edb8491353b3499d1c8be0074fe2220a78c8433ee53a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/clients/dirspool.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115582, "scanner": "repobility-supply-chain", "fingerprint": "7b7fce0bc6d86ae57e19deaed8886029f5ab98dc4d5139a63a17ba9b128a28f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b7fce0bc6d86ae57e19deaed8886029f5ab98dc4d5139a63a17ba9b128a28f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deploy_master_docs.yaml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115581, "scanner": "repobility-supply-chain", "fingerprint": "b9578b878b4ae8a3157c8564c16d47e56288ddac9967da1ede6af127f14ab7c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9578b878b4ae8a3157c8564c16d47e56288ddac9967da1ede6af127f14ab7c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run_min_dep_tests.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115580, "scanner": "repobility-supply-chain", "fingerprint": "99740d174430906ccf8b287586d66452ca9eaf3e60cf3d578683dfcb4150184e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|99740d174430906ccf8b287586d66452ca9eaf3e60cf3d578683dfcb4150184e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run_min_dep_tests.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115578, "scanner": "repobility-supply-chain", "fingerprint": "23e3a082846991e02819327a084d33788488ca11a1b562d058cccfbba669c0f1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23e3a082846991e02819327a084d33788488ca11a1b562d058cccfbba669c0f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/runtests.yml"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115577, "scanner": "repobility-supply-chain", "fingerprint": "6ff243063f3d394d2ac45acfba94c1b3c4be71e9151eec833f96d2752a3f08dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ff243063f3d394d2ac45acfba94c1b3c4be71e9151eec833f96d2752a3f08dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/runtests.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115576, "scanner": "repobility-supply-chain", "fingerprint": "eabe3cfbbc18a83cea4c964df78e869fe953f777dfabcac0eba6437f5ebab633", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eabe3cfbbc18a83cea4c964df78e869fe953f777dfabcac0eba6437f5ebab633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/runtests.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 115575, "scanner": "repobility-supply-chain", "fingerprint": "b757e9eb6bd5f8f468a1966dcd887b6498ed3c1d756cb9a2023ef976da988b94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b757e9eb6bd5f8f468a1966dcd887b6498ed3c1d756cb9a2023ef976da988b94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/upload_pypi.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `conda-incubator/setup-miniconda` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 115574, "scanner": "repobility-supply-chain", "fingerprint": "8905d25e11630a775628bc3d7a490ba0832021d4eb3a867e4355d7db5d3b1994", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8905d25e11630a775628bc3d7a490ba0832021d4eb3a867e4355d7db5d3b1994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/upload_pypi.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115573, "scanner": "repobility-supply-chain", "fingerprint": "453746b526b38db4fd7e7e6ae23c4d490972cf0bd2b4172a1586ca6bac6f3d68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|453746b526b38db4fd7e7e6ae23c4d490972cf0bd2b4172a1586ca6bac6f3d68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/upload_pypi.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `CodSpeedHQ/action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115572, "scanner": "repobility-supply-chain", "fingerprint": "a6012328d82baefabe7d4488a303b29b4ce8c6826283fd37acba3c5a74077425", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a6012328d82baefabe7d4488a303b29b4ce8c6826283fd37acba3c5a74077425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/profile.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115571, "scanner": "repobility-supply-chain", "fingerprint": "f7e9e1be8bdc98d22f0d4d9a2fb399fb5184b13676f111946144abaecb587ba5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7e9e1be8bdc98d22f0d4d9a2fb399fb5184b13676f111946144abaecb587ba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/profile.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-or-update-comment` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115570, "scanner": "repobility-supply-chain", "fingerprint": "6b64949786bba355ea3f42f2071d0439f44a80604aa8d1f725ebd2d9ede2c8b6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b64949786bba355ea3f42f2071d0439f44a80604aa8d1f725ebd2d9ede2c8b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_doc_build.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/find-comment` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 115569, "scanner": "repobility-supply-chain", "fingerprint": "7e04b51e6c77604b4471465538113e2661a4b9aef5f6e7422c6d3632b3ea86ee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e04b51e6c77604b4471465538113e2661a4b9aef5f6e7422c6d3632b3ea86ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_doc_build.