{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/369"}, "properties": {"repository": "superradcompany/microsandbox", "repoUrl": "https://github.com/superradcompany/microsandbox.git", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 11975, "scanner": "repobility-docker", "fingerprint": "50d1316aa3aec8bc7079c988273bc83d8f95d95e6e275abd3fea4a8527b14085", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|50d1316aa3aec8bc7079c988273bc83d8f95d95e6e275abd3fea4a8527b14085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 11966, "scanner": "repobility-threat-engine", "fingerprint": "2f0b1d9c5e337735b0ee6310702704a0fd7967e158861a27154aeef77de2f6b1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2f0b1d9c5e337735b0ee6310702704a0fd7967e158861a27154aeef77de2f6b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/bench_fs.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 11965, "scanner": "repobility-agent-runtime", "fingerprint": "d1eae15490e3c8cb827a737339e55e68be39e76896568fe779cce0849f41066e", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d1eae15490e3c8cb827a737339e55e68be39e76896568fe779cce0849f41066e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/getting-started/quickstart.mdx"}, "region": {"startLine": 41}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 11964, "scanner": "repobility-agent-runtime", "fingerprint": "c6cb6964e2368a0a8ab244a59794a4e29a9a5147da8ac205c162fcd3b9bce748", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c6cb6964e2368a0a8ab244a59794a4e29a9a5147da8ac205c162fcd3b9bce748"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/cli/overview.mdx"}, "region": {"startLine": 12}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 11963, "scanner": "repobility-agent-runtime", "fingerprint": "f6ca32c15221117a23f2bc341ebd5b305af840ef2dd6e364a66842863e93dd33", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f6ca32c15221117a23f2bc341ebd5b305af840ef2dd6e364a66842863e93dd33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11962, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcae959bb251862806fa54d6032f8eec4eb0a7a819381baf682efe45603170d1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/memfs/mod.rs", "duplicate_line": 132, "correlation_key": "fp|bcae959bb251862806fa54d6032f8eec4eb0a7a819381baf682efe45603170d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/passthroughfs/mod.rs"}, "region": {"startLine": 267}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "987bf4130a9b919c90ac2794e9b219e7b1020368e911da7e95efffb28dde8ea3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/passthroughfs/builder.rs", "duplicate_line": 90, "correlation_key": "fp|987bf4130a9b919c90ac2794e9b219e7b1020368e911da7e95efffb28dde8ea3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/passthroughfs/mod.rs"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3e88b2d572f563b484795f98c583417ac7c0b40de1a6aa30af37b9660d15ddd", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/memfs/metadata.rs", "duplicate_line": 123, "correlation_key": "fp|e3e88b2d572f563b484795f98c583417ac7c0b40de1a6aa30af37b9660d15ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/passthroughfs/metadata.rs"}, "region": {"startLine": 132}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5617757e9d8264554ad430d29a63e0c2bf8760453a0f32b45719009268a78296", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/dir_ops.rs", "duplicate_line": 168, "correlation_key": "fp|5617757e9d8264554ad430d29a63e0c2bf8760453a0f32b45719009268a78296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/passthroughfs/dir_ops.rs"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "523e315dda71c3539ba2c69a5e99e8a696449528a5dfc0844164836c8935e138", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/memfs/builder.rs", "duplicate_line": 42, "correlation_key": "fp|523e315dda71c3539ba2c69a5e99e8a696449528a5dfc0844164836c8935e138"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/passthroughfs/builder.rs"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05b60775b885cd4d7a067efd584abb16c9b35918a17068a15a07c49aaea347af", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/mod.rs", "duplicate_line": 178, "correlation_key": "fp|05b60775b885cd4d7a067efd584abb16c9b35918a17068a15a07c49aaea347af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/memfs/mod.rs"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ea7a97b594c94dce8b8b122cfbc5fda9b4050399981e628a698710e36af7db0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/dir_ops.rs", "duplicate_line": 168, "correlation_key": "fp|1ea7a97b594c94dce8b8b122cfbc5fda9b4050399981e628a698710e36af7db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/memfs/dir_ops.