{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 16 more): Same pattern found in 16 additional files. Review if nee", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 66 more): Same pattern found in 66 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 66 more): Same pattern found in 66 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w32-2493-32g7", "name": "yamux: GHSA-4w32-2493-32g7", "shortDescription": {"text": "yamux: GHSA-4w32-2493-32g7"}, "fullDescription": {"text": "Yamux vulnerable to remote Panic via malformed WindowUpdate credit"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vxx9-2994-q338", "name": "yamux: GHSA-vxx9-2994-q338", "shortDescription": {"text": "yamux: GHSA-vxx9-2994-q338"}, "fullDescription": {"text": "Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0114", "name": "wasmtime: RUSTSEC-2026-0114", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0114"}, "fullDescription": {"text": "Panic when allocating a table exceeding the size of the host's address space"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0094", "name": "wasmtime: RUSTSEC-2026-0094", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0094"}, "fullDescription": {"text": "Improperly masked return value from `table.grow` with Winch compiler backend"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0093", "name": "wasmtime: RUSTSEC-2026-0093", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0093"}, "fullDescription": {"text": "Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0092", "name": "wasmtime: RUSTSEC-2026-0092", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0092"}, "fullDescription": {"text": "Panic when transcoding misaligned component model UTF-16 strings"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0091", "name": "wasmtime: RUSTSEC-2026-0091", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0091"}, "fullDescription": {"text": "Out-of-bounds write or crash when transcoding component model strings"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0089", "name": "wasmtime: RUSTSEC-2026-0089", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0089"}, "fullDescription": {"text": "Host panic when Winch compiler executes `table.fill`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0088", "name": "wasmtime: RUSTSEC-2026-0088", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0088"}, "fullDescription": {"text": "Data leakage between pooling allocator instances"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0087", "name": "wasmtime: RUSTSEC-2026-0087", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0087"}, "fullDescription": {"text": "Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0086", "name": "wasmtime: RUSTSEC-2026-0086", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0086"}, "fullDescription": {"text": "Host data leakage with 64-bit tables and Winch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0085", "name": "wasmtime: RUSTSEC-2026-0085", "shortDescription": {"text": "wasmtime: RUSTSEC-2026-0085"}, "fullDescription": {"text": "Panic when lifting `flags` component value"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0049", "name": "rustls-webpki: RUSTSEC-2026-0049", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "fullDescription": {"text": "CRLs not considered authoritative by Distribution Point due to faulty matching logic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0104", "name": "rustls-webpki: RUSTSEC-2026-0104", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "fullDescription": {"text": "Reachable panic in certificate revocation list parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0099", "name": "rustls-webpki: RUSTSEC-2026-0099", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "fullDescription": {"text": "Name constraints were accepted for certificates asserting a wildcard name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0098", "name": "rustls-webpki: RUSTSEC-2026-0098", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "fullDescription": {"text": "Name constraints for URI names were incorrectly accepted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0134", "name": "rustls-pemfile: RUSTSEC-2025-0134", "shortDescription": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "fullDescription": {"text": "rustls-pemfile is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0010", "name": "ring: RUSTSEC-2025-0010", "shortDescription": {"text": "ring: RUSTSEC-2025-0010"}, "fullDescription": {"text": "Versions of *ring* prior to 0.17 are unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0009", "name": "ring: RUSTSEC-2025-0009", "shortDescription": {"text": "ring: RUSTSEC-2025-0009"}, "fullDescription": {"text": "Some AES functions may panic when overflow checking is enabled."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0002", "name": "lru: RUSTSEC-2026-0002", "shortDescription": {"text": "lru: RUSTSEC-2026-0002"}, "fullDescription": {"text": "`IterMut` violates Stacked Borrows by invalidating internal pointer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xqmp-fxgv-xvq5", "name": "libp2p-gossipsub: GHSA-xqmp-fxgv-xvq5", "shortDescription": {"text": "libp2p-gossipsub: GHSA-xqmp-fxgv-xvq5"}, "fullDescription": {"text": "libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gc42-3jg7-rxr2", "name": "libp2p-gossipsub: GHSA-gc42-3jg7-rxr2", "shortDescription": {"text": "libp2p-gossipsub: GHSA-gc42-3jg7-rxr2"}, "fullDescription": {"text": "Gossipsub PRUNE.backoff Duration Overflow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0384", "name": "instant: RUSTSEC-2024-0384", "shortDescription": {"text": "instant: RUSTSEC-2024-0384"}, "fullDescription": {"text": "`instant` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0119", "name": "hickory-proto: RUSTSEC-2026-0119", "shortDescription": {"text": "hickory-proto: RUSTSEC-2026-0119"}, "fullDescription": {"text": "CPU exhaustion during message encoding due to O(n\u00b2) name compression"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2pgj-5cv2-6xxw", "name": "fuel-vm: GHSA-2pgj-5cv2-6xxw", "shortDescription": {"text": "fuel-vm: GHSA-2pgj-5cv2-6xxw"}, "fullDescription": {"text": "FuelVM is vulnerable to heap memory allocation re-use bug"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0388", "name": "derivative: RUSTSEC-2024-0388", "shortDescription": {"text": "derivative: RUSTSEC-2024-0388"}, "fullDescription": {"text": "`derivative` is unmaintained; consider using an alternative"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0105", "name": "core2: RUSTSEC-2026-0105", "shortDescription": {"text": "core2: RUSTSEC-2026-0105"}, "fullDescription": {"text": "core2 is unmaintained, all versions yanked"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0089", "name": "atomic-polyfill: RUSTSEC-2023-0089", "shortDescription": {"text": "atomic-polyfill: RUSTSEC-2023-0089"}, "fullDescription": {"text": "atomic-polyfill is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0320", "name": "yaml-rust: RUSTSEC-2024-0320", "shortDescription": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "fullDescription": {"text": "yaml-rust is unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0055", "name": "tracing-subscriber: RUSTSEC-2025-0055", "shortDescription": {"text": "tracing-subscriber: RUSTSEC-2025-0055"}, "fullDescription": {"text": "Logging user input may result in poisoning logs with ANSI escape sequences"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0370", "name": "proc-macro-error: RUSTSEC-2024-0370", "shortDescription": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "fullDescription": {"text": "proc-macro-error is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p3hw-mv63-rf9w", "name": "gix-validate: GHSA-p3hw-mv63-rf9w", "shortDescription": {"text": "gix-validate: GHSA-p3hw-mv63-rf9w"}, "fullDescription": {"text": "gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0021", "name": "gix-features: RUSTSEC-2025-0021", "shortDescription": {"text": "gix-features: RUSTSEC-2025-0021"}, "fullDescription": {"text": "SHA-1 collision attacks are not detected"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0008", "name": "git2: RUSTSEC-2026-0008", "shortDescription": {"text": "git2: RUSTSEC-2026-0008"}, "fullDescription": {"text": "Potential undefined behavior when dereferencing Buf struct"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`", "shortDescription": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "fullDescription": {"text": "`uses: dtolnay/rust-toolchain@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:20.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:20.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-jhxm-h53p-jm7w", "name": "wasmtime: GHSA-jhxm-h53p-jm7w", "shortDescription": {"text": "wasmtime: GHSA-jhxm-h53p-jm7w"}, "fullDescription": {"text": "Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xx5w-cvp6-jv83", "name": "wasmtime: GHSA-xx5w-cvp6-jv83", "shortDescription": {"text": "wasmtime: GHSA-xx5w-cvp6-jv83"}, "fullDescription": {"text": "Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODSPEED_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/871"}, "properties": {"repository": "FuelLabs/sway", "repoUrl": "https://github.com/FuelLabs/sway", "branch": "master"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 79768, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Axum"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 79696, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 79695, "scanner": "repobility-docker", "fingerprint": "58d1fad5d41ecda6abde3cd0210986ce94d9f22256acf24c695aa9a3ef1a73c2", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|58d1fad5d41ecda6abde3cd0210986ce94d9f22256acf24c695aa9a3ef1a73c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 79694, "scanner": "repobility-docker", "fingerprint": "ae754050f60def0d4bf6fbe1df63e75d2a71d9d19960024861e953b49f6442b7", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 22 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 22, "correlation_key": "fp|ae754050f60def0d4bf6fbe1df63e75d2a71d9d19960024861e953b49f6442b7", "dependency_install_line": 23}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 79678, "scanner": "repobility-threat-engine", "fingerprint": "49f8617f1f4dfee1a17c2ffccd07b4fa9af03a0aa2a770cd0a6908fc77f5d48f", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ":exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|71|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/mod.rs"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 79677, "scanner": "repobility-threat-engine", "fingerprint": "c448131f8ac075c35063fe3751e80d9750490af56d17f647dd0a693b93b96a96", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|21|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/commands/show.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 79676, "scanner": "repobility-threat-engine", "fingerprint": "d24849f54c5bffa22d2aefd8c7280e1468c352c77f553a682c5df3eb09ad2a07", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|34|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/commands/check.