{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_repo` has cognitive complexity 8 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_repo` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `vitepress-plugin-group-icons` is minor version(s) behind (^1.6.5 -> 1.7.5)", "shortDescription": {"text": "npm package `vitepress-plugin-group-icons` is minor version(s) behind (^1.6.5 -> 1.7.5)"}, "fullDescription": {"text": "`vitepress-plugin-group-icons` is pinned/resolved at ^1.6.5 but the latest stable release on the npm registry is 1.7.5 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED007", "name": "[MINED007] Sql String Concat (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED007] Sql String Concat (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 115 more): Same pattern found in 115 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 115 more): Same pattern found in 115 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-q5j8-9m9g-x2jh", "name": "module-from-string: GHSA-q5j8-9m9g-x2jh", "shortDescription": {"text": "module-from-string: GHSA-q5j8-9m9g-x2jh"}, "fullDescription": {"text": "module-from-string prototype pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0071", "name": "rsa: RUSTSEC-2023-0071", "shortDescription": {"text": "rsa: RUSTSEC-2023-0071"}, "fullDescription": {"text": "Marvin Attack: potential key recovery through timing sidechannels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0119", "name": "number_prefix: RUSTSEC-2025-0119", "shortDescription": {"text": "number_prefix: RUSTSEC-2025-0119"}, "fullDescription": {"text": "number_prefix crate is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0002", "name": "lru: RUSTSEC-2026-0002", "shortDescription": {"text": "lru: RUSTSEC-2026-0002"}, "fullDescription": {"text": "`IterMut` violates Stacked Borrows by invalidating internal pointer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `ghcr.io/jdx/mise:copr` unpinned", "shortDescription": {"text": "Workflow container/services image `ghcr.io/jdx/mise:copr` unpinned"}, "fullDescription": {"text": "`container/services image: ghcr.io/jdx/mise:copr` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.send_header` used but never assigned in __init__", "shortDescription": {"text": "`self.send_header` used but never assigned in __init__"}, "fullDescription": {"text": "Method `do_GET` of class `ToolStubTestHandler` reads `self.send_header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.ZIPSIGN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.ZIPSIGN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ZIPSIGN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1380"}, "properties": {"repository": "jdx/mise", "repoUrl": "https://github.com/jdx/mise", "branch": "main"}, "results": [{"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 141171, "scanner": "osv-scanner", "fingerprint": "db9d7b2953df3bc0c3b29dad394e67e753295a6e4cd52e1e143bbdf42851a6e9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|bun.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bun.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141159, "scanner": "repobility-docker", "fingerprint": "85ea873b7d413460674330999e3ac559cfd99dea52302df01525a238000953cc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "fedora:45@sha256:0c1f63ed8fb818fad16cf6ae091598c410a21d2e1a9adf183beb93189299bfba", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|85ea873b7d413460674330999e3ac559cfd99dea52302df01525a238000953cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/rpm/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141158, "scanner": "repobility-docker", "fingerprint": "de1f336cd340934220590a1eee055bdc061d8490d7cef1dc05efbe834841a7ca", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "rust@sha256:fb328f0f58becb23ba1719940a2c94ece8b0b48afa837d05b79ef64bc1e18f6e", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|de1f336cd340934220590a1eee055bdc061d8490d7cef1dc05efbe834841a7ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/mise/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 141157, "scanner": "repobility-docker", "fingerprint": "0b9cb917fb318d4a511a70ec8ec31a1f5a3081d7d2449b612f8846177436db52", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 9 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 9, "correlation_key": "fp|0b9cb917fb318d4a511a70ec8ec31a1f5a3081d7d2449b612f8846177436db52", "dependency_install_line": 10}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/mise/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 141156, "scanner": "repobility-docker", "fingerprint": "1bf3a5b8e0d2b0c44a52e1fd700297a0eb1ff87d1d426f279d04ad66e0bb2ff0", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1bf3a5b8e0d2b0c44a52e1fd700297a0eb1ff87d1d426f279d04ad66e0bb2ff0", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/mise/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141155, "scanner": "repobility-docker", "fingerprint": "170824bf95400d369ff0817906d8eb3cecd8005463aaf3bd91c5de523ceb1fa8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:resolute-20260421@sha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|170824bf95400d369ff0817906d8eb3cecd8005463aaf3bd91c5de523ceb1fa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/e2e/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141154, "scanner": "repobility-docker", "fingerprint": "8edb7ebe5ab85953afaf912de19e28895d2e09e7f4e78a5025ce255b0b9a54f7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:26.04@sha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8edb7ebe5ab85953afaf912de19e28895d2e09e7f4e78a5025ce255b0b9a54f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/deb/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141152, "scanner": "repobility-docker", "fingerprint": "3e2076f9f39959158b3c14429cf1ac99fc1294683b8140291b3354cf8c561411", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "fedora:45@sha256:0c1f63ed8fb818fad16cf6ae091598c410a21d2e1a9adf183beb93189299bfba", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3e2076f9f39959158b3c14429cf1ac99fc1294683b8140291b3354cf8c561411"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/copr/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141151, "scanner": "repobility-docker", "fingerprint": "b34a573e71c5c93c28222380a0391d5a24dfebc240fd9fd1e5910dd7d36ae290", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:edge@sha256:9a341ff2287c54b86425cbee0141114d811ae69d88a36019087be6d896cef241", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b34a573e71c5c93c28222380a0391d5a24dfebc240fd9fd1e5910dd7d36ae290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/alpine/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 