{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/295"}, "properties": {"repository": "scikit-learn/scikit-learn", "repoUrl": "https://github.com/scikit-learn/scikit-learn", "branch": "main"}, "results": [{"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 9410, "scanner": "repobility-threat-engine", "fingerprint": "e5ea60ae80ce7d734df9f79e989d6544ce0695018f0e21fba250cac9a51a4aac", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|175|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/applications/plot_out_of_core_classification.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 9409, "scanner": "repobility-threat-engine", "fingerprint": "31fc5ed18f092a571f7e914d13322297b630268eac04e07934ca681fa1e8fac4", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|sklearn/utils/fixes.py|348|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/utils/fixes.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 9403, "scanner": "repobility-threat-engine", "fingerprint": "5597f6a3384d107d1965970d4e081f53df681b41b13d3cc3f0f099d5cd7a93e8", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|2713|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/utils/estimator_checks.py"}, "region": {"startLine": 2713}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 9402, "scanner": "repobility-threat-engine", "fingerprint": "7380bc52f88e75ac1eeb8b20f6d06e7cf9ec419a006bed1cb368ab42e3bc7851", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|176|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "asv_benchmarks/benchmarks/common.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 9401, "scanner": "repobility-threat-engine", "fingerprint": "762c1f63e63f7cf74e6ae355ac60e7b64a2194c1c7b3581d734d3aa52ec61c11", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|137|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/bench_plot_randomized_svd.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "031dc40397108af4271d3834b599bf6285ba48622f7b285ebaa3ecf24d0d8aa9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/externals/array_api_compat/cupy/_aliases.py", "duplicate_line": 55, "correlation_key": "fp|031dc40397108af4271d3834b599bf6285ba48622f7b285ebaa3ecf24d0d8aa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/externals/array_api_compat/numpy/_aliases.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afaadb485842afa71d7ba0ec60b740f3f1f3170e1520c2780576fb455a194650", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/externals/array_api_compat/dask/array/_aliases.py", "duplicate_line": 102, "correlation_key": "fp|afaadb485842afa71d7ba0ec60b740f3f1f3170e1520c2780576fb455a194650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/externals/array_api_compat/numpy/_aliases.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bd49f6619781a9deb92db82ebc953b2ead18fdcd5456879c77eca7c1225cb99", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/externals/array_api_compat/cupy/_info.py", "duplicate_line": 29, "correlation_key": "fp|1bd49f6619781a9deb92db82ebc953b2ead18fdcd5456879c77eca7c1225cb99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/externals/array_api_compat/dask/array/_info.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8d464a5e1ace6e904775a7cd50d49c55f5fd49c548d91e562063f97b0b3186b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/externals/array_api_compat/cupy/_aliases.py", "duplicate_line": 55, "correlation_key": "fp|c8d464a5e1ace6e904775a7cd50d49c55f5fd49c548d91e562063f97b0b3186b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/externals/array_api_compat/dask/array/_aliases.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62f6e1c1999a8950b885c049f1965ce46e5a83047870be7210b43c6627a96a57", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/ensemble/_stacking.py", "duplicate_line": 122, "correlation_key": "fp|62f6e1c1999a8950b885c049f1965ce46e5a83047870be7210b43c6627a96a57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/ensemble/_voting.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6225e257ba6cd3493021ece270b9ddae49035104466ec56f84bf61a34203f3b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/ensemble/_base.py", "duplicate_line": 165, "correlation_key": "fp|a6225e257ba6cd3493021ece270b9ddae49035104466ec56f84bf61a34203f3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/ensemble/_stacking.py"}, "region": {"startLine": 501}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9394, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ea3b211dc41772f38931c7a0086cc2d20b9c3e948fb406929506996b0fdfa9f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/covariance/_robust_covariance.py", "duplicate_line": 610, "correlation_key": "fp|9ea3b211dc41772f38931c7a0086cc2d20b9c3e948fb406929506996b0fdfa9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/decomposition/_fastica.py"}, "region": {"startLine": 567}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9393, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6eeaf749c00355485a832f106658fb6ae6ef500578693c9af0f5acf51778f7f2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/datasets/_lfw.py", "duplicate_line": 418, "correlation_key": "fp|6eeaf749c00355485a832f106658fb6ae6ef500578693c9af0f5acf51778f7f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/datasets/_species_distributions.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9392, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9eb8dfd4b2bcb9743e53b31784ad98c8a798e00f35ff7efab3f83b6b6d52ba5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/datasets/_lfw.py", "duplicate_line": 234, "correlation_key": "fp|c9eb8dfd4b2bcb9743e53b31784ad98c8a798e00f35ff7efab3f83b6b6d52ba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/datasets/_rcv1.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9391, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14c837f404212e6501a859b37f4c37b63b698c6f05c9feba2e731bba4b2484cc", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/covariance/_robust_covariance.py", "duplicate_line": 544, "correlation_key": "fp|14c837f404212e6501a859b37f4c37b63b698c6f05c9feba2e731bba4b2484cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/covariance/_shrunk_covariance.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9390, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a25fd08ced9f2d1bdb37f8063f5292460f116be0d89b3ac70402a5a84fadf64b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/covariance/_empirical_covariance.py", "duplicate_line": 108, "correlation_key": "fp|a25fd08ced9f2d1bdb37f8063f5292460f116be0d89b3ac70402a5a84fadf64b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/covariance/_shrunk_covariance.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9389, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a90e063545dc79bd2dbac6e704472a8faa92932c5e8359ecc56ffb05f498015", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sklearn/covariance/_elliptic_envelope.py", "duplicate_line": 62, "correlation_key": "fp|2a90e063545dc79bd2dbac6e704472a8faa92932c5e8359ecc56ffb05f498015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/covariance/_robust_covariance.py"}, "region": {"startLine": 541}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 9388, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5afab73c5c68d39f8ec4ca8a350e511dc4240e9702c70b5a66ab3a180b243ce0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5afab73c5c68d39f8ec4ca8a350e511dc4240e9702c70b5a66ab3a180b243ce0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maint_tools/sort_whats_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 9411, "scanner": "repobility-threat-engine", "fingerprint": "823652adbefb06a6c044bb490573a73647d01270481033c69055ccfb44d74350", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = o", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|23|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/utils/_repr_html/estimator.js"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 9387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dab6ba7f969795dfbbb29941581770ab289fc294eb9addcd7542e9c340b4f45f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dab6ba7f969795dfbbb29941581770ab289fc294eb9addcd7542e9c340b4f45f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maint_tools/sort_whats_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 9386, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 9408, "scanner": "repobility-threat-engine", "fingerprint": "f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9407, "scanner": "repobility-threat-engine", "fingerprint": "3ab518ae28b325d43191ddb026f925afb857c6f32e03831a195e1cb428520b42", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|1195|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sklearn/model_selection/_split.py"}, "region": {"startLine": 1195}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9406, "scanner": "repobility-threat-engine", "fingerprint": "3c498276bde601281f0620a36be5e9980adedf60130ef19c7055f1942b935da6", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|26|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/bench_isotonic.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9405, "scanner": "repobility-threat-engine", "fingerprint": "e4e92210ccc259e4b4261379a9164e1f0733db06535ac648cc6093493a32e03b", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.randint(", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|143|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/bench_plot_polynomial_kernel_approximation.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 9404, "scanner": "repobility-threat-engine", "fingerprint": "acf942e515aeb5556dcd6a667386a6c24a783b6b9aed69d2869d59662641c431", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|acf942e515aeb5556dcd6a667386a6c24a783b6b9aed69d2869d59662641c431"}}}]}]}