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 79769, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Axum"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79623, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2aa5afa669dfef37971d42f6558803288490471ad434262cc82d5fa9fddfeb04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/metadata.rs", "duplicate_line": 341, "correlation_key": "fp|2aa5afa669dfef37971d42f6558803288490471ad434262cc82d5fa9fddfeb04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-ir/src/optimize/inline.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79622, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d0790e0289311e11707c4e472aadc48adc9a8b3a82f808bb4c4729d95fb111e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/semantic_analysis/symbol_resolve_context.rs", "duplicate_line": 88, "correlation_key": "fp|8d0790e0289311e11707c4e472aadc48adc9a8b3a82f808bb4c4729d95fb111e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/semantic_analysis/type_check_context.rs"}, "region": {"startLine": 274}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79621, "scanner": "repobility-ai-code-hygiene", "fingerprint": "989b44ab24d6901337941923036798cccdcde67cc454b69f1a5566ce88403951", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/semantic_analysis/module.rs", "duplicate_line": 93, "correlation_key": "fp|989b44ab24d6901337941923036798cccdcde67cc454b69f1a5566ce88403951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/semantic_analysis/type_check_analysis.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79620, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afba5cd0780eba2c855b6323f9f66cd5cf0b28a6b0387ae7f1483f190d120e5c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/semantic_analysis/ast_node/expression/typed_expression/struct_field_access.rs", "duplicate_line": 24, "correlation_key": "fp|afba5cd0780eba2c855b6323f9f66cd5cf0b28a6b0387ae7f1483f190d120e5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/semantic_analysis/ast_node/expression/typed_expression/tuple_index_access.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79619, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81240b2196fd6e148aee8efd50898023238c0b0260ad47459da8d7709a2794a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/semantic_analysis/ast_node/declaration/abi.rs", "duplicate_line": 332, "correlation_key": "fp|81240b2196fd6e148aee8efd50898023238c0b0260ad47459da8d7709a2794a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/semantic_analysis/ast_node/declaration/trait.rs"}, "region": {"startLine": 515}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79618, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2401491a7a99ee26160b965ab53b0518d47b5c6d6525bea763c3585ac54d69e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/language/ty/declaration/enum.rs", "duplicate_line": 95, "correlation_key": "fp|2401491a7a99ee26160b965ab53b0518d47b5c6d6525bea763c3585ac54d69e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/language/ty/declaration/struct.rs"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79617, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0b3a5e6067a0bb1db37066f639dc57ebbd29c985c1bad84df26ddfd92bda354", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/language/ty/declaration/configurable.rs", "duplicate_line": 88, "correlation_key": "fp|a0b3a5e6067a0bb1db37066f639dc57ebbd29c985c1bad84df26ddfd92bda354"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/language/ty/declaration/constant.rs"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79616, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77d5aeb98289a5ce68687fbe0fd01d27355e85c2320c4660614526ff40dd4518", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sway-core/src/decl_engine/id.rs", "duplicate_line": 28, "correlation_key": "fp|77d5aeb98289a5ce68687fbe0fd01d27355e85c2320c4660614526ff40dd4518"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/decl_engine/parsed_id.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79615, "scanner": "repobility-ai-code-hygiene", "fingerprint": "644d528e075c4ff765e8031a9325cfdc16ddd282fa64c631864547642b45d517", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forc/src/ops/forc_contract_id.rs", "duplicate_line": 44, "correlation_key": "fp|644d528e075c4ff765e8031a9325cfdc16ddd282fa64c631864547642b45d517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc/src/ops/forc_predicate_root.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79614, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25a50f8f6d325147646070dcf76c8422525abe80c35358bd40751973b9bdef1a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forc/src/cli/commands/test.rs", "duplicate_line": 275, "correlation_key": "fp|25a50f8f6d325147646070dcf76c8422525abe80c35358bd40751973b9bdef1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc/src/ops/forc_build.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 79613, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf91f9dff9144db070a771849db08ead46ed7e5115ca054cb524b27d082c62bf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "forc-plugins/forc-doc/src/render/index.rs", "duplicate_line": 109, "correlation_key": "fp|cf91f9dff9144db070a771849db08ead46ed7e5115ca054cb524b27d082c62bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/search.rs"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 79612, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c7a64ca18b275de74b7cd139826426f785ad037bc898b2bf9f481060e96de9b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1c7a64ca18b275de74b7cd139826426f785ad037bc898b2bf9f481060e96de9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-lsp/src/capabilities/code_actions/struct_decl/struct_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 79611, "scanner": "repobility-ai-code-hygiene", "fingerprint": "016a9bb797a7bb55fc54c84053de904f88ee0373476817f6d8a67d0e15bfca58", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|016a9bb797a7bb55fc54c84053de904f88ee0373476817f6d8a67d0e15bfca58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc/src/ops/forc_clean.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 79691, "scanner": "repobility-threat-engine", "fingerprint": "19f1e2c87365088c29067a3ef26a9dce7695c5cde6fe62b425d173983fee03f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19f1e2c87365088c29067a3ef26a9dce7695c5cde6fe62b425d173983fee03f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-utils/src/constants.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 79689, "scanner": "repobility-threat-engine", "fingerprint": "1cb5ed217e87be6c84bdb5e3c24c3f9cc66ae722407faace88de16fbe4994d3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1cb5ed217e87be6c84bdb5e3c24c3f9cc66ae722407faace88de16fbe4994d3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-ast/src/pattern.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 79688, "scanner": "repobility-threat-engine", "fingerprint": "0c414fe6b7da139e5d702e5c0d4cb1220c7316f8c2ac6edac20bec5c53a3ccef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c414fe6b7da139e5d702e5c0d4cb1220c7316f8c2ac6edac20bec5c53a3ccef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-test/src/ecal.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 79687, "scanner": "repobility-threat-engine", "fingerprint": "ef1b2d56a88f7f395a25262fc7ef033dfe4f43e37f78a6cc0460cd4e7e32ddc1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ef1b2d56a88f7f395a25262fc7ef033dfe4f43e37f78a6cc0460cd4e7e32ddc1", "aggregated_count": 12}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 79686, "scanner": "repobility-threat-engine", "fingerprint": "75884bf40de99eecb3924ed2f52303436f812c84e253eee599bd12f9e990f201", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75884bf40de99eecb3924ed2f52303436f812c84e253eee599bd12f9e990f201"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/abi_generation/evm_abi.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 79685, "scanner": "repobility-threat-engine", "fingerprint": "0d4592433876fa4d444db73ba11cc64e2831a4f679c0c61fc1f256401566456b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d4592433876fa4d444db73ba11cc64e2831a4f679c0c61fc1f256401566456b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-publish/src/forc_pub_client.rs"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 79684, "scanner": "repobility-threat-engine", "fingerprint": "6533113bdc15794979456ed80e577898db88612cf849d835b6707dc4b23100ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6533113bdc15794979456ed80e577898db88612cf849d835b6707dc4b23100ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-publish/src/error.rs"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 79683, "scanner": "repobility-threat-engine", "fingerprint": "dfdc63590a34c89a05d4027ebc97c0dc96c520971f72e978d1818aaac095f684", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfdc63590a34c89a05d4027ebc97c0dc96c520971f72e978d1818aaac095f684"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 79679, "scanner": "repobility-threat-engine", "fingerprint": "22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|22392344724895ffca9c480ac12c9c8fa4f96c0b988894fd81a0f35b89e7a613"}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "properties": {"repobilityId": 79666, "scanner": "repobility-threat-engine", "fingerprint": "16a942d2d2648c47b186659f4889c75b15a674030104c399d1ad2997d45e5cae", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|16a942d2d2648c47b186659f4889c75b15a674030104c399d1ad2997d45e5cae", "aggregated_count": 36}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 79665, "scanner": "repobility-threat-engine", "fingerprint": "d1cb677d404ccd3822eaa259487f8ba78d77627d11fa884d923d70a591b6c536", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1cb677d404ccd3822eaa259487f8ba78d77627d11fa884d923d70a591b6c536"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-pkg/src/manifest/build_profile.rs"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 79664, "scanner": "repobility-threat-engine", "fingerprint": "bdb63f06b456eb1cbc77624a5522e84d4a9f25b6cfaf44c872aee6dc2596f3fe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdb63f06b456eb1cbc77624a5522e84d4a9f25b6cfaf44c872aee6dc2596f3fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/scripts/check-forc-manifest-version/src/main.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 79663, "scanner": "repobility-threat-engine", "fingerprint": "5348ac69af33b1d78e3affee46fa612d8d2519f799ec6295c22b5f1fd0db05e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5348ac69af33b1d78e3affee46fa612d8d2519f799ec6295c22b5f1fd0db05e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/scripts/check-dep-versions/src/main.rs"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 66 more): Same pattern found in 66 additional files. Review if needed."