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115568, "scanner": "repobility-supply-chain", "fingerprint": "3803cbe6a43b0214953071c4b4d0a26c88d3a98a11fb7904df50fc0f263f09ce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3803cbe6a43b0214953071c4b4d0a26c88d3a98a11fb7904df50fc0f263f09ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_doc_build.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115567, "scanner": "repobility-supply-chain", "fingerprint": "4f9e82f07ca134ed1582233d8ce1875f8a3ba259163df8d32a460b06efa2b11f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f9e82f07ca134ed1582233d8ce1875f8a3ba259163df8d32a460b06efa2b11f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_doc_build.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/deploy-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115566, "scanner": "repobility-supply-chain", "fingerprint": "8e7185d635aaadee995cbca72a57038af866bd67b7b422384e8dcc878d5726e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e7185d635aaadee995cbca72a57038af866bd67b7b422384e8dcc878d5726e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deploy_stable_docs.yaml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 115565, "scanner": "repobility-supply-chain", "fingerprint": "48cf11e4d6f5a819665ecd3c56739005872d0abb66e0105ff54bf36d55ce2baf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48cf11e4d6f5a819665ecd3c56739005872d0abb66e0105ff54bf36d55ce2baf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deploy_stable_docs.yaml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-pages-artifact` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 115564, "scanner": "repobility-supply-chain", "fingerprint": "b9f0de6087103807c367eab80c0a69689f0c3daf1cd626fc2e3093b9d65cd73a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9f0de6087103807c367eab80c0a69689f0c3daf1cd626fc2e3093b9d65cd73a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deploy_stable_docs.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115563, "scanner": "repobility-supply-chain", "fingerprint": "52b0bb743a78a8bb7f6ccb384d561743c9f4b6e36c423d42f1a215891f5b73ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|52b0bb743a78a8bb7f6ccb384d561743c9f4b6e36c423d42f1a215891f5b73ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deploy_stable_docs.yaml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 115562, "scanner": "repobility-supply-chain", "fingerprint": "28f0531426d39dfb0c1daaf878ec6b5d70c936e1226e71d82ba91179105c0588", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28f0531426d39dfb0c1daaf878ec6b5d70c936e1226e71d82ba91179105c0588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 115561, "scanner": "repobility-supply-chain", "fingerprint": "75c16a3b6684fccf442c2109dc8bf4d1a7d46168f074e46cf11813f5e6eb4623", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75c16a3b6684fccf442c2109dc8bf4d1a7d46168f074e46cf11813f5e6eb4623"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115560, "scanner": "repobility-supply-chain", "fingerprint": "a77e1274c47343b50c0007f390a06eca6b511d926e870706977f9e7f779977bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a77e1274c47343b50c0007f390a06eca6b511d926e870706977f9e7f779977bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115559, "scanner": "repobility-supply-chain", "fingerprint": "1dc97ec0dab20b41e32fae3cd086555744455ccad2111a627471703d127adc19", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1dc97ec0dab20b41e32fae3cd086555744455ccad2111a627471703d127adc19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/get_coverage.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 115558, "scanner": "repobility-supply-chain", "fingerprint": "3747a3f14a3594cc141131da3c55c8bab502f4daebe2253c588ba8462b3851b7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3747a3f14a3594cc141131da3c55c8bab502f4daebe2253c588ba8462b3851b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/get_coverage.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/rhysd/actionlint` pinned to mutable rev `v1.6.27`"}, "properties": {"repobilityId": 115557, "scanner": "repobility-supply-chain", "fingerprint": "75de5c0b6177df137691caffa5e64fd4cc56abd26fc300389a89df3e659da497", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75de5c0b6177df137691caffa5e64fd4cc56abd26fc300389a89df3e659da497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/crate-ci/typos` pinned to mutable rev `v1.22.4`"}, "properties": {"repobilityId": 115556, "scanner": "repobility-supply-chain", "fingerprint": "65a0013c8864a3f3f14c1d668755c59bc539d65c98272ca50061b8205d2c2c5f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65a0013c8864a3f3f14c1d668755c59bc539d65c98272ca50061b8205d2c2c5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/kynan/nbstripout` pinned to mutable rev `0.6.1`"}, "properties": {"repobilityId": 115555, "scanner": "repobility-supply-chain", "fingerprint": "5e75c88679fab4ad43b89dbcfaa06be041f0f57a7751f38e93170dcf0e984d72", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e75c88679fab4ad43b89dbcfaa06be041f0f57a7751f38e93170dcf0e984d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/frostming/fix-future-annotations` pinned