141149, "scanner": "repobility-docker", "fingerprint": "b228f79b4485823052d80f718266efce3dac1331c8dd87bedbbb561ba08b541d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "rust@sha256:fb328f0f58becb23ba1719940a2c94ece8b0b48afa837d05b79ef64bc1e18f6e", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b228f79b4485823052d80f718266efce3dac1331c8dd87bedbbb561ba08b541d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 141148, "scanner": "repobility-docker", "fingerprint": "683bdd78e15ee8fed62cefd43eb63830d669e862e664b047c022198100419d8b", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 9 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 9, "correlation_key": "fp|683bdd78e15ee8fed62cefd43eb63830d669e862e664b047c022198100419d8b", "dependency_install_line": 10}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 141147, "scanner": "repobility-docker", "fingerprint": "752d4cb0028d1303f88edb74b10017d1dbf875774fc5feac16baeafd1eda513b", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|752d4cb0028d1303f88edb74b10017d1dbf875774fc5feac16baeafd1eda513b", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 141133, "scanner": "repobility-threat-engine", "fingerprint": "45771a754b8a4bdedb2b9cfebae23dc5bf3e92c451edcb639117e26c81655e28", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|45771a754b8a4bdedb2b9cfebae23dc5bf3e92c451edcb639117e26c81655e28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/.vitepress/theme/banner.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 141115, "scanner": "repobility-threat-engine", "fingerprint": "d326d48493e42c1b57705f1da2845c64f221cf4c8e066063e06e3953cdb9fbea", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url = \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d326d48493e42c1b57705f1da2845c64f221cf4c8e066063e06e3953cdb9fbea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/plugins/attestation/hooks/pre_install.lua"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 141105, "scanner": "repobility-threat-engine", "fingerprint": "3bc03c97f22f9cd3ddea4162b4d1ba92788e1f1495ea87203d4b6cd1e16e1689", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|11|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-chromedriver/hooks/post_install.lua"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 141104, "scanner": "repobility-threat-engine", "fingerprint": "d2d3300e083b9887d70e5136dc230e05412c2c2664f70160b7d3156226c23bc5", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|22|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-bpkg/hooks/post_install.lua"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 141103, "scanner": "repobility-threat-engine", "fingerprint": "01cf070c170195e8c65c203551da6be0e90431dc3072ecf58805aef73bd9fb36", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|13|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-ag/hooks/post_install.lua"}, "region": {"startLine": 13}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141090, "scanner": "repobility-agent-runtime", "fingerprint": "f8b6b276206f280fd9a7207774035b29f40e5f028b2aa2602d2e541efc556631", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f8b6b276206f280fd9a7207774035b29f40e5f028b2aa2602d2e541efc556631"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/mise-cookbook/docker.md"}, "region": {"startLine": 26}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141089, "scanner": "repobility-agent-runtime", "fingerprint": "6ea71cb4dee158675ff9809846d7c8cef736a6461fba4ff09ac8b47422a8fb14", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|6ea71cb4dee158675ff9809846d7c8cef736a6461fba4ff09ac8b47422a8fb14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/index.md"}, "region": {"startLine": 103}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141088, "scanner": "repobility-agent-runtime", "fingerprint": "506dd5082838fc48e8b74a14fbbde13b59e26222ac85500319476201f7e11cf7", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|506dd5082838fc48e8b74a14fbbde13b59e26222ac85500319476201f7e11cf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/dev-tools/backends/cargo.md"}, "region": {"startLine": 14}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141087, "scanner": "repobility-agent-runtime", "fingerprint": "a6f0d0cb0ac6f5a4401b7ede3c855c912a4ba5c6cea954d1beed1253f287fa3c", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a6f0d0cb0ac6f5a4401b7ede3c855c912a4ba5c6cea954d1beed1253f287fa3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/continuous-integration.md"}, "region": {"startLine": 12}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141086, "scanner": "repobility-agent-runtime", "fingerprint": "90cdc63bb4f6e7ccd818b758417cef64f10dc63096602532f0aa38d3424b683d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|90cdc63bb4f6e7ccd818b758417cef64f10dc63096602532f0aa38d3424b683d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 70}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141085, "scanner": "repobility-agent-runtime", "fingerprint": "af517ae48ccb9c1bc0fdbf41eb2cef1b8a89cde8bd16e5580c6add6ccb7b7d8a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|af517ae48ccb9c1bc0fdbf41eb2cef1b8a89cde8bd16e5580c6add6ccb7b7d8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cross.toml"}, "region": {"startLine": 23}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 141084, "scanner": "repobility-agent-runtime", "fingerprint": "a8b95deceb381e0a2c84b015e45fc13981a4ff3a62ae9b255661c46b11737efe", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a8b95deceb381e0a2c84b015e45fc13981a4ff3a62ae9b255661c46b11737efe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cloudflare-deploy.