}, "properties": {"repobilityId": 79662, "scanner": "repobility-threat-engine", "fingerprint": "20a134b4090cf77f192ccd5d495a8741fef35539f0b00d6e4ecaafbf94afb0d2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 66 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|20a134b4090cf77f192ccd5d495a8741fef35539f0b00d6e4ecaafbf94afb0d2", "aggregated_count": 66}}}, {"ruleId": "GHSA-4w32-2493-32g7", "level": "error", "message": {"text": "yamux: GHSA-4w32-2493-32g7"}, "properties": {"repobilityId": 79767, "scanner": "osv-scanner", "fingerprint": "00f63b59244f0f01115ba9bae7601ff3f853c844a8b999970efe527fbf9f2878", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31814"], "package": "yamux", "rule_id": "GHSA-4w32-2493-32g7", "scanner": "osv-scanner", "correlation_key": "vuln|yamux|CVE-2026-31814|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vxx9-2994-q338", "level": "error", "message": {"text": "yamux: GHSA-vxx9-2994-q338"}, "properties": {"repobilityId": 79766, "scanner": "osv-scanner", "fingerprint": "3bb39d0f3600e4f95c4ae7f2dc2d9730930680d03ef781a0b643f17845b87256", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32314"], "package": "yamux", "rule_id": "GHSA-vxx9-2994-q338", "scanner": "osv-scanner", "correlation_key": "vuln|yamux|CVE-2026-32314|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0114", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0114"}, "properties": {"repobilityId": 79765, "scanner": "osv-scanner", "fingerprint": "a422c9d49ef8f5ecebfae4fa9cf5e40b8d0c12902bb4197238ef55d6c3b00083", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44216", "GHSA-p8xm-42r7-89xg"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0114", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-44216|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-p8xm-42r7-89xg", "RUSTSEC-2026-0114"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1bb2a7b7ba4e4a24178a6bc7695efa333ef5c9746fe9386800920f1c497f469a", "a422c9d49ef8f5ecebfae4fa9cf5e40b8d0c12902bb4197238ef55d6c3b00083"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0094", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0094"}, "properties": {"repobilityId": 79762, "scanner": "osv-scanner", "fingerprint": "523e2ae3563392b792f46987401ccac6aa42c2620ec78c28c6c2000ca7632ab5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-35186", "GHSA-f984-pcp8-v2p7"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0094", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-35186|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f984-pcp8-v2p7", "RUSTSEC-2026-0094"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["523e2ae3563392b792f46987401ccac6aa42c2620ec78c28c6c2000ca7632ab5", "b38941985fd2d7fc4e6751ff1383d605c1a2cb4bf805536ae3d39813218d9e1b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0093", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0093"}, "properties": {"repobilityId": 79761, "scanner": "osv-scanner", "fingerprint": "996b3c474544589291e268205e2283d53e1abd1d10a007601da8a06485a6d201", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34941", "GHSA-hx6p-xpx3-jvvv"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0093", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34941|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hx6p-xpx3-jvvv", "RUSTSEC-2026-0093"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["662438c729663951e1ad7e39d871b35e91d945d0813722a79890cf19ffc7088e", "996b3c474544589291e268205e2283d53e1abd1d10a007601da8a06485a6d201"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0092", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0092"}, "properties": {"repobilityId": 79760, "scanner": "osv-scanner", "fingerprint": "7651c41ce823c8c2cb05fe00cbbbb966444d46d391f1086eb690b7d3c639c5c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34942", "GHSA-jxhv-7h78-9775"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0092", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34942|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jxhv-7h78-9775", "RUSTSEC-2026-0092"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7651c41ce823c8c2cb05fe00cbbbb966444d46d391f1086eb690b7d3c639c5c0", "7b964f867f518c4ae8034e553d5b5db90da71f5c40f6c16f39ea32c097ddd652"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0091", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0091"}, "properties": {"repobilityId": 79759, "scanner": "osv-scanner", "fingerprint": "ae36a31ad5fdc9a1a7c91f863d8b190fa47109cdaa5ff6b1f9ce78233fdbd438", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-35195", "GHSA-394w-hwhg-8vgm"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0091", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-35195|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-394w-hwhg-8vgm", "RUSTSEC-2026-0091"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["87911fdac51795a2943a2db2dae7b46e27eed1506a569d0136b70505ad17738b", "ae36a31ad5fdc9a1a7c91f863d8b190fa47109cdaa5ff6b1f9ce78233fdbd438"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0089", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0089"}, "properties": {"repobilityId": 79758, "scanner": "osv-scanner", "fingerprint": "f56cafd2a71f1ddf27d772779960acffdd8ffbd2693627787214c818d04f2b94", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34946", "GHSA-q49f-xg75-m9xw"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0089", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34946|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-q49f-xg75-m9xw", "RUSTSEC-2026-0089"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["64a4741e95cbae2337854e1c6b2c61cd98f57d4f3382a1ca41dba7ea3c45a61e", "f56cafd2a71f1ddf27d772779960acffdd8ffbd2693627787214c818d04f2b94"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0088", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0088"}, "properties": {"repobilityId": 79757, "scanner": "osv-scanner", "fingerprint": "79d34f0440bff06627565a71fac46a0665d63e36050327d863ff1567a884023f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34988", "GHSA-6wgr-89rj-399p"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0088", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34988|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6wgr-89rj-399p", "RUSTSEC-2026-0088"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["79d34f0440bff06627565a71fac46a0665d63e36050327d863ff1567a884023f", "7c87c7186a9b7477eba48b59998070ac26116213828930561aa67dc7054c3602"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0087", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0087"}, "properties": {"repobilityId": 79756, "scanner": "osv-scanner", "fingerprint": "561e83c29fb1d680279766ca2667a84a33ea0c6407b5d5223473bd53dcea405e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34944", "GHSA-qqfj-4vcm-26hv"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0087", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34944|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qqfj-4vcm-26hv", "RUSTSEC-2026-0087"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["561e83c29fb1d680279766ca2667a84a33ea0c6407b5d5223473bd53dcea405e", "e014a3e049102d89c16ac25279dc7068f8e8901b4e26bebce1341cdc40dc2a17"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0086", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0086"}, "properties": {"repobilityId": 79755, "scanner": "osv-scanner", "fingerprint": "2ebacf685110ce8858369375d3a986659d675c516e0bd15ef12ff7dd7cb23329", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34945", "GHSA-m9w2-8782-2946"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0086", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34945|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m9w2-8782-2946", "RUSTSEC-2026-0086"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2ebacf685110ce8858369375d3a986659d675c516e0bd15ef12ff7dd7cb23329", "9ffaf3b13765d62782dea5387d16faba008430d825d4609aeadc98f32247795e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0085", "level": "error", "message": {"text": "wasmtime: RUSTSEC-2026-0085"}, "properties": {"repobilityId": 79754, "scanner": "osv-scanner", "fingerprint": "9e575bef35acc9ca810c35fcd9546fdcfc5272b4ddb328f75a44efadc363d292", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34943", "GHSA-m758-wjhj-p3jq"], "package": "wasmtime", "rule_id": "RUSTSEC-2026-0085", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34943|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m758-wjhj-p3jq", "RUSTSEC-2026-0085"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1e7c489d2c81376ee349d6f67f85c831d82cdc6018d70b1cfafa8b6fc6bc0c53", "9e575bef35acc9ca810c35fcd9546fdcfc5272b4ddb328f75a44efadc363d292"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0049", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "properties": {"repobilityId": 79753, "scanner": "osv-scanner", "fingerprint": "72e7c930b0d090b2e207f632345c48469f8715bfa144d638ad19f4e1030b7677", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-pwjx-qhcg-rvj4"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0049", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-PWJX-QHCG-RVJ4|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjx-qhcg-rvj4", "RUSTSEC-2026-0049"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["12f898a8b089dcfecee8d06cd1495a8170b9ee689d4308b214a47ed77e6989b2", "72e7c930b0d090b2e207f632345c48469f8715bfa144d638ad19f4e1030b7677"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 79752, "scanner": "osv-scanner", "fingerprint": "411419da8ec546a22cae256380cf9ef3d86007cada1cbfc4cdd7f9b2297adc50", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["411419da8ec546a22cae256380cf9ef3d86007cada1cbfc4cdd7f9b2297adc50", "9f061b7604eb542b1ce76ed900a05acf62de5dd0364672cb56b94f2f98d18129"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 79751, "scanner": "osv-scanner", "fingerprint": "7a5221ddaeedc08591a6bc02bd6094fac7b5c244560362da5e310f7c0d6fa643", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["20214dc3d87d7f4e5d717f126ee352a7363e645995807af53bd5ce7ce9b900bd", "7a5221ddaeedc08591a6bc02bd6094fac7b5c244560362da5e310f7c0d6fa643"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 79750, "scanner": "osv-scanner", "fingerprint": "52944b1f1439032b8f788ce20906a7169152e7a6838a98ec7be46b53000a7ec7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["52944b1f1439032b8f788ce20906a7169152e7a6838a98ec7be46b53000a7ec7", "6282db0d2ec399600d096b834295264ed90b299bf4a3975c4a8fa29f38667daa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0134", "level": "error", "message": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "properties": {"repobilityId": 79749, "scanner": "osv-scanner", "fingerprint": "d92b9b5ead025dfe4f391367ee3e0dfae1940921dfcf216389ff4107350626d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rustls-pemfile", "rule_id": "RUSTSEC-2025-0134", "scanner": "osv-scanner", "correlation_key": "fp|d92b9b5ead025dfe4f391367ee3e0dfae1940921dfcf216389ff4107350626d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0010", "level": "error", "message": {"text": "ring: RUSTSEC-2025-0010"}, "properties": {"repobilityId": 79748, "scanner": "osv-scanner", "fingerprint": "87726a8b805897780012e90cc33612d81a3b2493375a943d52f0a46271f4c2c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "ring", "rule_id": "RUSTSEC-2025-0010", "scanner": "osv-scanner", "correlation_key": "fp|87726a8b805897780012e90cc33612d81a3b2493375a943d52f0a46271f4c2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0009", "level": "error", "message": {"text": "ring: RUSTSEC-2025-0009"}, "properties": {"repobilityId": 