to mutable rev `0.5.0`"}, "properties": {"repobilityId": 115554, "scanner": "repobility-supply-chain", "fingerprint": "72cd48bf7a5ad92cfe6533e55cfbaaa45d19c8c450713048d3534dba101e2d78", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|72cd48bf7a5ad92cfe6533e55cfbaaa45d19c8c450713048d3534dba101e2d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v2.3.0`"}, "properties": {"repobilityId": 115553, "scanner": "repobility-supply-chain", "fingerprint": "e366432ac2fc20fcdedaa0b23a44a7942b1cc0ca9f9186fb6ad68d51b5037204", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e366432ac2fc20fcdedaa0b23a44a7942b1cc0ca9f9186fb6ad68d51b5037204"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "properties": {"repobilityId": 115552, "scanner": "repobility-supply-chain", "fingerprint": "1fd16bd58fb3bc8f0dcf2c8242af2693c7af33c8c5319648043e992a66f16c08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1fd16bd58fb3bc8f0dcf2c8242af2693c7af33c8c5319648043e992a66f16c08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115534, "scanner": "repobility-ast-engine", "fingerprint": "502e4f62b202de1a6e81076cf191022bc92f6cbc94574140a1dcb56a4a6ec866", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|502e4f62b202de1a6e81076cf191022bc92f6cbc94574140a1dcb56a4a6ec866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115533, "scanner": "repobility-ast-engine", "fingerprint": "03dfd30a91656d5d110ef2cd0d270fbc74dbc8284b4dd1aab85ea8fbab8d3432", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03dfd30a91656d5d110ef2cd0d270fbc74dbc8284b4dd1aab85ea8fbab8d3432"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115532, "scanner": "repobility-ast-engine", "fingerprint": "8e81046e02a4c866a79334937bbe2cfa2e9fc39ced1de75dc5597d32bd722d9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e81046e02a4c866a79334937bbe2cfa2e9fc39ced1de75dc5597d32bd722d9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115531, "scanner": "repobility-ast-engine", "fingerprint": "77e3aff4515aaca076ce9f5ff88b48957aa626336f710c467cbd013c3d35eaa0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77e3aff4515aaca076ce9f5ff88b48957aa626336f710c467cbd013c3d35eaa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115530, "scanner": "repobility-ast-engine", "fingerprint": "0c6dad490ed361659ac8dc2411298ca21eab26736ef9718b7f7232339f8078ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c6dad490ed361659ac8dc2411298ca21eab26736ef9718b7f7232339f8078ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115529, "scanner": "repobility-ast-engine", "fingerprint": "ad918108c049fca46e561eb5444881a3c5e63c9424ef7b384022f96cf3ba7c09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad918108c049fca46e561eb5444881a3c5e63c9424ef7b384022f96cf3ba7c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_offset_coord_manager` used but never assigned in __init__"}, "properties": {"repobilityId": 115528, "scanner": "repobility-ast-engine", "fingerprint": "bf24b724905d313b1e5c62f25cc58c8fa7311fcaef7ee7f102dfafe8e7eda190", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf24b724905d313b1e5c62f25cc58c8fa7311fcaef7ee7f102dfafe8e7eda190"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.val` used but never assigned in __init__"}, "properties": {"repobilityId": 115526, "scanner": "repobility-ast-engine", "fingerprint": "35336fc1e932c8692d47e05bb7868f2649cc51eb13331d6ec3aca0ceda7e9562", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35336fc1e932c8692d47e05bb7868f2649cc51eb13331d6ec3aca0ceda7e9562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_spool.py"}, "region": {"startLine": 810}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 115525, "scanner": "repobility-ast-engine", "fingerprint": "ff47e1421e5d00cc7751d1af88c856dd2eadb96b592952d5233e1fd4dadf4fc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff47e1421e5d00cc7751d1af88c856dd2eadb96b592952d5233e1fd4dadf4fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_spool.py"}, "region": {"startLine": 728}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 115524, "scanner": "repobility-ast-engine", "fingerprint": "2c7dcc02bc5dd3e435e99cd64d04fe29f69198feb68596e132b350c32f8caf08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c7dcc02bc5dd3e435e99cd64d04fe29f69198feb68596e132b350c32f8caf08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_spool.py"}, "region": {"startLine": 711}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pipe_func` used but never assigned in __init__"}, "properties": {"repobilityId": 115523, "scanner": "repobility-ast-engine", "fingerprint": "cf38a7c364db02d82c11493c6858d42f214244de369ae7c582079edf5a47dcf8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf38a7c364db02d82c11493c6858d42f214244de369ae7c582079edf5a47dcf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_patch.py"}, "region": {"startLine": 604}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pipe_func` used but never assigned in __init__"}, "properties": {"repobilityId": 115522, "scanner": "repobility-ast-engine", "fingerprint": "5aad166ce4e4f745e016058556efeba6657814d948cdfdd3669206344e56e1d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5aad166ce4e4f745e016058556efeba6657814d948cdfdd3669206344e56e1d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_patch.py"}, "region": {"startLine": 598}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._image_shape` used but never assigned in __init__"}, "properties": {"repobilityId": 115515, "scanner": "repobility-ast-engine", "fingerprint": "8c5b72610f634fc4e5c470d6c587f560892f9dffd9051574d72e6988577640f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c5b72610f634fc4e5c470d6c587f560892f9dffd9051574d72e6988577640f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_viz/test_spectrogram.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._image_shape` used but never assigned in __init__"}, "properties": {"repobilityId": 115514, "scanner": "repobility-ast-engine", "fingerprint": "faebe4448882358b9726aadc8541b10469a248f4101f0ba855bd4cf72d84563b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|faebe4448882358b9726aadc8541b10469a248f4101f0ba855bd4cf72d84563b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_viz/test_spectrogram.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.make_simple_index_with_version` used but never assigned in __init__"}, "properties": {"repobilityId": 115513, "scanner": "repobility-ast-engine", "fingerprint": "b98f107b7ffd886b27d9663a7e3536532d9514bc89e26d7f91b62df0b5e21617", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b98f107b7ffd886b27d9663a7e3536532d9514bc89e26d7f91b62df0b5e21617"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_indexer.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.make_simple_index_with_version` used but never assigned in __init__"}, "properties": {"repobilityId": 115512, "scanner": "repobility-ast-engine", "fingerprint": "3d30bc0cc0203c67c4eccd8175fc031a9ee8f7be15b46c0dda450fc4e3d1ada7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d30bc0cc0203c67c4eccd8175fc031a9ee8f7be15b46c0dda450fc4e3d1ada7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_indexer.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.FormatterWithName` used but never assigned in __init__"}, "properties": {"repobilityId": 115511, "scanner": "repobility-ast-engine", "fingerprint": "bb7d10f28ef4e90f81ef60f352edb8c3f683d4a370d4c203802bd898cd8e66bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb7d10f28ef4e90f81ef60f352edb8c3f683d4a370d4c203802bd898cd8e66bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_io_core.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_indefinite_integrate"}, "properties": {"repobilityId": 115505, "scanner": "repobility-ast-engine", "fingerprint": "e3172df1ec8b3ad456a1b6a8791c83483dadadd344899730dbd6442dbac4d2f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3172df1ec8b3ad456a1b6a8791c83483dadadd344899730dbd6442dbac4d2f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_slope_mute"}, "properties": {"repobilityId": 115504, "scanner": "repobility-ast-engine", "fingerprint": "c62b010df1027b3ffa4a24e3e29733d665426f026aa22e6f2a755946529d1a70", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c62b010df1027b3ffa4a24e3e29733d665426f026aa22e6f2a755946529d1a70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_line_mute"}, "properties": {"repobilityId": 115503, "scanner": "repobility-ast-engine", "fingerprint": "2c31c8019ff9f5f565bc39887d847b97699882bfc4b6590f9c35430e62b485d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c31c8019ff9f5f565bc39887d847b97699882bfc4b6590f9c35430e62b485d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_wiener_filter"}, "properties": {"repobilityId": 115502, "scanner": "repobility-ast-engine", "fingerprint": "e45b01914455cb739be9f20df1281ba618671852f5a92274f2ff5dd9ff26ae5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e45b01914455cb739be9f20df1281ba618671852f5a92274f2ff5dd9ff26ae5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_hampel_filter"}, "properties": {"repobilityId": 115501, "scanner": "repobility-ast-engine", "fingerprint": "67c7e526e96e8a07d8da1fd68361c420d5a2455c991b4388cc769aea24c6b6b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67c7e526e96e8a07d8da1fd68361c420d5a2455c991b4388cc769aea24c6b6b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_hampel_filter_non_approximate"}, "properties": {"repobilityId": 115500, "scanner": "repobility-ast-engine", "fingerprint": "823d0b146af972e0c4f515879b56a624eda05f11740570521d8851cdbc67eb10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|823d0b146af972e0c4f515879b56a624eda05f11740570521d8851cdbc67eb10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_snap_coords"}, "properties": {"repobilityId": 115499, "scanner": "repobility-ast-engine", "fingerprint": "72f9409db96133c34093db0d861f92f500cc517a38f143a202320cea53acf790", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72f9409db96133c34093db0d861f92f500cc517a38f143a202320cea53acf790"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_roll"}, "properties": {"repobilityId": 