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "26172757a3ae8a01d7135e025d221b4c153d2e31ae9ea1ef93930099d707c4f3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/file_ops.rs", "duplicate_line": 300, "correlation_key": "fp|26172757a3ae8a01d7135e025d221b4c153d2e31ae9ea1ef93930099d707c4f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/dualfs/special.rs"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e06ce4e0cd720ce5d100e6b0110768f35122ea6ba0a52e444b98cdee517b1454", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/file_ops.rs", "duplicate_line": 327, "correlation_key": "fp|e06ce4e0cd720ce5d100e6b0110768f35122ea6ba0a52e444b98cdee517b1454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/dualfs/metadata.rs"}, "region": {"startLine": 194}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd4c2df3d9c1da19d7663894d7ced1116162dfe1682f3fe9cf1716351e1e201d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/filesystem/lib/backends/dualfs/create_ops.rs", "duplicate_line": 145, "correlation_key": "fp|bd4c2df3d9c1da19d7663894d7ced1116162dfe1682f3fe9cf1716351e1e201d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/filesystem/lib/backends/dualfs/lookup.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f418baefd2f8aeae867f1e48b78d22045cdd4d0b8c194c43734435e6a9fda852", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/db/lib/entity/run.rs", "duplicate_line": 27, "correlation_key": "fp|f418baefd2f8aeae867f1e48b78d22045cdd4d0b8c194c43734435e6a9fda852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/db/lib/entity/sandbox_metric.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ced5d9b1b7414169b2751e0e45f107822c827ae95188080db768cfe280d89bd", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/db/lib/entity/config.rs", "duplicate_line": 14, "correlation_key": "fp|3ced5d9b1b7414169b2751e0e45f107822c827ae95188080db768cfe280d89bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/db/lib/entity/image_ref.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 11974, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 11972, "scanner": "repobility-threat-engine", "fingerprint": "fb95ab50956d23046cec8030a670bfab1c46b2b20ed29c791f47df8ffdca9e12", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = sb.StopAndWait(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb95ab50956d23046cec8030a670bfab1c46b2b20ed29c791f47df8ffdca9e12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/go/examples/streaming/main.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 11971, "scanner": "repobility-threat-engine", "fingerprint": "100910d473df9e2e4ac2456f1f7dda20cd0b40eb9b86e95666d3ef0dc22bcb7f", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = sb.StopAndWait(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|100910d473df9e2e4ac2456f1f7dda20cd0b40eb9b86e95666d3ef0dc22bcb7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/go/examples/ports/main.go"}, "region": {"startLine": 50}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 11970, "scanner": "repobility-threat-engine", "fingerprint": "45b8ad7cc3f40265c54f61cb98810829a808997c5c4e9019f22caa853f254178", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.Remove(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|45b8ad7cc3f40265c54f61cb98810829a808997c5c4e9019f22caa853f254178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/go/setup.go"}, "region": {"startLine": 383}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 11973, "scanner": "repobility-threat-engine", "fingerprint": "069111f23d36bc8bf0988361c1723e0322165ca439dc9c9d2268210211ebc2d4", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|069111f23d36bc8bf0988361c1723e0322165ca439dc9c9d2268210211ebc2d4"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11969, "scanner": "repobility-threat-engine", "fingerprint": "a3525628898ffc8473959cefdecb56df6fb6d9f698e932ce297750e77648b50c", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Form field or UI element reference", "evidence": {"match": "print(f\"Guest env: API_KEY=<redacted>}\")", "reason": "Form field or UI element reference", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|2|print f guest env: api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/net-secrets/main.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11968, "scanner": "repobility-threat-engine", "fingerprint": "f8c73813491cce9aa8593cadd29bdc410e44b81df9db37b460892cac2af4009c", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "console.log(`config: ${config.stdout()", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|2|console.log config: config.stdout"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/typescript/rootfs-patch/main.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11967, "scanner": "repobility-threat-engine", "fingerprint": "eba2ccd473a2e07b60fd8187a35d83d125c2bd9a7089388a2ab99aa5d8edce71", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(`Guest env: API_KEY=<redacted>", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|console.log guest env: api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/typescript/net-secrets/main.ts"}, "region": {"startLine": 15}}}]}]}]}