79747, "scanner": "osv-scanner", "fingerprint": "83d993322b5854fa2d2c21c849d430b6a9915e2483d5b7d360f5524d549aa024", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-4432", "GHSA-4p46-pwfr-66x6", "GHSA-c86p-w88r-qvqr", "GO-2025-3678"], "package": "ring", "rule_id": "RUSTSEC-2025-0009", "scanner": "osv-scanner", "correlation_key": "vuln|ring|CVE-2025-4432|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4p46-pwfr-66x6", "RUSTSEC-2025-0009"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1bdbe75cea3b2d4369cabaab6a00fbc2d6633c48f7af77af0f737054c0b35764", "83d993322b5854fa2d2c21c849d430b6a9915e2483d5b7d360f5524d549aa024"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 79746, "scanner": "osv-scanner", "fingerprint": "98d11b297b6f431b5c4f3ee46379a0a383f1c36f634417d3a7b3c5d80066340d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["98d11b297b6f431b5c4f3ee46379a0a383f1c36f634417d3a7b3c5d80066340d", "de29d085c5234e587a40e18d1d7f237eec63b43e6f349c88efa44090d1b78188"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 79745, "scanner": "osv-scanner", "fingerprint": "af6e3d01e4e36fd596f09d06f62bb766c5d23868eadf843635a89615b2657fc0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|af6e3d01e4e36fd596f09d06f62bb766c5d23868eadf843635a89615b2657fc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0002", "level": "error", "message": {"text": "lru: RUSTSEC-2026-0002"}, "properties": {"repobilityId": 79744, "scanner": "osv-scanner", "fingerprint": "a69eeb664bb0b74fa6cebbbcc0efd2162626bed83b8c93184d44acac75b65ae3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-rhfx-m35p-ff5j"], "package": "lru", "rule_id": "RUSTSEC-2026-0002", "scanner": "osv-scanner", "correlation_key": "vuln|lru|GHSA-RHFX-M35P-FF5J|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rhfx-m35p-ff5j", "RUSTSEC-2026-0002"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["223b547cade4b6cfd3d74bf3278c66ab43db79445e6945c05221c504e8a7b0fb", "a69eeb664bb0b74fa6cebbbcc0efd2162626bed83b8c93184d44acac75b65ae3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xqmp-fxgv-xvq5", "level": "error", "message": {"text": "libp2p-gossipsub: GHSA-xqmp-fxgv-xvq5"}, "properties": {"repobilityId": 79743, "scanner": "osv-scanner", "fingerprint": "b48467888a22374bb7854ff26f040125e42c8630be4faa35f5a8771bb6e3ea1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34219"], "package": "libp2p-gossipsub", "rule_id": "GHSA-xqmp-fxgv-xvq5", "scanner": "osv-scanner", "correlation_key": "vuln|libp2p-gossipsub|CVE-2026-34219|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gc42-3jg7-rxr2", "level": "error", "message": {"text": "libp2p-gossipsub: GHSA-gc42-3jg7-rxr2"}, "properties": {"repobilityId": 79742, "scanner": "osv-scanner", "fingerprint": "47922901c925c37254f8120db2a6083983437cdafced1089fb9156b63c7b6b40", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33040"], "package": "libp2p-gossipsub", "rule_id": "GHSA-gc42-3jg7-rxr2", "scanner": "osv-scanner", "correlation_key": "vuln|libp2p-gossipsub|CVE-2026-33040|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0384", "level": "error", "message": {"text": "instant: RUSTSEC-2024-0384"}, "properties": {"repobilityId": 79741, "scanner": "osv-scanner", "fingerprint": "b10fbfcd0d52c85b4b50e9f0ba45efba3f85ab063615b73ebba7a10abb19e0fb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "instant", "rule_id": "RUSTSEC-2024-0384", "scanner": "osv-scanner", "correlation_key": "fp|b10fbfcd0d52c85b4b50e9f0ba45efba3f85ab063615b73ebba7a10abb19e0fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0119", "level": "error", "message": {"text": "hickory-proto: RUSTSEC-2026-0119"}, "properties": {"repobilityId": 79740, "scanner": "osv-scanner", "fingerprint": "14e454913ecc5b95c4a92b175d9ee2d926ec11b44718cf5b64240dfdf9bdfec8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-q2qq-hmj6-3wpp"], "package": "hickory-proto", "rule_id": "RUSTSEC-2026-0119", "scanner": "osv-scanner", "correlation_key": "vuln|hickory-proto|GHSA-Q2QQ-HMJ6-3WPP|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-q2qq-hmj6-3wpp", "RUSTSEC-2026-0119"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["14e454913ecc5b95c4a92b175d9ee2d926ec11b44718cf5b64240dfdf9bdfec8", "f8d573d70215942fed3372ac1e89ff6bd1bb60e82b030128cba6bf0b58358d5a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2pgj-5cv2-6xxw", "level": "error", "message": {"text": "fuel-vm: GHSA-2pgj-5cv2-6xxw"}, "properties": {"repobilityId": 79739, "scanner": "osv-scanner", "fingerprint": "e4bd227453837ba0cccba232a1a245bc332fd527a1c3afe811db7b4833189ec9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fuel-vm", "rule_id": "GHSA-2pgj-5cv2-6xxw", "scanner": "osv-scanner", "correlation_key": "vuln|fuel-vm|GHSA-2PGJ-5CV2-6XXW|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0388", "level": "error", "message": {"text": "derivative: RUSTSEC-2024-0388"}, "properties": {"repobilityId": 79738, "scanner": "osv-scanner", "fingerprint": "0ba5942afb44faed459185389dd9491d650fa7a3696550b7ea6814f6419cb49e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "derivative", "rule_id": "RUSTSEC-2024-0388", "scanner": "osv-scanner", "correlation_key": "fp|0ba5942afb44faed459185389dd9491d650fa7a3696550b7ea6814f6419cb49e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0105", "level": "error", "message": {"text": "core2: RUSTSEC-2026-0105"}, "properties": {"repobilityId": 79737, "scanner": "osv-scanner", "fingerprint": "2e34e85f98c68e08435c3712c941bf5ace3014574d31e28f0fca0d10c2bdaaf8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "core2", "rule_id": "RUSTSEC-2026-0105", "scanner": "osv-scanner", "correlation_key": "fp|2e34e85f98c68e08435c3712c941bf5ace3014574d31e28f0fca0d10c2bdaaf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0089", "level": "error", "message": {"text": "atomic-polyfill: RUSTSEC-2023-0089"}, "properties": {"repobilityId": 79736, "scanner": "osv-scanner", "fingerprint": "762863420d391bc28f6df1fd612f6fee094576a4137e26c7287299cbf93d3441", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atomic-polyfill", "rule_id": "RUSTSEC-2023-0089", "scanner": "osv-scanner", "correlation_key": "fp|762863420d391bc28f6df1fd612f6fee094576a4137e26c7287299cbf93d3441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0320", "level": "error", "message": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "properties": {"repobilityId": 79735, "scanner": "osv-scanner", "fingerprint": "70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "yaml-rust", "rule_id": "RUSTSEC-2024-0320", "scanner": "osv-scanner", "correlation_key": "fp|70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0055", "level": "error", "message": {"text": "tracing-subscriber: RUSTSEC-2025-0055"}, "properties": {"repobilityId": 79734, "scanner": "osv-scanner", "fingerprint": "382c2e6bf380a1b7402058788d5b4c01a3bc24ca705aff7ee84bc92483bc38d1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58160", "GHSA-xwfj-jgwm-7wp5"], "package": "tracing-subscriber", "rule_id": "RUSTSEC-2025-0055", "scanner": "osv-scanner", "correlation_key": "vuln|tracing-subscriber|CVE-2025-58160|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xwfj-jgwm-7wp5", "RUSTSEC-2025-0055"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["382c2e6bf380a1b7402058788d5b4c01a3bc24ca705aff7ee84bc92483bc38d1", "421e2ded1a3973c135ca2b34d9f5ceabf14f26ee72a5d93fdb9a429b39db56cd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 79733, "scanner": "osv-scanner", "fingerprint": "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["476482283f7b4bf24cebe63c772832bbcbb2a342714f10bd108d0c5c67b78813", "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 79732, "scanner": "osv-scanner", "fingerprint": "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2a5659d7cbd0bb9dfc9d2adea8035c41fc228507431bf1ff230640799fbb9dc2", "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 79731, "scanner": "osv-scanner", "fingerprint": "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4e353f860af1fd9047341f396e862081c6c9d858904293310e34f17a61d47c4c", "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0134", "level": "error", "message": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "properties": {"repobilityId": 79730, "scanner": "osv-scanner", "fingerprint": "16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rustls-pemfile", "rule_id": "RUSTSEC-2025-0134", "scanner": "osv-scanner", "correlation_key": "fp|16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0370", "level": "error", "message": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "properties": {"repobilityId": 79729, "scanner": "osv-scanner", "fingerprint": "479281b680a3742dad2f7a7c69c0da3e0c7676004685623da1f79bbaa167eba8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "proc-macro-error", "rule_id": "RUSTSEC-2024-0370", "scanner": "osv-scanner", "correlation_key": "fp|479281b680a3742dad2f7a7c69c0da3e0c7676004685623da1f79bbaa167eba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 79728, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p3hw-mv63-rf9w", "level": "error", "message": {"text": "gix-validate: GHSA-p3hw-mv63-rf9w"}, "properties": {"repobilityId": 79727, "scanner": "osv-scanner", "fingerprint": "eab08b285b2dbd701691f969b56f4e191bfc411b6e64890bc5ce1f4a78e6668e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gix-validate", "rule_id": "GHSA-p3hw-mv63-rf9w", "scanner": "osv-scanner", "correlation_key": "vuln|gix-validate|GHSA-P3HW-MV63-RF9W|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0021", "level": "error", "message": {"text": "gix-features: RUSTSEC-2025-0021"}, "properties": {"repobilityId": 79726, "scanner": "osv-scanner", "fingerprint": "952a53188b530ca12e364cc25ab293c888514e59acf1869e1eca0532a380d12a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-31130", "GHSA-2frx-2596-x5r6"], "package": "gix-features", "rule_id": "RUSTSEC-2025-0021", "scanner": "osv-scanner", "correlation_key": "vuln|gix-features|CVE-2025-31130|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-2frx-2596-x5r6", "RUSTSEC-2025-0021"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["952a53188b530ca12e364cc25ab293c888514e59acf1869e1eca0532a380d12a", "deb477aa31f7f3d0b1da674dd82d98d449d15adda70710f432fb3018d798aa2f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0008", "level": "error", "message": {"text": "git2: RUSTSEC-2026-0008"}, "properties": {"repobilityId": 79725, "scanner": "osv-scanner", "fingerprint": "40f966496c85d57e0ad0968e7a900247bd8285adf9ed2d82319ad1bd91d679b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-j39j-6gw9-jw6h"], "package": "git2", "rule_id": "RUSTSEC-2026-0008", "scanner": "osv-scanner", "correlation_key": "vuln|git2|GHSA-J39J-6GW9-JW6H|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j39j-6gw9-jw6h", "RUSTSEC-2026-0008"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["40f966496c85d57e0ad0968e7a900247bd8285adf9ed2d82319ad1bd91d679b9", "76dc259bc1562ecb96657ef429b1237ce54834c8f34de36cf36992d51e1436ae"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0388", "level": "error", "message": {"text": "derivative: RUSTSEC-2024-0388"}, "properties": {"repobilityId": 