115498, "scanner": "repobility-ast-engine", "fingerprint": "815c468798098a5d1e4f95f58399e05ca12e8fdf6217e3b0a2c552a22840fc41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|815c468798098a5d1e4f95f58399e05ca12e8fdf6217e3b0a2c552a22840fc41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_transpose"}, "properties": {"repobilityId": 115497, "scanner": "repobility-ast-engine", "fingerprint": "03707730b1d722c139dcf009f3a45cb43b70b43d4cab9f47b76c3afa9894b17d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03707730b1d722c139dcf009f3a45cb43b70b43d4cab9f47b76c3afa9894b17d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_taper"}, "properties": {"repobilityId": 115496, "scanner": "repobility-ast-engine", "fingerprint": "03d19d9026de080d0209f927445b665c78614058824a5192b959a720e03e5a23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03d19d9026de080d0209f927445b665c78614058824a5192b959a720e03e5a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_standardize"}, "properties": {"repobilityId": 115495, "scanner": "repobility-ast-engine", "fingerprint": "c0bd96e91ccf31538e4f86868f68da9cf8826a916c07592e8aed0f7eed704c59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0bd96e91ccf31538e4f86868f68da9cf8826a916c07592e8aed0f7eed704c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_sobel_filter"}, "properties": {"repobilityId": 115494, "scanner": "repobility-ast-engine", "fingerprint": "036727b4a14e5ec7f1bd33d40d06ea331120368d5412d9882f9071ba3fc21699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|036727b4a14e5ec7f1bd33d40d06ea331120368d5412d9882f9071ba3fc21699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_select"}, "properties": {"repobilityId": 115493, "scanner": "repobility-ast-engine", "fingerprint": "cb6480c701b8a41d5659d0f5c769f531ccc7f4a91f5a77eba8ee1d0dded66d46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb6480c701b8a41d5659d0f5c769f531ccc7f4a91f5a77eba8ee1d0dded66d46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_decimate"}, "properties": {"repobilityId": 115492, "scanner": "repobility-ast-engine", "fingerprint": "9f1f1f64297680d39f9c58a6c22aecd4e95e4d1257d1d5075630c29b8979c365", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f1f1f64297680d39f9c58a6c22aecd4e95e4d1257d1d5075630c29b8979c365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_interpolate"}, "properties": {"repobilityId": 115491, "scanner": "repobility-ast-engine", "fingerprint": "8e32b43d3ebc8117108bfaf0103ec34f9279aabefb81b651f5140e5cd9d9e541", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e32b43d3ebc8117108bfaf0103ec34f9279aabefb81b651f5140e5cd9d9e541"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_median_filter"}, "properties": {"repobilityId": 115490, "scanner": "repobility-ast-engine", "fingerprint": "28b033f6425715782824b540acaf9aadf2c07eccb7dceb31c13ef7863f9a16f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28b033f6425715782824b540acaf9aadf2c07eccb7dceb31c13ef7863f9a16f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_pass_filter"}, "properties": {"repobilityId": 115489, "scanner": "repobility-ast-engine", "fingerprint": "96328d78441192bf200e56020210803310d9128cbede7802a4cc03c2db054532", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96328d78441192bf200e56020210803310d9128cbede7802a4cc03c2db054532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_select_string_match"}, "properties": {"repobilityId": 115488, "scanner": "repobility-ast-engine", "fingerprint": "d1cb287c9cff4b40131939f3a8a428c29d90a3752547e4476449567a52d14a18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1cb287c9cff4b40131939f3a8a428c29d90a3752547e4476449567a52d14a18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_select_strings"}, "properties": {"repobilityId": 115487, "scanner": "repobility-ast-engine", "fingerprint": "5b93d09b14327ed87d7bd709aac29dd2dfbee4cc42bb6ee0802f8f09c41be545", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b93d09b14327ed87d7bd709aac29dd2dfbee4cc42bb6ee0802f8f09c41be545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_select_half_range"}, "properties": {"repobilityId": 115486, "scanner": "repobility-ast-engine", "fingerprint": "154c799154a58eb457984b34107a27afd292fd822dfd9c4c90979ecbb70664ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|154c799154a58eb457984b34107a27afd292fd822dfd9c4c90979ecbb70664ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_select_full_range"}, "properties": {"repobilityId": 115485, "scanner": "repobility-ast-engine", "fingerprint": "bb75e432805b3fe3f284b2c0252e78049bd5efe5fc02bbd864608d5820884b79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb75e432805b3fe3f284b2c0252e78049bd5efe5fc02bbd864608d5820884b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_half_second_chunk"}, "properties": {"repobilityId": 115484, "scanner": "repobility-ast-engine", "fingerprint": "6a6fb45297e6a85c844fce5b783b7599bc7d0683429d4396fae35c46acd59736", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a6fb45297e6a85c844fce5b783b7599bc7d0683429d4396fae35c46acd59736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_1second_chunk"}, "properties": {"repobilityId": 