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 141050, "scanner": "repobility-ast-engine", "fingerprint": "10f7c75b34cb688f539790f252f570aaa33c3a60d4613dfda66f6f0811b8cce6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10f7c75b34cb688f539790f252f570aaa33c3a60d4613dfda66f6f0811b8cce6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/git_http_backend_server.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 141153, "scanner": "repobility-docker", "fingerprint": "b38f43816083c78b9b77896440c1c5da8bdb11b66f0357e04dc77bf10c715c0f", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b38f43816083c78b9b77896440c1c5da8bdb11b66f0357e04dc77bf10c715c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/deb/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 141150, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_repo` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 141146, "scanner": "repobility-threat-engine", "fingerprint": "e0966e3b1447b5f49c71bd9211d3506a3d74ec6b420c8b522d7aa3fcafb49793", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_repo", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|e0966e3b1447b5f49c71bd9211d3506a3d74ec6b420c8b522d7aa3fcafb49793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "xtasks/test-tool-retry.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `check_grace_period` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, else=1, for=1, if=3, nested_bonus=3."}, "properties": {"repobilityId": 141145, "scanner": "repobility-threat-engine", "fingerprint": "2019bc4a2245e3833510f5972d306c73075c535816544b17c73875a2ced2879b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_grace_period", "breakdown": {"if": 3, "for": 1, "else": 1, "continue": 2, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|2019bc4a2245e3833510f5972d306c73075c535816544b17c73875a2ced2879b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "xtasks/test-tool-retry.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vitepress-plugin-group-icons` is minor version(s) behind (^1.6.5 -> 1.7.5)"}, "properties": {"repobilityId": 141083, "scanner": "repobility-dependency-currency", "fingerprint": "ac909f78cff579e51d81bbfa704e947152799fb6fdad2b5942dca11b514715d8", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vitepress-plugin-group-icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.7.5", "correlation_key": "fp|ac909f78cff579e51d81bbfa704e947152799fb6fdad2b5942dca11b514715d8", "current_version": "^1.6.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (^4.20.6 -> 4.22.4)"}, "properties": {"repobilityId": 141082, "scanner": "repobility-dependency-currency", "fingerprint": "ecd8425b75c68379461712f89d1811152b3e120af3cef10f2c53f7075ca7acf4", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|ecd8425b75c68379461712f89d1811152b3e120af3cef10f2c53f7075ca7acf4", "current_version": "^4.20.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `toml` is minor version(s) behind (^4.0.0 -> 4.1.1)"}, "properties": {"repobilityId": 141081, "scanner": "repobility-dependency-currency", "fingerprint": "58c43924c4b5888019d381c9eb1d8d3271f1d6ac25542d8a56b7bae7655c7cc9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "toml", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.1.1", "correlation_key": "fp|58c43924c4b5888019d381c9eb1d8d3271f1d6ac25542d8a56b7bae7655c7cc9", "current_version": "^4.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `markdown-it` is minor version(s) behind (^14.1.0 -> 14.2.0)"}, "properties": {"repobilityId": 141080, "scanner": "repobility-dependency-currency", "fingerprint": "ebb90a0b29a0c30d333acd13a287163c405399dd66903a2d844de00a57ed66e6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "markdown-it", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.2.0", "correlation_key": "fp|ebb90a0b29a0c30d333acd13a287163c405399dd66903a2d844de00a57ed66e6", "current_version": "^14.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `js-toml` is minor version(s) behind (^1.0.2 -> 1.1.2)"}, "properties": {"repobilityId": 141079, "scanner": "repobility-dependency-currency", "fingerprint": "ce991d99798bc4614075e07dd5fe123a1c1c686e40cc78600b5c4cf213a7e3fb", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "js-toml", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.1.2", "correlation_key": "fp|ce991d99798bc4614075e07dd5fe123a1c1c686e40cc78600b5c4cf213a7e3fb", "current_version": "^1.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141024, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c414bf6f571a4e561a63cd5e97b50f661ea5ba3f794105ede0a790ced47907f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/shell/bash.rs", "duplicate_line": 89, "correlation_key": "fp|c414bf6f571a4e561a63cd5e97b50f661ea5ba3f794105ede0a790ced47907f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shell/zsh.rs"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141023, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e1b331b96a3adf75eb55ff85c2ac1feb652b836b326c7df5b083e2138f45b98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/shell/bash.rs", "duplicate_line": 90, "correlation_key": "fp|9e1b331b96a3adf75eb55ff85c2ac1feb652b836b326c7df5b083e2138f45b98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shell/pwsh.rs"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141022, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51fcc3b2d5642ee3e01c52fa148c8bac340fff8d5fee08593fe5bacbe1a601d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/shell/bash.rs", "duplicate_line": 89, "correlation_key": "fp|51fcc3b2d5642ee3e01c52fa148c8bac340fff8d5fee08593fe5bacbe1a601d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shell/fish.rs"}, "region": {"startLine": 174}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c27c7d79ad0b900cb152df4cf5c0f52931418ae4d113dad712a3c6ba7ce15507", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/asdf_plugin.rs", "duplicate_line": 176, "correlation_key": "fp|c27c7d79ad0b900cb152df4cf5c0f52931418ae4d113dad712a3c6ba7ce15507"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/vfox_plugin.rs"}, "region": {"startLine": 132}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5048f70df84b91f073b053dd1841f87b061fc0d3cb6c9dbee81ba41eaaa84646", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/backend/ubi.rs", "duplicate_line": 318, "correlation_key": "fp|5048f70df84b91f073b053dd1841f87b061fc0d3cb6c9dbee81ba41eaaa84646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/core/java.rs"}, "region": {"startLine": 563}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141019, "scanner": "repobility-ai-code-hygiene", "fingerprint": "caa75e498a701750a161425316270190e294a713b85d563b5ac674d5a51f242b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/forgejo.rs", "duplicate_line": 107, "correlation_key": "fp|caa75e498a701750a161425316270190e294a713b85d563b5ac674d5a51f242b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gitlab.rs"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4cce73519fe7c9643d33ee76d4625ca5c68a084df17f3b5e5134a8680c1fff57", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/github.rs", "duplicate_line": 59, "correlation_key": "fp|4cce73519fe7c9643d33ee76d4625ca5c68a084df17f3b5e5134a8680c1fff57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gitlab.