79724, "scanner": "osv-scanner", "fingerprint": "547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "derivative", "rule_id": "RUSTSEC-2024-0388", "scanner": "osv-scanner", "correlation_key": "fp|547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 79723, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0089", "level": "error", "message": {"text": "atomic-polyfill: RUSTSEC-2023-0089"}, "properties": {"repobilityId": 79722, "scanner": "osv-scanner", "fingerprint": "1991318cef9b21100b7e75de38d03ee15dc9e29ccf26325777d5b4f7a61d54b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atomic-polyfill", "rule_id": "RUSTSEC-2023-0089", "scanner": "osv-scanner", "correlation_key": "fp|1991318cef9b21100b7e75de38d03ee15dc9e29ccf26325777d5b4f7a61d54b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 79693, "scanner": "repobility-docker", "fingerprint": "c9098628ec4935ee924d562e57aeea82bb26edc55ec0d2edd86d2c7776bd96e0", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c9098628ec4935ee924d562e57aeea82bb26edc55ec0d2edd86d2c7776bd96e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 79692, "scanner": "repobility-docker", "fingerprint": "d5b7b5ce4856df276f1f5eab0a468360b0afdac282ad0a5f311f36edc4bcae52", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d5b7b5ce4856df276f1f5eab0a468360b0afdac282ad0a5f311f36edc4bcae52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 79690, "scanner": "repobility-threat-engine", "fingerprint": "d5c5502e9d89ca8f373da122313f7b9bceaf8826a19117ac1fe20a26ccbe481a", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(&self, params: DidOpenTextDocumentParams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|sway-lsp/src/server.rs|41|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-lsp/src/server.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 79682, "scanner": "repobility-threat-engine", "fingerprint": "04fc23630824c211b67d8916acceca91aca068fa864fc0b65b544d424aa1d8b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|04fc23630824c211b67d8916acceca91aca068fa864fc0b65b544d424aa1d8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/mod.rs"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 79681, "scanner": "repobility-threat-engine", "fingerprint": "4e8ba6d97c32ee3875acc0f9712aab1a8dde754c21980e732549dede8a79a129", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(_command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e8ba6d97c32ee3875acc0f9712aab1a8dde754c21980e732549dede8a79a129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/commands/show.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 79680, "scanner": "repobility-threat-engine", "fingerprint": "bb831b1828ef91c32d77c8c8574185c1d7b418f089456dbe76b8a087f343b87d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bb831b1828ef91c32d77c8c8574185c1d7b418f089456dbe76b8a087f343b87d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-migrate/src/cli/commands/check.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 79675, "scanner": "repobility-threat-engine", "fingerprint": "28a11978b1ca88fa7ae18272f4fca131599669bfc9c9ccc3eea54e3c6cf3801b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28a11978b1ca88fa7ae18272f4fca131599669bfc9c9ccc3eea54e3c6cf3801b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/title.rs"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79674, "scanner": "repobility-threat-engine", "fingerprint": "a146ae9df165d956b9df95d7098d826e66678e811c38736241cbacc216b679f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(string);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a146ae9df165d956b9df95d7098d826e66678e811c38736241cbacc216b679f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-core/src/types/collect_types_metadata.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79673, "scanner": "repobility-threat-engine", "fingerprint": "c45a406e9458e97cb4259c35c4e0961e4375a01022ed911fd080b9b911296f21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(raw);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c45a406e9458e97cb4259c35c4e0961e4375a01022ed911fd080b9b911296f21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-util/src/bytecode.rs"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79672, "scanner": "repobility-threat-engine", "fingerprint": "636777b33c9b1066052f3eb72095a69dd82a22b141f206adc634bdfec1ab5149", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url.searchParams.delete('search');", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|636777b33c9b1066052f3eb72095a69dd82a22b141f206adc634bdfec1ab5149"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/search.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 79671, "scanner": "repobility-threat-engine", "fingerprint": "5f0cab364e87e838f7088ebf716c6eef9869c54564e1c8c49da49cec93363542", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `${{header}}<table>${{resultList}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f0cab364e87e838f7088ebf716c6eef9869c54564e1c8c49da49cec93363542"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/search.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79670, "scanner": "repobility-threat-engine", "fingerprint": "0c552f3a3a7f1d3f9170a940054edb42aaec6f25cc0c2b49a24f7c8ad5b693ab", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0c552f3a3a7f1d3f9170a940054edb42aaec6f25cc0c2b49a24f7c8ad5b693ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-lsp/src/utils/document.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79669, "scanner": "repobility-threat-engine", "fingerprint": "d666cb73bf8d2cd75e82a617e07df636a816c5a797d9352ef28c46e114adfc92", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d666cb73bf8d2cd75e82a617e07df636a816c5a797d9352ef28c46e114adfc92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-lsp/src/capabilities/rename.rs"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 79668, "scanner": "repobility-threat-engine", "fingerprint": "0e316db247dcdaadafb5f99a7e99f56b1fd829bc8066cc1927a300f5beec30dd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0e316db247dcdaadafb5f99a7e99f56b1fd829bc8066cc1927a300f5beec30dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/search.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 79667, "scanner": "repobility-threat-engine", "fingerprint": "77d9ed413bd4b796a16ae22ec96cead4aa17b72af96e9faedcfa40bd32996d0a", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|58|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-doc/src/render/search.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 79661, "scanner": "repobility-threat-engine", "fingerprint": "40a1d5e6baaaaf4a21aaa882be56f53833adf71387e9ac0aa47b6cf5ebaf08d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40a1d5e6baaaaf4a21aaa882be56f53833adf71387e9ac0aa47b6cf5ebaf08d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-debug/src/server/handlers/handle_set_breakpoints.rs"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 79660, "scanner": "repobility-threat-engine", "fingerprint": "ebb7ba1e1f375360448aabe0a49075b8f7e759c7bc6aa8d188d5e9667a7a6ad5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebb7ba1e1f375360448aabe0a49075b8f7e759c7bc6aa8d188d5e9667a7a6ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "forc-plugins/forc-debug/src/server/handlers/handle_breakpoint_locations.rs"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 79659, "scanner": "repobility-threat-engine", "fingerprint": "cec2e4afbc832400f35e90045bfc582576cf093c822526f9cc118c5c3e0c1ee8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cec2e4afbc832400f35e90045bfc582576cf093c822526f9cc118c5c3e0c1ee8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/scripts/check-dep-versions/src/main.rs"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 79650, "scanner": "repobility-supply-chain", "fingerprint": "9540c07bb9d18c6626e9ca11fd8bf4585b38194c52eff5d6b04d6101ea021f1f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9540c07bb9d18c6626e9ca11fd8bf4585b38194c52eff5d6b04d6101ea021f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79649, "scanner": "repobility-supply-chain", "fingerprint": "5289d9ea7b8798857c5aaca04ac3f42e11ac0327bf845a5083489adb6503717e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5289d9ea7b8798857c5aaca04ac3f42e11ac0327bf845a5083489adb6503717e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 79648, "scanner": "repobility-supply-chain", "fingerprint": "0baba06f3743e7c942cf0ee157cf43d0835ef58ec767c7031be55724d603276f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0baba06f3743e7c942cf0ee157cf43d0835ef58ec767c7031be55724d603276f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 79647, "scanner": "repobility-supply-chain", "fingerprint": "477066ca840a92245b12041189691e18bafcb9f3be373f8c6d39dda6825dcb4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|477066ca840a92245b12041189691e18bafcb9f3be373f8c6d39dda6825dcb4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79646, "scanner": "repobility-supply-chain", "fingerprint": "dc0462fb64d9e9d196cb5b9e332fc5f4a23eef8ad93bc042f43446d38e65b72f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc0462fb64d9e9d196cb5b9e332fc5f4a23eef8ad93bc042f43446d38e65b72f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 79645, "scanner": "repobility-supply-chain", "fingerprint": "bdd04e599c443d3a10d6e9cb0a964ef6d6201db1c1f9681f554a050da7df9c53", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bdd04e599c443d3a10d6e9cb0a964ef6d6201db1c1f9681f554a050da7df9c53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 79644, "scanner": "repobility-supply-chain", "fingerprint": "0c13b5086e38d22f065a393ea93e087f864bdb141b8ebbe9863918c26413087c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c13b5086e38d22f065a393ea93e087f864bdb141b8ebbe9863918c26413087c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79643, "scanner": "repobility-supply-chain", "fingerprint": "e5003de58f369002bbf2e84371e339d921c73cbc321e3b27967df49edb3ceb0b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e5003de58f369002bbf2e84371e339d921c73cbc321e3b27967df49edb3ceb0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79642, "scanner": "repobility-supply-chain", "fingerprint": "51ddb2a06e18be566d7b973570f50c14a5215d44e3cbfde3a2bad8885cc8ffa8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51ddb2a06e18be566d7b973570f50c14a5215d44e3cbfde3a2bad8885cc8ffa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79641, "scanner": "repobility-supply-chain", "fingerprint": "31a866e47828acb6305ad18fc9a3dbdb5c3d38351cbb415a0bdf0451575612c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31a866e47828acb6305ad18fc9a3dbdb5c3d38351cbb415a0bdf0451575612c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79640, "scanner": "repobility-supply-chain", "fingerprint": "fd7dfbdf37f47a747e351a88bb7173fc9fa4b0c49aa452f4476230891dfb937e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd7dfbdf37f47a747e351a88bb7173fc9fa4b0c49aa452f4476230891dfb937e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79639, "scanner": "repobility-supply-chain", "fingerprint": "8e96779ffcf47b239f94e03abac5db32e3a2c07bf1aeb6f18c9e7ca5a2001d96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e96779ffcf47b239f94e03abac5db32e3a2c07bf1aeb6f18c9e7ca5a2001d96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79638, "scanner": "repobility-supply-chain", "fingerprint": "5247d5778d9d95177b28e10911c096db2fe7a961f8f9793a9fddc07937c88806", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5247d5778d9d95177b28e10911c096db2fe7a961f8f9793a9fddc07937c88806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79637, "scanner": "repobility-supply-chain", "fingerprint": "1095f7ebbb1524f1cbf59396368f615543e2a88c29c03f9be0874f39c1c72fc4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1095f7ebbb1524f1cbf59396368f615543e2a88c29c03f9be0874f39c1c72fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79636, "scanner": "repobility-supply-chain", "fingerprint": "ddc4e9066ec38868576dd793a03302312eccc4fb890252f3fec03b8e09847bdb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ddc4e9066ec38868576dd793a03302312eccc4fb890252f3fec03b8e09847bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79635, "scanner": "repobility-supply-chain", "fingerprint": "eec040a65607826a2389b4239d12dbe8ac83f65db9d47c25f982d3aaa87afef5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eec040a65607826a2389b4239d12dbe8ac83f65db9d47c25f982d3aaa87afef5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 