115483, "scanner": "repobility-ast-engine", "fingerprint": "aeedc23bd574de0890d7c4e7db76d5dc441741a58453f5810c3aea1f5b9c0ceb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aeedc23bd574de0890d7c4e7db76d5dc441741a58453f5810c3aea1f5b9c0ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_diverse_merge"}, "properties": {"repobilityId": 115482, "scanner": "repobility-ast-engine", "fingerprint": "3b293a1bcde16d8fdb0303585982704e599678ca70e2592aaeb21d49d237855e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b293a1bcde16d8fdb0303585982704e599678ca70e2592aaeb21d49d237855e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_contiguous_merge"}, "properties": {"repobilityId": 115481, "scanner": "repobility-ast-engine", "fingerprint": "0448a378816e2c1552abe8911a221ae60f811819e507918039381ae07d8a9c9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0448a378816e2c1552abe8911a221ae60f811819e507918039381ae07d8a9c9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_spool_benchmarks.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.render_linked_table` used but never assigned in __init__"}, "properties": {"repobilityId": 115480, "scanner": "repobility-ast-engine", "fingerprint": "68e0e92a545f0463ffad18bbcb683304665692beec681b10b18acbc0e845f585", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68e0e92a545f0463ffad18bbcb683304665692beec681b10b18acbc0e845f585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 503}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_parent_source_block` used but never assigned in __init__"}, "properties": {"repobilityId": 115479, "scanner": "repobility-ast-engine", "fingerprint": "cfbe53ee612f11347dbc4abdac3959ea89f56ccfbbbc6a7b413a727b3675fd46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfbe53ee612f11347dbc4abdac3959ea89f56ccfbbbc6a7b413a727b3675fd46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 510}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.has_subsection` used but never assigned in __init__"}, "properties": {"repobilityId": 115478, "scanner": "repobility-ast-engine", "fingerprint": "baf9d5a97b62eddb01ac64b0b749e3e2e61337459b7718c54ebfcd3ae73edd3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|baf9d5a97b62eddb01ac64b0b749e3e2e61337459b7718c54ebfcd3ae73edd3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 505}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_class_parent_string` used but never assigned in __init__"}, "properties": {"repobilityId": 115477, "scanner": "repobility-ast-engine", "fingerprint": "1dc650342013d6a30e33074a4a26448f230595082c06516024c87211eb824a13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1dc650342013d6a30e33074a4a26448f230595082c06516024c87211eb824a13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 490}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_github_source` used but never assigned in __init__"}, "properties": {"repobilityId": 115476, "scanner": "repobility-ast-engine", "fingerprint": "0c3b2bb8f9633e688a2e718ef6df4e8051be38e6b6a4ad19493c57955abcc5d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c3b2bb8f9633e688a2e718ef6df4e8051be38e6b6a4ad19493c57955abcc5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 486}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_children_object_ids` used but never assigned in __init__"}, "properties": {"repobilityId": 115475, "scanner": "repobility-ast-engine", "fingerprint": "02e97d241dcc3be5e2774833a190eb9907768c972b3b9ad2821f869758b71c4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02e97d241dcc3be5e2774833a190eb9907768c972b3b9ad2821f869758b71c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.style_sections` used but never assigned in __init__"}, "properties": {"repobilityId": 115474, "scanner": "repobility-ast-engine", "fingerprint": "5f29a7dcb8fec96f0490334e5256fecf89fe48289f635baf3768777e048e03f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f29a7dcb8fec96f0490334e5256fecf89fe48289f635baf3768777e048e03f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_sections` used but never assigned in __init__"}, "properties": {"repobilityId": 115473, "scanner": "repobility-ast-engine", "fingerprint": "8b4d1aa4acf7c1a9c299a6778370eba6521203ba9eb994af664e7c73fe4922d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b4d1aa4acf7c1a9c299a6778370eba6521203ba9eb994af664e7c73fe4922d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/_render_api.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 115597, "scanner": "repobility-threat-engine", "fingerprint": "73322dc86e9a8b42a377a0d5895239b1c0cf2c4d89e9e861ca2eb3799e4dbe8f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73322dc86e9a8b42a377a0d5895239b1c0cf2c4d89e9e861ca2eb3799e4dbe8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/pickle/core.