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141017, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7e2ca26f002891a6871377c837f2115461a47a3469001feff28f648d0a330ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/forgejo.rs", "duplicate_line": 1, "correlation_key": "fp|c7e2ca26f002891a6871377c837f2115461a47a3469001feff28f648d0a330ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/github.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141016, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2f2540ee91150ed29988e09294e54e15cb74f381275223be25be5149ed64b53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/deps/providers/pip.rs", "duplicate_line": 22, "correlation_key": "fp|f2f2540ee91150ed29988e09294e54e15cb74f381275223be25be5149ed64b53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/deps/providers/uv.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141015, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8ba683e06e8cef4b11e0d2322f9830c91aec255a9796c9183f544e71713dab7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/deps/providers/pip.rs", "duplicate_line": 22, "correlation_key": "fp|b8ba683e06e8cef4b11e0d2322f9830c91aec255a9796c9183f544e71713dab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/deps/providers/poetry.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141014, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14d367e9d69d78a9e303eed8460c62961ac4772b17143bd2b0abd335ac113c0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/lock.rs", "duplicate_line": 149, "correlation_key": "fp|14d367e9d69d78a9e303eed8460c62961ac4772b17143bd2b0abd335ac113c0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/upgrade.rs"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141013, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19c560b81a4a1909a42783070819a396631db6eb2821f157987808d1096ae18b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/token/forgejo.rs", "duplicate_line": 10, "correlation_key": "fp|19c560b81a4a1909a42783070819a396631db6eb2821f157987808d1096ae18b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/token/gitlab.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141012, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3621a21fee4e6068f84b87a584782d8dbf3b9e808a098b75ccd99d39a02f1e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/sync/node.rs", "duplicate_line": 24, "correlation_key": "fp|a3621a21fee4e6068f84b87a584782d8dbf3b9e808a098b75ccd99d39a02f1e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/sync/ruby.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c8bed31db18fad651bd20127b5ecf4d548dbe4a8ce42964a5077214ab19ba91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/settings/set.rs", "duplicate_line": 55, "correlation_key": "fp|6c8bed31db18fad651bd20127b5ecf4d548dbe4a8ce42964a5077214ab19ba91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/settings/unset.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee5f34a26196597d67691644f9d3b33133aec71ff6b4693b0f6565697b537cdf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/self_update.rs", "duplicate_line": 13, "correlation_key": "fp|ee5f34a26196597d67691644f9d3b33133aec71ff6b4693b0f6565697b537cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/self_update_stub.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141009, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec49e7fa42e12a38cf3b6007cc3811ed098033ffa54b8a43a75f4243751bdb9f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/plugins/install.rs", "duplicate_line": 75, "correlation_key": "fp|ec49e7fa42e12a38cf3b6007cc3811ed098033ffa54b8a43a75f4243751bdb9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/plugins/update.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141008, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b49efae93f4ab38a3af2004ab26d4760b583384c618e18fee05ad8b003cf0ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cli/deps/add.rs", "duplicate_line": 12, "correlation_key": "fp|5b49efae93f4ab38a3af2004ab26d4760b583384c618e18fee05ad8b003cf0ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/deps/remove.rs"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141007, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29ad69d535b9fef1cad59b8aa9cac5d57be2a0d7cff5f05363a27dd87eb1107c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/backend/http.rs", "duplicate_line": 101, "correlation_key": "fp|29ad69d535b9fef1cad59b8aa9cac5d57be2a0d7cff5f05363a27dd87eb1107c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/backend/s3.