79634, "scanner": "repobility-supply-chain", "fingerprint": "362251465005e7f3a54aa61f65c734457bbdd5f4283378043a706545c71a43a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|362251465005e7f3a54aa61f65c734457bbdd5f4283378043a706545c71a43a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-mdbook` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 79633, "scanner": "repobility-supply-chain", "fingerprint": "591bc40ba3e13f8bf3da0d64035209992479d0571e907cf42f2f3fc8adef1bfa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|591bc40ba3e13f8bf3da0d64035209992479d0571e907cf42f2f3fc8adef1bfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 79632, "scanner": "repobility-supply-chain", "fingerprint": "b26f128b32353a4c381991a9ee7b102349e501a4b9195b6698a1743d7d74b5fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b26f128b32353a4c381991a9ee7b102349e501a4b9195b6698a1743d7d74b5fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 79631, "scanner": "repobility-supply-chain", "fingerprint": "10281213f33ba4c26a2b1a3f4c54bc8bbfe2d3163cdd6e18d34546c9e0b47661", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10281213f33ba4c26a2b1a3f4c54bc8bbfe2d3163cdd6e18d34546c9e0b47661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79630, "scanner": "repobility-supply-chain", "fingerprint": "45dc797ddaa238ff5eef913ad9942f1914a23a1a389f1f15c66375fc70effc7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45dc797ddaa238ff5eef913ad9942f1914a23a1a389f1f15c66375fc70effc7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-pages.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `crate-ci/typos` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 79629, "scanner": "repobility-supply-chain", "fingerprint": "68495196e3d8d8a0f3e51bb54200fc31ff720093a11e2fecb354e0dd3782ae56", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|68495196e3d8d8a0f3e51bb54200fc31ff720093a11e2fecb354e0dd3782ae56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/spellcheck.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79628, "scanner": "repobility-supply-chain", "fingerprint": "cba234012d75a59eb9cb7646326e952790c899e1414e23155d95bc8dda289c26", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cba234012d75a59eb9cb7646326e952790c899e1414e23155d95bc8dda289c26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/spellcheck.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-rs/audit-check` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 79627, "scanner": "repobility-supply-chain", "fingerprint": "afc581ac11d109e3469191eb2a159131731b54024c9c54276415aa218eb6f8e9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afc581ac11d109e3469191eb2a159131731b54024c9c54276415aa218eb6f8e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly-cargo-audit.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79626, "scanner": "repobility-supply-chain", "fingerprint": "2029882e16a8adae0ee575836323903afaafc74c84c09bb51f34bac051086efd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2029882e16a8adae0ee575836323903afaafc74c84c09bb51f34bac051086efd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly-cargo-audit.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "properties": {"repobilityId": 79625, "scanner": "repobility-supply-chain", "fingerprint": "367d65032fc0fb18ded02b30a0886b5798e9ffb6b5f925bc7c7bcb50542f4fb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|367d65032fc0fb18ded02b30a0886b5798e9ffb6b5f925bc7c7bcb50542f4fb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `lukemathwalker/cargo-chef:latest-rust-1.87` not pinned by digest"}, "properties": {"repobilityId": 79624, "scanner": "repobility-supply-chain", "fingerprint": "7648b34ec458eaa9cfa3563f459a461aacc11c4d858692868392473484dfcf41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7648b34ec458eaa9cfa3563f459a461aacc11c4d858692868392473484dfcf41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deployment/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "GHSA-jhxm-h53p-jm7w", "level": "error", "message": {"text": "wasmtime: GHSA-jhxm-h53p-jm7w"}, "properties": {"repobilityId": 79764, "scanner": "osv-scanner", "fingerprint": "3543da106c785b0f1e7989ed1caa00da521489a970715f63ded4c45d3dc5299c", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34971", "RUSTSEC-2026-0096"], "package": "wasmtime", "rule_id": "GHSA-jhxm-h53p-jm7w", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34971|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jhxm-h53p-jm7w", "RUSTSEC-2026-0096"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3543da106c785b0f1e7989ed1caa00da521489a970715f63ded4c45d3dc5299c", "c8b36bd10aa00adc694ff322ad816490465b3860b17856b03b0ede09cdea291d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx5w-cvp6-jv83", "level": "error", "message": {"text": "wasmtime: GHSA-xx5w-cvp6-jv83"}, "properties": {"repobilityId": 79763, "scanner": "osv-scanner", "fingerprint": "420bb5ea7da1b76c08f7af9adccd1c5267cac3948591333254e602324d70133a", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34987", "RUSTSEC-2026-0095"], "package": "wasmtime", "rule_id": "GHSA-xx5w-cvp6-jv83", "scanner": "osv-scanner", "correlation_key": "vuln|wasmtime|CVE-2026-34987|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xx5w-cvp6-jv83", "RUSTSEC-2026-0095"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["420bb5ea7da1b76c08f7af9adccd1c5267cac3948591333254e602324d70133a", "835c510cf54708e2100505b2e99299627e26595bee0e9036ee911fac8e4e9e81"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/sdk-harness/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79721, "scanner": "gitleaks", "fingerprint": "f9d065976eac6f1996098ba90c490540d5576722f3f6d32aa6946cc15944f8a8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Key: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|15|key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/in_language_tests/test_programs/ecr_inline_tests/src/main.sw"}, "region": {"startLine": 152}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79720, "scanner": "gitleaks", "fingerprint": "6bbd1075b53c02c7fb91b0b5abb8f22470f52185e954d19b32e45c2719744185", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Secret Key: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|15|secret key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/in_language_tests/test_programs/ecr_inline_tests/src/main.sw"}, "region": {"startLine": 151}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79719, "scanner": "gitleaks", "fingerprint": "fe8e6cdfcf8684f923cd9c42341912b05df485bde7e28d9f0fa3fded367dbc39", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|17|key : redacted", "duplicate_count": 5, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["127132baee9bd2004799a750de927b077566c5b57d75bd8ca9334ef624038c2f", "590f2de18a9316f927fc18496c89e7d56412e47fae1e2cb39533e33eb8049359", "71ca2925470d4408a910e145f0cee3d896dd9cf5e0b4461f2fa6f8973fae7b1a", "b5535118d436ad95eee62b6292f108fd52759533be40a271f0cea4ed71f1701f", "f09f6be2fad2e943307bc55f92a589247ae8f2a01c2932dec443ca803fe3758a", "fe8e6cdfcf8684f923cd9c42341912b05df485bde7e28d9f0fa3fded367dbc39"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle_new_encoding.release.json"}, "region": {"startLine": 171}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79718, "scanner": "gitleaks", "fingerprint": "f6769a60105f1c417f22ff64f31b213076d44910fcdd51d430c86a2da3b0412a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|16|key : redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["6c9d9eeada9690f6f451a51958e5bbcaa91200ba9bce9b3684dc1a0a775ef12f", "9271f06affbddae2e3f124e658484abb916cbb98e154958eaa0a921f5d03f925", "eba7847d35347316f4ea88dc066e5b47dae38ebd999dc62d587353586c058b37", "f6769a60105f1c417f22ff64f31b213076d44910fcdd51d430c86a2da3b0412a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle_new_encoding.release.json"}, "region": {"startLine": 163}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79717, "scanner": "gitleaks", "fingerprint": "2a27eb9beb10f7f0d6410c4df8a3ed988eb50561a7d38416aa66ed5c28182bcc", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|15|key : redacted", "duplicate_count": 5, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2a27eb9beb10f7f0d6410c4df8a3ed988eb50561a7d38416aa66ed5c28182bcc", "729425ab717f895915617d0765cf191f8f2ca95c7e62d3dcff54076564afd9ab", "afe5f8d1bc7af22c12cde06b18d674fc1d0702660644de8bed12a5bba93168fa", "cb820908d0396b0a6da95ea2b011239ff7213ee2f989f3126ba1d824776a1085", "cd5e4758e260972aa0f8441ee5de0822ca8d8be9f830a0cc01f70833b63cda97", "f7887b4eb852e0968df48dbd971928eef165423589ea3fd248b719fa70ce6679"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle_new_encoding.release.json"}, "region": {"startLine": 151}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79716, "scanner": "gitleaks", "fingerprint": "27d2840497c3615a9a5bb72df4986624c1c318b414bdaaed141b81085a006c68", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|14|key : redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["27d2840497c3615a9a5bb72df4986624c1c318b414bdaaed141b81085a006c68", "510eeb25ccd41a7b198408870359728710e20ca4c0635583b075cfcd5d052473", "af2372841b8bea280e65c3787423b16797e5e092cb466abc149ab55bb06b945b", "edba7af842a3698c44af07fea89f4afffa6a78f017410f0060e1e46c762b5f70"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle_new_encoding.release.json"}, "region": {"startLine": 143}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79715, "scanner": "gitleaks", "fingerprint": "e6a14839292e001db1704bf44eaa6434b4fd6b59aa8aea0d0d20ab3b60118b93", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|13|key : redacted", "duplicate_count": 7, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0c783a89f9326fd9b3207ba59e9611b8415fe35bbf32daeae4b7ebff00fa356b", "3547e38a75044ac3b82ac26d8c308e21d0655f15f3cdc0ad719640fa31176a0b", "8645abc17004e3d0b9ea6d7dfe74f3935f4b77be738a80dce9249d09e49c199d", "8dc15023633e902a0f5567142e83d30b453ac8ccd55e0262cd0e6e02b83c3af7", "c5854f79a6b9c70fdbb3b1021d94747fed98c8b7b4f62deb7014e18c19e5be26", "e6a14839292e001db1704bf44eaa6434b4fd6b59aa8aea0d0d20ab3b60118b93", "f1d02a8ef3072f198f010a73c0b182a8b6a30428cf701ed2925d8b55e9098395", "fe570c3c6eea9f4da83afb9621875f137e6c534601970e3a333431f1fe2d9690"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 