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 115596, "scanner": "repobility-threat-engine", "fingerprint": "c44f61c7449829e728be0d90f8ede1dcc016897a1f7d88c46c0ce79ff87f6279", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c44f61c7449829e728be0d90f8ede1dcc016897a1f7d88c46c0ce79ff87f6279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/io/pickle/core.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 115579, "scanner": "repobility-supply-chain", "fingerprint": "3bb8a6e66c7a73e919d3ad09a8cb5761d11edf9e07440ad0ae0de158f1e27fd6", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3bb8a6e66c7a73e919d3ad09a8cb5761d11edf9e07440ad0ae0de158f1e27fd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/runtests.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115548, "scanner": "repobility-ast-engine", "fingerprint": "cd08d370f8d5600d0d10eb9ae2c79c48e035b7111cf62ff95ecc5b8f52e26041", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd08d370f8d5600d0d10eb9ae2c79c48e035b7111cf62ff95ecc5b8f52e26041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_febus/test_febust1.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `random` used but not imported"}, "properties": {"repobilityId": 115547, "scanner": "repobility-ast-engine", "fingerprint": "e7a10a15c708160d7d3a59c32dbbc9a56c2169a1d020fdf384ca907ab60198ab", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7a10a15c708160d7d3a59c32dbbc9a56c2169a1d020fdf384ca907ab60198ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proc/test_rolling.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115546, "scanner": "repobility-ast-engine", "fingerprint": "107fdd68eae36055f97789d5b9d2b34f3253bb43112e6a549f465250322d30a2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|107fdd68eae36055f97789d5b9d2b34f3253bb43112e6a549f465250322d30a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proc/test_align.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115545, "scanner": "repobility-ast-engine", "fingerprint": "b7e25a4145b253562ac9b4307b56ce9c6e1d13d85c912797ca7e9ebbf2839a51", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7e25a4145b253562ac9b4307b56ce9c6e1d13d85c912797ca7e9ebbf2839a51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proc/test_resample.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115544, "scanner": "repobility-ast-engine", "fingerprint": "2e6d24f7b7199887f07c53791da8a73fd255083ac7fe8fdd1ae5ac2c130c0814", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e6d24f7b7199887f07c53791da8a73fd255083ac7fe8fdd1ae5ac2c130c0814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proc/test_proc_coords.py"}, "region": {"startLine": 562}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115543, "scanner": "repobility-ast-engine", "fingerprint": "1a9cde2b4d3c09ed05347c5dba65a43f2b8a7a1b8034103ea35a183d602cf9a9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a9cde2b4d3c09ed05347c5dba65a43f2b8a7a1b8034103ea35a183d602cf9a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proc/test_aggregate.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115542, "scanner": "repobility-ast-engine", "fingerprint": "7b6544acb535220f7f837f828f5550ae4dc9e60d642b37fc87d44642af60521f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b6544acb535220f7f837f828f5550ae4dc9e60d642b37fc87d44642af60521f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_clients/test_dirspool.py"}, "region": {"startLine": 474}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115540, "scanner": "repobility-ast-engine", "fingerprint": "8724d49d7390eba30006d4a8ffb0f2ed991a406fde6ec17afc2895c1e66c37ae", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8724d49d7390eba30006d4a8ffb0f2ed991a406fde6ec17afc2895c1e66c37ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_transform/test_fourier.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115539, "scanner": "repobility-ast-engine", "fingerprint": "f3d294098ec75e0fa78f90545096458a2495ece44b7882d9e820a8c472ae17d2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3d294098ec75e0fa78f90545096458a2495ece44b7882d9e820a8c472ae17d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_misc.py"}, "region": {"startLine": 371}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115538, "scanner": "repobility-ast-engine", "fingerprint": "bcc7a02e721b65dcc6dbf1b5cc7828ee62016f38197fd449dd69da32babd7439", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bcc7a02e721b65dcc6dbf1b5cc7828ee62016f38197fd449dd69da32babd7439"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_time.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115537, "scanner": "repobility-ast-engine", "fingerprint": "880c6b2fead4d8c7c1bb1d4c78288b61239df5693ea44ace7a705215ae94a758", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|880c6b2fead4d8c7c1bb1d4c78288b61239df5693ea44ace7a705215ae94a758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_time.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115536, "scanner": "repobility-ast-engine", "fingerprint": "29015496db5ad56115a53787a7b0e0c627ef6a2fe901e4bd5c5895df6cf58e73", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29015496db5ad56115a53787a7b0e0c627ef6a2fe901e4bd5c5895df6cf58e73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_array_utils.