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 141006, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d87fb12803d4b896e4b783a9c851595e1349263bf52b9f3429dbe6c71756c936", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "build.rs", "duplicate_line": 472, "correlation_key": "fp|d87fb12803d4b896e4b783a9c851595e1349263bf52b9f3429dbe6c71756c936"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/aqua-registry/src/compiled.rs"}, "region": {"startLine": 150}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 141005, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d25ada45c01b1974123b8743f4a4080c908c310b77aa03001c97d9b59d31eaa", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2d25ada45c01b1974123b8743f4a4080c908c310b77aa03001c97d9b59d31eaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/self_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 141144, "scanner": "repobility-threat-engine", "fingerprint": "7c76e6d25db68097f3829bd005e6b57f6d85d4e5c3251b0eed12d69f0227e25e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c76e6d25db68097f3829bd005e6b57f6d85d4e5c3251b0eed12d69f0227e25e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "xtasks/fig/addCustomGenerators.ts"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 141142, "scanner": "repobility-threat-engine", "fingerprint": "6cecc470e8a2749213823106c7024f8a4dd06c1ea34a3fbc593ce9a71ce05a09", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cecc470e8a2749213823106c7024f8a4dd06c1ea34a3fbc593ce9a71ce05a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task/task_file_providers/remote_task_http.rs"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 141141, "scanner": "repobility-threat-engine", "fingerprint": "57548ae43a6eb15a19ae254520f9938d7a4337cf010bc6a734a8715ceb5c0485", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57548ae43a6eb15a19ae254520f9938d7a4337cf010bc6a734a8715ceb5c0485"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/task/task_fetcher.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 141140, "scanner": "repobility-threat-engine", "fingerprint": "4ebe8e81f911dd87e7e84c1909b487e11a1f9c3af5d78e13e91bd13c5ad1b15a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ebe8e81f911dd87e7e84c1909b487e11a1f9c3af5d78e13e91bd13c5ad1b15a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/remote_source.rs"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED019", "level": "none", "message": {"text": "[MINED019] Ssti Jinja From String (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 141138, "scanner": "repobility-threat-engine", "fingerprint": "863f50ceeb9c6c0babbffc4bc831090fb1bb3866aeb4c09038ee3520419aadc9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|863f50ceeb9c6c0babbffc4bc831090fb1bb3866aeb4c09038ee3520419aadc9", "aggregated_count": 1}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 141132, "scanner": "repobility-threat-engine", "fingerprint": "f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f9d07b0c7ffad02db1f740a230b292fea409ad3be0b2aa27fc089cb7ccf130eb", "aggregated_count": 4}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 141131, "scanner": "repobility-threat-engine", "fingerprint": "c2dfb250f88dedf8d8f6494f93c18ad98e9b8c61abd13712667b52a403153e91", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2dfb250f88dedf8d8f6494f93c18ad98e9b8c61abd13712667b52a403153e91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/sandbox/seccomp.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 141130, "scanner": "repobility-threat-engine", "fingerprint": "65b0256ecf3f7b644f37f3d61e95c673f9b67cb8536473ae46673a32a956ede2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65b0256ecf3f7b644f37f3d61e95c673f9b67cb8536473ae46673a32a956ede2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main.rs"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 141129, "scanner": "repobility-threat-engine", "fingerprint": "75a459484f61f2d4d44de157903873281ad039f99b3e54ea2e6e121888b40c22", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75a459484f61f2d4d44de157903873281ad039f99b3e54ea2e6e121888b40c22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/lua_mod/env.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 141126, "scanner": "repobility-threat-engine", "fingerprint": "11b4c062d5c539ccdcb8ef70bfb76cee4a5343c8eb4040c673d2236a3c4183e8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|11b4c062d5c539ccdcb8ef70bfb76cee4a5343c8eb4040c673d2236a3c4183e8", "aggregated_count": 8}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 141125, "scanner": "repobility-threat-engine", "fingerprint": "c3ab5b0158d89c5f43b4262f5ce7728166f39d00389296199a3da5db79274035", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3ab5b0158d89c5f43b4262f5ce7728166f39d00389296199a3da5db79274035"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/deactivate.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 141124, "scanner": "repobility-threat-engine", "fingerprint": "57b1c8539b10cd924058bfcfef1a5ef46e01271048b1def5ad3f77036c457b8e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57b1c8539b10cd924058bfcfef1a5ef46e01271048b1def5ad3f77036c457b8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/activate.rs"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 141123, "scanner": "repobility-threat-engine", "fingerprint": "8dfb918c4e69da27c1c612d3032355491a108fe1422c7a5dfbbac5591b9423c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dfb918c4e69da27c1c612d3032355491a108fe1422c7a5dfbbac5591b9423c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/http.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 141119, "scanner": "repobility-threat-engine", "fingerprint": "3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "aggregated_count": 1}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 141118, "scanner": "repobility-threat-engine", "fingerprint": "f98a52ae00e3ed060af86cffa8c8d212dd40f25238efd54c94b3e1a609ce39e0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f98a52ae00e3ed060af86cffa8c8d212dd40f25238efd54c94b3e1a609ce39e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/hooks/env_keys.rs"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 141117, "scanner": "repobility-threat-engine", "fingerprint": "588bc5091004b20d26f551b8af12a779ae6378d67527a8813e6196c01ef36225", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|588bc5091004b20d26f551b8af12a779ae6378d67527a8813e6196c01ef36225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/hooks/available.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 141116, "scanner": "repobility-threat-engine", "fingerprint": "9016ae5128886c123944ff07c9edf79b543ef27d3a40052c92959e4a94004e6a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9016ae5128886c123944ff07c9edf79b543ef27d3a40052c92959e4a94004e6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/bin.