131}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79714, "scanner": "gitleaks", "fingerprint": "0c5e83469ae364de56fe2670f886eeee4a35ad6313761909ba364689325a60e8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|12|key : redacted", "duplicate_count": 7, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["054dde918a98f4ebd2dddabaa436b67021829f57c10e044c9582379c16c0c4f1", "0c5e83469ae364de56fe2670f886eeee4a35ad6313761909ba364689325a60e8", "0d8d418e12803587a71aa532402cbc5f8b5a3a8c4c4f54813f42bcb1c7095d5d", "2a118fe6ce4235e83199cb8d80a7b5686e8a8db60ac454ff27f47423f991dc43", "69b2fdf75a6109f22fb97ba90bc30828a6123b507457bc21a845eb539ac95850", "8c571ccf480ce7ac5d90e052afae0754614f82150e277fc63e233e94cfc9e5f0", "8c7e8473ca3b2bba34574e2ae5b9f4903e3cad97359cdf87c00856fd7380187f", "f0378aecab850d94deb4f3a6b567fe31e35b9e5f288721385584f2f6d2aefc19"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 123}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79713, "scanner": "gitleaks", "fingerprint": "ee7ef197e363221a919930f44205283f277d1a4ff538760209aa31a20627c624", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 11 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|11|key : redacted", "duplicate_count": 11, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["370094dbfe6deb104cb4ce4d750df82fac75fdf4b93dc6d95c1f90af841aba12", "3b5cee1d88e5774112ad7b958ea9e7117315d57b1bea7a2e95a648aaa696ab0a", "4717659fb71f4dc28b9c18f5e54a6f6c5ecf44d5844df4f5eba7c110aee8e08f", "6d6d0c3fdb25d052f37699c184671d334ddacaec88f656221bfdc628bb40ae2a", "7cb792ec0cf66b46e2720cf5f4cbd471658c55677b9d2302e42ee7f25ec656d5", "8ab87b9129d7453fdfe9c08045108062765893a852fd0764ae9850f00fba81da", "943fb10a9655ee3223161bb313ddec11fc4f02fe7821534ecee5f3dc70097741", "bc8cf5df4337c49bc4aa13dd93c6c633cf5b5f6dbf2424b355703c8ffd79d891", "c5bbb7a367325ee7e90387edeedf5c18ceedc5ec466ed7a3b95d9b32ee7ec7a6", "ee7ef197e363221a919930f44205283f277d1a4ff538760209aa31a20627c624", "efe61afb683056ccfdbd2fb131fedf12b5c50c7d5ef37d4356d751123f3fd6e0", "f8ba62dad2a92018efb2a52c113e2a2458d5d93c1a9488baf90b6ee0f046a4fa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 111}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79712, "scanner": "gitleaks", "fingerprint": "e80924d41a108221ade4e59b0b55397161903f51f3c296e18000af039bc11481", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|10|key : redacted", "duplicate_count": 7, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["06c137e034ad3ae70330406db5688277de17302dce101a3c995734662ebe1f90", "369f039bd7897c364b9a6b6f39f0a2bb35978de3d1c091f6d2033128b5a4db05", "54f79f3eedf3add98d880ee92eb26613fab919d5eb518155acf1940dbd587031", "95c417dfa9b37af217eaa6b6e4aa090e7d6a278ce1f3477336d5e4a5e7d58fc4", "d58bbdeab57f591070bbc3fe25d973ff42a86969967633e32d7c97c8c958d1aa", "d5a3f65f18d98f2a9954595ca7a1df02b51d36cee75ffd69c68b7810fb47002d", "e80924d41a108221ade4e59b0b55397161903f51f3c296e18000af039bc11481", "fdfedb01de75f0e8b0870e5e6a335f5d05b0de892a66b5a5fce4dc2381ec84b8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 103}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79711, "scanner": "gitleaks", "fingerprint": "87638a94b220df0f13f3956a232cdc264cfdb8b10e092ca65c87d90468785897", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 11 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|key : redacted", "duplicate_count": 11, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["391ddd955ce3118069fb1f9ccb52f74b3fc08ee8e8dc155a211390ad8f0e82e6", "5df46565ec41d84cc7dd41e16548c2990b345c3b9ee7fcd3c35472716933077f", "73ba8e94802966a4e92fb0caed99b61e8857a32c5b3ea8ada89967606b6e37cb", "811a6d9d0ca690a29153299a168bae7525c0c036c2f1ade9aa8faa4211689a86", "87638a94b220df0f13f3956a232cdc264cfdb8b10e092ca65c87d90468785897", "bb7ad8ade3d766bdd51ea54800ad425d03dae3c453aecd45b3051f9e2cef41aa", "cee29d62a149aa36bc3acdcd07ac05c033f89b768aad40bf2f07b8a163f153d4", "d23b0f8c8c396506e48ea7c8b4dc79c911c5f241fcfbca022e970e4d619841a4", "d93190cf2759a4ce10ee2d397491c6233eb1308a820685d6b43c8cd556c2039d", "e28443391b65c45416b4b616939bdd249d637c3bf4ca355d96fa8a5b5dfaf049", "e43bba5aa4ddb59d53ab6be460f644eca34785fae3638fbfb95f2902b31efeeb", "fa4fd9a0a63e8b107b671d25669b36e93a253f64460ccf405338e68c5487d137"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 91}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79710, "scanner": "gitleaks", "fingerprint": "3c20e9c9df6cb186d7e1efbf7d2abfe54b09f1a8ea504f87c632e1e168f4e78d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 7 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|8|key : redacted", "duplicate_count": 7, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["01588497bb6b1c96f3816b8154daaca95a529ef2789fc7f5d7d5f17cb475fe1b", "1481725593ebaa3abf3cafda63ef04908e5d70381812cf9586cafb5c85bc2be0", "1cca88a076fb651ac8d4bb3ea245b6cc7b8e366a6588f623f52048e8f2910704", "3c20e9c9df6cb186d7e1efbf7d2abfe54b09f1a8ea504f87c632e1e168f4e78d", "5e35baa0a855cc8664d21f4fba84692cadd5b340adc6f452d406e038ea7623e7", "c75cb62f23c861157168a6d0c4fc2f2a5965aa3d76dbe70f8ca2237f353cf522", "d85274678a08eb74d65799684ea745efa2c891c98b0558396fb469443452cfef", "e2792d736f846c0de59f4f3cfeceea2b0ce6b67d901d24159a68f3d9cf9b2708"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/storage_slots_json_generation/json_storage_slots_oracle.dynamic_storage.release.json"}, "region": {"startLine": 83}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79709, "scanner": "gitleaks", "fingerprint": "d6bf77d3a331c42cab71a4e7322d05a4f787a0d45ff09577527fe2234d6f373c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 13 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|7|key : redacted", "duplicate_count": 13, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["089e4a378edbe3141f5b568b5ae5dccd809f68d4bb09212c8bdadec8dfa2d2a6", "17a1d6f80858bd8a125b31faa9bf94a109f284ecd0f95c0ac8d70474ea86f230", "1e0cbb0a59754e274ee5fc09e59b42478518176e78f0d792257320052ce8c019", "1e67bcb92010f5dfb11003c1d46d33ff4ae534f4462eba2dde1d8f202944b99e", "4b53025f1c6403b8f2be38069535814425e9699292719b2157363d52b8ec029b", "546819ffdf7b5587cffb11c078965aec71c9e289b75e17c1da8e7e5a1417d32e", "6e1f1d167ddb33ef68361cd89af30a4b16571e3c11a32ecaa6a11a19fdd9bb89", "7dfd255ae072cfa08cb3228ff6456aebfc32e633c37f892f11d7d81e5fec23a6", "7ead385be4b049fd20d1ed20df858c3e5e80f393bb1189c3b2bb47fe48e80aa8", "8114f083b111edd333e9fc564ca658951d94f00d79be165e62e2257d224b244f", "92798b79678f531ccdd858d3abb9c04ff92812339c6fe8b0ddc25d2db32faa35", "ad25fcfad69223a59a88ee1f6655c6e8c647bd992615679f8a07bf5f4c8c4b0f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/storage_access_contract/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 71}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79708, "scanner": "gitleaks", "fingerprint": "64eb411edd90dbdc36be0d154a52c52f0f177dab658033cc2a516daefe216070", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 11 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|6|key : redacted", "duplicate_count": 11, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["134e183c811ade2af6a9f8f14c17923ac5a92107d0651b8305415fdcac0a0312", "186015211de099681a575cbb79be1670766c8fa2de5e5e7cbaa5d8ea0835c9c4", "298671163b82067914bb768d7d84b8bdf8deb10b161ab72c74d9ebda9b1b512d", "4db6b991b0afc138a133e511c3adcaf51c7849a7712bacbd4b8aea65e9427d78", "64eb411edd90dbdc36be0d154a52c52f0f177dab658033cc2a516daefe216070", "6a91a6d4c2b33370789222eb83f90a1a7b31eb71215b0c3a69e6d47f0d4029c2", "6c36a22076f94f136704a37fde8191487ff63372cd2b1447da7ce44470488884", "74c0e31b07578da1a008c55e36864aa0f8a79c29724ccac3d3164114d4a2f661", "a9abded04bf565b317fe36996e927bc000559be1474824662b9ca62d32439983", "c9c6e3efb7190c4e3c63c1a8353caeba6881cb88943d80ab1690362dd04e6eb1", "cedee93c8f89090c83906138b76d092458552842f89bbaf6f8b2bf040f1cbdc7", "cfecb61c0dcdc35caabad7b3936a113d03250fa0c6f3e9902704b22c620b1caf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/storage_access_contract/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 63}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79707, "scanner": "gitleaks", "fingerprint": "440c5d4008fb486c3922a3bf68c96f684537d08c5825719d1da60e11db265a37", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 35 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|5|key : redacted", "duplicate_count": 35, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["03a914770e26194a60a51e2a232fadf9a38b1617c734678e5637a860ab0fa764", "03f1453f93b15435a62835d7d3f4a3a43623c4bdedd3d8ce6760a633f7d046b3", "05f458ba652d01350c99019a8506bf4d4ee372979760d5d4572acec9a126b7a8", "0f484124a109daa4baaa039533c19e0947b219c0e6df6a68bb2bd1e2f724afcc", "13c2931ceb42aee511143bb0ae7975d25bd0ede50e434a51e5be4915f6bb60ca", "1badddcea623ca15e61af7a3ada508c88ba695e2f03205c03e14fcf581f29aa1", "1e2ae6c323450f9f7f0d97547648464cdbad8a278bce33c67f95b74281f45e66", "260db207bff5d6d5aa8d5bf5ea2af87ea0e5c99737f936a89a63e6e3b6c2b107", "28cfcf6e302a6842fc3031e974569f68bb6f8483025161d492c5b1c3831dd6fe", "380436353881ef6746b7d9677dc90087c5377ced07a227dc431faf783cdcaa59", "3fe8e2d3454bc725a30b3986feaf12088b477cd2d303dc25abb168ba474dd183", "440c5d4008fb486c3922a3bf68c96f684537d08c5825719d1da60e11db265a37"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/basic_storage/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 51}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79706, "scanner": "gitleaks", "fingerprint": "3886360a186b5ddedfc4b54e1c4bb4ee67e3c8c6b208b0905248ef4e4e47a1c5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 31 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|key : redacted", "duplicate_count": 31, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0e6315ff7a255d7abc046c7486ba40b333c57418184fa27e3d16d6faf09e3a31", "1033ef37dcbaaa544ed8be7efc1042d33979bae390afb701f0a44f6d37bbfb50", "12de20415423a7a42caccf9d64d1983e7cdc7dfcb0e3f71a46dc4d774a70fb04", "183a33dbc5ff338299a3430191b9c31c339040674aa29b034d22d0492866b45c", "1a45a432b8f4c07263cb7a12d92616607060a1d2e0385e7fbb4ae4abeaa87096", "202e49cbb01b044018061f243e6cf5faf2626b41a11511bb931a5404a780231d", "25b31f08da3a1dd2d8b56df8a0277529014eb54b95410b00f7138b3c545cc771", "27695876a32cd0390c698a6e84d3e7464f7fe1b13fc3a189ac2e9eff6991ba18", "282d2e025cc89eb61c70cc0e7c108f1835f2d01e7ed573411bf4b7bbb51fe9cc", "3886360a186b5ddedfc4b54e1c4bb4ee67e3c8c6b208b0905248ef4e4e47a1c5", "64809a3690b31c580a90ad55a8dfab0a5863943b8c073dfd9257e0340940555e", "688080f03c75e14c7a969834ff0c420203d076f3e2a03445c9614ec6d497a073"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/basic_storage/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 43}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79705, "scanner": "gitleaks", "fingerprint": "8759c57069e1f15dd58a7292e61b7835e90f0df2c6144230515818637842142d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 47 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|key : redacted", "duplicate_count": 47, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["003110013dbdbe97b7a96aece9c64b71f2a49aefd413e8e985f4bfcd3257cee7", "0042541e5ceaa83bc64af25d81c6331aecbdefc58f319360ab3f6e408afca712", "046c524dae503e37bdbd8cb60541de3904cee04dbaba7a91bdc1ce0e161c8e9b", "0a029b9b41ff1f98acb24ec053ef96a9c05c6e86b1a9d23aa1ee3880d3702f38", "0efe877566c7e93671222ef9c974333e0a4f9805c122be1ef16c5c122c8516c6", "151ce50adbc28927c8ba9525f6dac34192c76f70d2a089e86552587e7de0b352", "1e6c382c90c406a18116ec22cd13b2043782cf29361bf8c1e9ff4f1841e4a22e", "20d645f444ed3764766080487d7c13ba85518b226e6b15c3239da908d7df54fb", "299f42d47c859e073b49cd7a3b9892aeaecdca2c7a6b5da79de38c5eb75b41f6", "2c603ce46a4b8af570fe75e3c8a995c443784940dcfb13ed8b892fa7b7423e3e", "2dca808cd93b759921249e47a4b05599fc718551af8406991ae6a218470287be", "3591419a572397ac31b580410abb7e890e64fb3d8b53ae430bd8507c2045aedd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/basic_storage/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 31}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79704, "scanner": "gitleaks", "fingerprint": "adc8d1218da3b5e96a35626a66247e9e7e6e987e8feada8752ae2ca737d87226", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 31 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|key : redacted", "duplicate_count": 31, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["19b54066d5686b2d11bd29a93fad2fa7adccea9bd23dfce44a8a6f1729c1ac9f", "1b588c195a04dd051304c1a2003d9da3b5652a05c0fc3e6755b115330effdb2a", "20c9ca74cbc04214f41d78a36305ea39166229007a2475732b4394f0cd2e7bde", "25f456cee3a2a1646673d6d5d68f9b4099dbd9a39b8a5329c545c8d55ade85e9", "273828ca30e7d2e7118cdc4c0baae95722f49044b70eec8f2982c305292510d9", "390a2c284ea0aa61fbf3f32be3133d13c055a6bcdddc5b805e65ddb885d28651", "448d4842bb98cf53e011c1b960082631c6dbc744843cf673810786f2fb3a5755", "4cb4acddc25ade8f4b0a34c246ecd3f6083c62742073fcdce0ff2e2cdc405761", "6320bd8b6bcc64276f0560bc879aa47cc53a9a87b192dc80d1bc5eeaa0421d5c", "63bbe1fdd2743ab0c3dfc110ade9d1fb47b482e0ffb34db0a09983698531b145", "643fdd75ceff48deb7bee0ad5ff812279d10fe354dbb7897f41fa6f0115edb6d", "69c69ca66f4bf571b44cb9088ca7a85205d7cd8c9878be9b3d1bfde3345c0645"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/basic_storage/json_storage_slots_oracle_new_encoding.debug.json"}, "region": {"startLine": 23}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79703, "scanner": "gitleaks", "fingerprint": "e3525807e21c3ac127362c5d0923389e10e793a4b2fc875cb1773d8b044ab5ce", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 83 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|key : redacted", "duplicate_count": 83, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["00877c70dc33b9e52560d42bea91883537c4487917d441adc9264e2f2526b5ea", "06d125e3acf37a6afbcf042d7039f3ca49619fa29daf961d36049c8ea5a0bc01", "07cd91430313b2f724bc905dfa694447e900a7991bc3f2f0602b125eaf8f0cc4", "0a2ee5cb7f0b9fd937624954a189ba2876e4caed9058c908be1f3adeb8c7479c", "0a6e24975127287bf7df3ef74041ef4f13f3a76695e23d817daec30caf583bff", "0ea808494323fed7000221e261c49c5851ebcaf29f613cfbcd674ad6714e6e6d", "125e761a3bfe04a86f372d9ad38b5d9090956f32bb2fa5f44aff68dcceb79e55", "18814e1f3a4a8aa59673a224bc52625422df55f9f9d806692e0b2edde3fd325c", "1b6bc4d71984f3a7e255be85450bdd2926cf2d6da99cbbb64c37894ac4d33b7d", "1dd8e7730daf7392aac00aaf603a966a8ff457d889ebb48881196ac5c0411f9e", "207f902c99e2f718f66f28fccbee27abcb297ffcd8f60b07d1ccaac2bf58e2a2", "286b0816fb4c4849a9c4109ba3c83bbb93a006b34b50591f6181f88063db0671"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/test_contracts/increment_contract/json_storage_slots_oracle_new_encoding.release.json"}, "region": {"startLine": 3}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79702, "scanner": "gitleaks", "fingerprint": "ea55f2d816b5626b929934cae63d39ae7bed3e0937ecc6781403690d60a785c8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "storage_key = REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|storage_key redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0de7002e0883045f9dd272d06e8235c47ebe00f3adaf2b433791c4689beb9fac", "8b0c74ae8ec429009895da88b57ba4d9a32888cf5dc093338036db9351c886a6", "ac68ca7687d8bdb37d7739bc446431d78b411d3829ea0484583be858349fb6c6", "ea55f2d816b5626b929934cae63d39ae7bed3e0937ecc6781403690d60a785c8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/static_analysis/cei_pattern_violation/src/main.sw"}, "region": {"startLine": 32}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79701, "scanner": "gitleaks", "fingerprint": "6c0644cad0e796779bb45aab8e131f009463afc5190b099b329de6bff31654a7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "storage_key = REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|storage_key redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["3e153e84d11503d146ca86c854c895d37aeee72b2d363b0e93821192382170b7", "3f05292fb902811182fef75b222b466b03c41dd987fad6e3f62f3513085239f1", "4b09133d11da106bb8e2c0014b987a8d60477b9b916b72fa994c192aa1fb7431", "6c0644cad0e796779bb45aab8e131f009463afc5190b099b329de6bff31654a7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/static_analysis/cei_pattern_violation/src/main.sw"}, "region": {"startLine": 21}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79700, "scanner": "gitleaks", "fingerprint": "0ec4976c3be2fa6f073321197e45ba30977fb6115094195bb59499296826d433", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key is: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|key is: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0ec4976c3be2fa6f073321197e45ba30977fb6115094195bb59499296826d433", "42593de8951db83222903151d03ea178ee3443b49ca9b4af1cee04b34ebac6de"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/language/duplicated_storage_keys/test.dynamic_storage.toml"}, "region": {"startLine": 28}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79699, "scanner": "gitleaks", "fingerprint": "52679d81ef194266fdc5f74b7aab0cbd1175cadcc2d3047db148626e7fc5f449", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key is: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|key is: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["15b0a73ea5bc57d32b89e5e627b28d52af562e1524a44830efca234b6ec1af4b", "52679d81ef194266fdc5f74b7aab0cbd1175cadcc2d3047db148626e7fc5f449", "58a4f064b1a30bfaf3d4a94330dc32ec9b3bf9c1857eca5fcda28c46d1517e6d", "93b9bceb724dc69aa19428f0551150a53ae793b5d22d8fac305e8d01367a33a1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/src/e2e_vm_tests/test_programs/should_pass/language/duplicated_storage_keys/test.dynamic_storage.toml"}, "region": {"startLine": 11}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79698, "scanner": "gitleaks", "fingerprint": "606d5a4d997393f29a454b4ad112c85b893b8bea0bdbadc7bd5fa658c504faff", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "storage_key storage.a.b = REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|storage_key storage.a.b redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["606d5a4d997393f29a454b4ad112c85b893b8bea0bdbadc7bd5fa658c504faff", "93cdb3654c1d043990acc904bbe792e10c26047052f820a4dba337b5c18de533"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-ir/tests/serialize/get_storage_key.ir"}, "region": {"startLine": 6}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 79697, "scanner": "gitleaks", "fingerprint": "5a06efdd4d59245dba3b306bd596761d18c9ddea40d9e26285a16e95655e4dd1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "storage_key storage.a = REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|storage_key storage.a redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["46bea812f4b07573c39452ac2b014241ad4d91adde5ee68ef68b3a18cebd6fe1", "5a06efdd4d59245dba3b306bd596761d18c9ddea40d9e26285a16e95655e4dd1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sway-ir/tests/serialize/get_storage_key.ir"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODSPEED_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 79658, "scanner": "repobility-supply-chain", "fingerprint": "a338e8aa433785a89efaf2a4e69e787219aa8e1a7d1a09319dcd334401076c7b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a338e8aa433785a89efaf2a4e69e787219aa8e1a7d1a09319dcd334401076c7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_NOTIFY_BUILD` on a `pull_request` trigger"}, "properties": {"repobilityId": 79657, "scanner": "repobility-supply-chain", "fingerprint": "f6ed437216f2d223487d414714a1c64391735ad09ce6150d26d4148c3b072fd3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6ed437216f2d223487d414714a1c64391735ad09ce6150d26d4148c3b072fd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 786}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.FORCPUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 79656, "scanner": "repobility-supply-chain", "fingerprint": "7b4d0c73247e03c645fb696e6ee64ff8f92bd5383ddcc7206d353fa655c81dd0", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b4d0c73247e03c645fb696e6ee64ff8f92bd5383ddcc7206d353fa655c81dd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 773}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_NOTIFY_BUILD` on a `pull_request` trigger"}, "properties": {"repobilityId": 79655, "scanner": "repobility-supply-chain", "fingerprint": "453e09c009ba9c95eee9f1c05ea86e3894d99ccf0a654b16c32b82c3e2c95b88", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|453e09c009ba9c95eee9f1c05ea86e3894d99ccf0a654b16c32b82c3e2c95b88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 753}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CARGO_REGISTRY_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 79654, "scanner": "repobility-supply-chain", "fingerprint": "153548704f27e9d2597184b3921c509b2899a8f6f298e748abc34f514b506284", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|153548704f27e9d2597184b3921c509b2899a8f6f298e748abc34f514b506284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 740}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_NOTIFY_BUILD` on a `pull_request` trigger"}, "properties": {"repobilityId": 79653, "scanner": "repobility-supply-chain", "fingerprint": "d36e4f5d6fdf65c98378c6e62b64f1ad94ebc5069d19f8af87a7df28f9187118", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d36e4f5d6fdf65c98378c6e62b64f1ad94ebc5069d19f8af87a7df28f9187118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 707}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_NOTIFY_BUILD` on a `pull_request` trigger"}, "properties": {"repobilityId": 79652, "scanner": "repobility-supply-chain", "fingerprint": "b248bb3d6effbf218762d63c462d4be9f4573b95e2e79c96989b8908403fc1c9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b248bb3d6effbf218762d63c462d4be9f4573b95e2e79c96989b8908403fc1c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 675}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APP_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 79651, "scanner": "repobility-supply-chain", "fingerprint": "b9cbe9c65cbc704ac8c9b0443859211a58704323cca01ea207678d0666749cdf", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9cbe9c65cbc704ac8c9b0443859211a58704323cca01ea207678d0666749cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 479}}}]}]}]}