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115535, "scanner": "repobility-ast-engine", "fingerprint": "91416be09d220a3d288d3bbee27b3be5cb5694818db1d19606c406acce891a38", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91416be09d220a3d288d3bbee27b3be5cb5694818db1d19606c406acce891a38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_patch_utils.py"}, "region": {"startLine": 490}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115527, "scanner": "repobility-ast-engine", "fingerprint": "c9fabb26228e04dc985c32cd0c27113525ae74f5aac780c04ab505c3f7aa270d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9fabb26228e04dc985c32cd0c27113525ae74f5aac780c04ab505c3f7aa270d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_utils/test_coordmanager_utils.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115521, "scanner": "repobility-ast-engine", "fingerprint": "468d53aa539d8279fd5f0cdcac364666e0cb32f3a99b1b2f287f23509873214c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|468d53aa539d8279fd5f0cdcac364666e0cb32f3a99b1b2f287f23509873214c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_patch.py"}, "region": {"startLine": 643}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115520, "scanner": "repobility-ast-engine", "fingerprint": "7fda7f929052399300b46da0f01d867dbf813c867b6f356cff4f2a62412ae19b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fda7f929052399300b46da0f01d867dbf813c867b6f356cff4f2a62412ae19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_patch.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115519, "scanner": "repobility-ast-engine", "fingerprint": "d1b39eb9a2580bd0802b1d4bdca0c4c09b916f446ac6caf31cd5b5f5d4b2d57b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1b39eb9a2580bd0802b1d4bdca0c4c09b916f446ac6caf31cd5b5f5d4b2d57b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_coords.py"}, "region": {"startLine": 1596}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115518, "scanner": "repobility-ast-engine", "fingerprint": "908ece9b10811b4c869fd5ab46666fe2cc6b0540d59344882febd954487b3d6a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|908ece9b10811b4c869fd5ab46666fe2cc6b0540d59344882febd954487b3d6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_coordmanager.py"}, "region": {"startLine": 1055}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115517, "scanner": "repobility-ast-engine", "fingerprint": "2249feb23eb0fbd025279ccf0a2bf34e3e5c6bcc9b17714e1ceaee677655968b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2249feb23eb0fbd025279ccf0a2bf34e3e5c6bcc9b17714e1ceaee677655968b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_coordmanager.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115516, "scanner": "repobility-ast-engine", "fingerprint": "3ac46205157bc7c4c339ad527f476a06fc3c102591441a70780845dd3bfb5b3e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ac46205157bc7c4c339ad527f476a06fc3c102591441a70780845dd3bfb5b3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_core/test_patch_chunk.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115510, "scanner": "repobility-ast-engine", "fingerprint": "fc3724cc6a3a35df2f114536985e790cae74c583c7954fb8cf7c68ad045efb03", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc3724cc6a3a35df2f114536985e790cae74c583c7954fb8cf7c68ad045efb03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_common_io.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `io` used but not imported"}, "properties": {"repobilityId": 115509, "scanner": "repobility-ast-engine", "fingerprint": "b696dbdf4df9586abf1bd31ac8edbf6141c75c048e1116962bfa194d51d66cb4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b696dbdf4df9586abf1bd31ac8edbf6141c75c048e1116962bfa194d51d66cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_io/test_common_io.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115508, "scanner": "repobility-ast-engine", "fingerprint": "866c7842d1c72d0e723eeae9a8a67144093c5d5d34bbfa8afba8424c3496bd9c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|866c7842d1c72d0e723eeae9a8a67144093c5d5d34bbfa8afba8424c3496bd9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_units.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `time` used but not imported"}, "properties": {"repobilityId": 115506, "scanner": "repobility-ast-engine", "fingerprint": "49d6730c0d9b9ab9f88812bb1404b8ffcf0dc1ea011c849128b99d9b39503c45", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49d6730c0d9b9ab9f88812bb1404b8ffcf0dc1ea011c849128b99d9b39503c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/test_patch_benchmarks.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `array` used but not imported"}, "properties": {"repobilityId": 115472, "scanner": "repobility-ast-engine", "fingerprint": "a1afb54312e9a1ff8d5d60901c7ab0a4469845d7b0dd0b500594b72035f8f0c0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1afb54312e9a1ff8d5d60901c7ab0a4469845d7b0dd0b500594b72035f8f0c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dascore/examples.py"}, "region": {"startLine": 95}}}]}]}]}