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED007", "level": "none", "message": {"text": "[MINED007] Sql String Concat (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 141114, "scanner": "repobility-threat-engine", "fingerprint": "d701a84fb17e29db3c3fd03a7bb4db8922761aaa6fab15fb2cd7dd897f5fd9b1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d701a84fb17e29db3c3fd03a7bb4db8922761aaa6fab15fb2cd7dd897f5fd9b1", "aggregated_count": 4}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 141110, "scanner": "repobility-threat-engine", "fingerprint": "58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58c4da94b9afa5e01231817b007f3565b1e41c81ffd2047d0b8bd42d1b51c56a", "aggregated_count": 2}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 141106, "scanner": "repobility-threat-engine", "fingerprint": "69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|69b8d1ab6ebdf0e67a4943a9d246df28ccefb397d7d029799319621fefe41b25"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 141102, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 115 more): Same pattern found in 115 additional files. Review if needed."}, "properties": {"repobilityId": 141098, "scanner": "repobility-threat-engine", "fingerprint": "0d088adaab53fefdd85c6c5da8af9ab4b3250d67c81323d0de78170853d93012", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 115 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0d088adaab53fefdd85c6c5da8af9ab4b3250d67c81323d0de78170853d93012", "aggregated_count": 115}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 141094, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `eslint-plugin-compat` is patch version(s) behind (^7.0.1 -> 7.0.2)"}, "properties": {"repobilityId": 141078, "scanner": "repobility-dependency-currency", "fingerprint": "77d3fceca868fc23a665fb99d080536eeed66fdbd19a2b3f15d639bc440b3827", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-plugin-compat", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.0.2", "correlation_key": "fp|77d3fceca868fc23a665fb99d080536eeed66fdbd19a2b3f15d639bc440b3827", "current_version": "^7.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@tsconfig/node24` is patch version(s) behind (^24.0.0 -> 24.0.4)"}, "properties": {"repobilityId": 141077, "scanner": "repobility-dependency-currency", "fingerprint": "3070573ed6fc4befeab257dea625a472748f7923b934eee484034d29a4e9cfd2", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tsconfig/node24", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "24.0.4", "correlation_key": "fp|3070573ed6fc4befeab257dea625a472748f7923b934eee484034d29a4e9cfd2", "current_version": "^24.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q5j8-9m9g-x2jh", "level": "error", "message": {"text": "module-from-string: GHSA-q5j8-9m9g-x2jh"}, "properties": {"repobilityId": 141170, "scanner": "osv-scanner", "fingerprint": "aa2a7bcf6d60e5987bbc640bd673f22cd64416c369464146c67f977d74f1fe65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-57072"], "package": "module-from-string", "rule_id": "GHSA-q5j8-9m9g-x2jh", "scanner": "osv-scanner", "correlation_key": "vuln|module-from-string|CVE-2024-57072|bun.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bun.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0071", "level": "error", "message": {"text": "rsa: RUSTSEC-2023-0071"}, "properties": {"repobilityId": 141169, "scanner": "osv-scanner", "fingerprint": "8d2ec21cf46ba80ff1843c2b573a651f4162fc37b24b67de47343d2180e0463e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-49092", "GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr"], "package": "rsa", "rule_id": "RUSTSEC-2023-0071", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2023-49092|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0119", "level": "error", "message": {"text": "number_prefix: RUSTSEC-2025-0119"}, "properties": {"repobilityId": 141168, "scanner": "osv-scanner", "fingerprint": "cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "number_prefix", "rule_id": "RUSTSEC-2025-0119", "scanner": "osv-scanner", "correlation_key": "fp|cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0002", "level": "error", "message": {"text": "lru: RUSTSEC-2026-0002"}, "properties": {"repobilityId": 141167, "scanner": "osv-scanner", "fingerprint": "55cddf09b8e903a4447dab5af29af25d6d1e296c37dab01986114159b4e19865", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-rhfx-m35p-ff5j"], "package": "lru", "rule_id": "RUSTSEC-2026-0002", "scanner": "osv-scanner", "correlation_key": "vuln|lru|GHSA-RHFX-M35P-FF5J|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rhfx-m35p-ff5j", "RUSTSEC-2026-0002"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["55cddf09b8e903a4447dab5af29af25d6d1e296c37dab01986114159b4e19865", "f7511434ae66124b731f3584daca20a14062fa1d2a91ccce3ea718c421d33184"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 141143, "scanner": "repobility-threat-engine", "fingerprint": "db44cd80f5575fdfce1f8eecb4518f0fe28d49398c863ed43b34d8b5f4f46664", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(input.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|db44cd80f5575fdfce1f8eecb4518f0fe28d49398c863ed43b34d8b5f4f46664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/sops.rs"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 141139, "scanner": "repobility-threat-engine", "fingerprint": "35381a7d64959ef29c306b02aa553dc0f752b54737be390a47190b5d3cf683df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35381a7d64959ef29c306b02aa553dc0f752b54737be390a47190b5d3cf683df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/core/swift.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 141128, "scanner": "repobility-threat-engine", "fingerprint": "c1d11c54185b3e33f6eacaa6814a0fd237c43fb43331f348e70f4b79e2ca5a7a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(exec", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c1d11c54185b3e33f6eacaa6814a0fd237c43fb43331f348e70f4b79e2ca5a7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/direnv/mod.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 141127, "scanner": "repobility-threat-engine", "fingerprint": "5939fdb4d02cdc786be3f0bfd5bdc847ec55b1928c7238932e03494ccfd77275", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(lua", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5939fdb4d02cdc786be3f0bfd5bdc847ec55b1928c7238932e03494ccfd77275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/lua_mod/cmd.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 141122, "scanner": "repobility-threat-engine", "fingerprint": "9b5f3110a32047f2295b28230b64acd3d0f4b90a86936fafd1ba034eb128e343", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b5f3110a32047f2295b28230b64acd3d0f4b90a86936fafd1ba034eb128e343"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/config/config_file/idiomatic_version/mod.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 141121, "scanner": "repobility-threat-engine", "fingerprint": "594e751aa66ff1f701e900b7e1b0a7c86525d26d703385ab42d3e16a1eeeecbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|594e751aa66ff1f701e900b7e1b0a7c86525d26d703385ab42d3e16a1eeeecbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/lua_mod/archiver.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 141120, "scanner": "repobility-threat-engine", "fingerprint": "b5576be5f9eb412e4ff1da4bc655977cc4deb84549e59598a69ec711a131f1f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5576be5f9eb412e4ff1da4bc655977cc4deb84549e59598a69ec711a131f1f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/src/hooks/pre_use.rs"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 141109, "scanner": "repobility-threat-engine", "fingerprint": "52fd2dad95044824675d5d74f94749c24a70bd37e4afea200759d8e18bfc6b14", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|52fd2dad95044824675d5d74f94749c24a70bd37e4afea200759d8e18bfc6b14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/types/mise-plugin.lua"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 141108, "scanner": "repobility-threat-engine", "fingerprint": "970412c199193d0465e3bb2bcb56d3c8f27f032f1372b7d9e3571b9dd2f51889", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|970412c199193d0465e3bb2bcb56d3c8f27f032f1372b7d9e3571b9dd2f51889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-ant/hooks/pre_install.lua"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 141107, "scanner": "repobility-threat-engine", "fingerprint": "ba7c3233ec9c1691377f027b918b60f1e5c92c1205f0ec9a21356d0b9e659f17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba7c3233ec9c1691377f027b918b60f1e5c92c1205f0ec9a21356d0b9e659f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-android-sdk/hooks/pre_install.lua"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 141101, "scanner": "repobility-threat-engine", "fingerprint": "3f9343f8a3c93495b6907500c918612ee523f4e4546b7c286e6b3af7c25c8ff2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "global_config.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3f9343f8a3c93495b6907500c918612ee523f4e4546b7c286e6b3af7c25c8ff2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/shell_alias/unset.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 141100, "scanner": "repobility-threat-engine", "fingerprint": "cf28348a9edd699100bba4485b2ab3984d7d9ed9f960c442cf0f7dffc66ff042", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "global_config.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf28348a9edd699100bba4485b2ab3984d7d9ed9f960c442cf0f7dffc66ff042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/shell_alias/set.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 141099, "scanner": "repobility-threat-engine", "fingerprint": "49b0ea1874920173c8b31fb76d1d621e751f236885fcbfacb6e16b0c253c12ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "edit.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|49b0ea1874920173c8b31fb76d1d621e751f236885fcbfacb6e16b0c253c12ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/mise-interactive-config/src/inline_edit.rs"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 141097, "scanner": "repobility-threat-engine", "fingerprint": "f46611d3a634172725969bdc7434240e4f190437ce7d391b715f96f4fcf4d37d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f46611d3a634172725969bdc7434240e4f190437ce7d391b715f96f4fcf4d37d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/mise-interactive-config/src/picker.rs"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 141096, "scanner": "repobility-threat-engine", "fingerprint": "64231d341cca5383f60015ee7e346f8189ec8c3e5065f8180737ecbb46988b59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64231d341cca5383f60015ee7e346f8189ec8c3e5065f8180737ecbb46988b59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/aqua-registry/src/compiled.rs"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 141095, "scanner": "repobility-threat-engine", "fingerprint": "9851b083b64c1e1077b7953bf387e126141cbb24a24dfb16a705cb9f96f42d6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9851b083b64c1e1077b7953bf387e126141cbb24a24dfb16a705cb9f96f42d6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/aqua-registry/src/codec.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 141093, "scanner": "repobility-threat-engine", "fingerprint": "0bb943c6c181b8c7e501145014a6efb47686bf8ce1dd733d1b496e911086f837", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bb943c6c181b8c7e501145014a6efb47686bf8ce1dd733d1b496e911086f837"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-scala/hooks/pre_install.lua"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 141092, "scanner": "repobility-threat-engine", "fingerprint": "2d905982defdc36ebc504f19618f5ab4435d24595d9b7df5aa8225c218bdc02c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2d905982defdc36ebc504f19618f5ab4435d24595d9b7df5aa8225c218bdc02c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-aapt2/hooks/pre_install.lua"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 141091, "scanner": "repobility-threat-engine", "fingerprint": "0719eb2459a8c58b5dfdf5cf7b6793c6388ed90fa2fa6b0b730f05dceb927e67", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0719eb2459a8c58b5dfdf5cf7b6793c6388ed90fa2fa6b0b730f05dceb927e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cloudflare/workers/mise-run.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `ghcr.io/jdx/mise:copr` unpinned"}, "properties": {"repobilityId": 141051, "scanner": "repobility-supply-chain", "fingerprint": "6e7e91a018962f1a645b24813dd00b8983038c3da7bb2f5040ba7178aabfa5b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e7e91a018962f1a645b24813dd00b8983038c3da7bb2f5040ba7178aabfa5b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copr-publish.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 141049, "scanner": "repobility-ast-engine", "fingerprint": "618294b02fe664a58adddc0bff0bf8536dfc380ac7e4988c739b614a546c4268", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|618294b02fe664a58adddc0bff0bf8536dfc380ac7e4988c739b614a546c4268"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 141048, "scanner": "repobility-ast-engine", "fingerprint": "a3b743d62744b3de43ab0dcc82a5e7564a9849b3fc41a143261b1f7b2b626bbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3b743d62744b3de43ab0dcc82a5e7564a9849b3fc41a143261b1f7b2b626bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 141047, "scanner": "repobility-ast-engine", "fingerprint": "e23877fb34fa364a8bf629e00fae5bbb2c0edf31f8ba10fc621bfc2608282e50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e23877fb34fa364a8bf629e00fae5bbb2c0edf31f8ba10fc621bfc2608282e50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 141046, "scanner": "repobility-ast-engine", "fingerprint": "3c5dfe2c5ccc5a64d0f584827f24e8ade18a11e4edaa615d726800f7db28fb2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c5dfe2c5ccc5a64d0f584827f24e8ade18a11e4edaa615d726800f7db28fb2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 141045, "scanner": "repobility-ast-engine", "fingerprint": "fe76136c7019776b167d4f2e3456325cde7b11252a39a58c4b61bba714ed2360", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe76136c7019776b167d4f2e3456325cde7b11252a39a58c4b61bba714ed2360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 141044, "scanner": "repobility-ast-engine", "fingerprint": "fe3eb42b4448c9d90b7d8ba8b36dba5f03a5e9f3582a2dae9364c2018d4fd87b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe3eb42b4448c9d90b7d8ba8b36dba5f03a5e9f3582a2dae9364c2018d4fd87b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 141043, "scanner": "repobility-ast-engine", "fingerprint": "0f45d454bf00e2d5f22b40927b30df9546417a21ab76519c50d6d9eb955eced1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f45d454bf00e2d5f22b40927b30df9546417a21ab76519c50d6d9eb955eced1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 141042, "scanner": "repobility-ast-engine", "fingerprint": "533f66b19ad794ecc9c63a96fcd5d1bcb69bb8fdd584339fc2e3dedb82687a91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|533f66b19ad794ecc9c63a96fcd5d1bcb69bb8fdd584339fc2e3dedb82687a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 141041, "scanner": "repobility-ast-engine", "fingerprint": "b0d50edc20f2c444fc320ade513d902677c9f65d4c0868fcf868e06dd5b18068", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0d50edc20f2c444fc320ade513d902677c9f65d4c0868fcf868e06dd5b18068"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 141040, "scanner": "repobility-ast-engine", "fingerprint": "9659459e26b9ceaeb766d51a67da1eac58e428863f28154874360c0e47982c1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9659459e26b9ceaeb766d51a67da1eac58e428863f28154874360c0e47982c1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 141039, "scanner": "repobility-ast-engine", "fingerprint": "7356b04a3874b19367d9a866af12794811d6c097415db06fd23eb1af7f673115", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7356b04a3874b19367d9a866af12794811d6c097415db06fd23eb1af7f673115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 141038, "scanner": "repobility-ast-engine", "fingerprint": "1cee12b268477763921026569d60232c51d62b3372f617cdfc44ac60c9cab7b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1cee12b268477763921026569d60232c51d62b3372f617cdfc44ac60c9cab7b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 141037, "scanner": "repobility-ast-engine", "fingerprint": "8ca5c7d8105c82912aa92bc72b57401a69ab2df70f4751f5959bdef0dc989c15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ca5c7d8105c82912aa92bc72b57401a69ab2df70f4751f5959bdef0dc989c15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers/scripts/tool_stub_test_server.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.rfile` used but never assigned in __init__"}, "properties": {"repobilityId": 141036, "scanner": "repobility-ast-engine", "fingerprint": "654ed866c0e2dd84c2696ac3bb3840a559fb764729a8fc99ac60f7f8e263fc32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|654ed866c0e2dd84c2696ac3bb3840a559fb764729a8fc99ac60f7f8e263fc32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 141035, "scanner": "repobility-ast-engine", "fingerprint": "2c38b1adf6aea254a312f0edf632f3d6a75e0e4b0adf3469b297edee385b2e1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c38b1adf6aea254a312f0edf632f3d6a75e0e4b0adf3469b297edee385b2e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 141034, "scanner": "repobility-ast-engine", "fingerprint": "e43802ad11dc9ddaea2e99399a2cd368fa1000dea2eb18e57786265d15b8d589", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e43802ad11dc9ddaea2e99399a2cd368fa1000dea2eb18e57786265d15b8d589"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.token_payload` used but never assigned in __init__"}, "properties": {"repobilityId": 141033, "scanner": "repobility-ast-engine", "fingerprint": "d7525c2504256be3bffe8b07e58e3a18df1d516da7900909cfa6fc3408601f89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7525c2504256be3bffe8b07e58e3a18df1d516da7900909cfa6fc3408601f89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.headers` used but never assigned in __init__"}, "properties": {"repobilityId": 141032, "scanner": "repobility-ast-engine", "fingerprint": "2ae2ba47ae6096115ff37453c8a006fad0c9eec97bd1370e9464734de459d639", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ae2ba47ae6096115ff37453c8a006fad0c9eec97bd1370e9464734de459d639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 141031, "scanner": "repobility-ast-engine", "fingerprint": "23518396af81b6fc56075c3cc979b5da8359ba0584d3d1d7ca5ad229fbe73b44", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23518396af81b6fc56075c3cc979b5da8359ba0584d3d1d7ca5ad229fbe73b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 141030, "scanner": "repobility-ast-engine", "fingerprint": "14bf9855271d40d0c6952128feb7aa450e3bdab03ac71c6565a5b92fe02c8d56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14bf9855271d40d0c6952128feb7aa450e3bdab03ac71c6565a5b92fe02c8d56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 141029, "scanner": "repobility-ast-engine", "fingerprint": "b4312e7bb314d52aca1c40535ba1d0318a75042215814a1e4e60a4a89d48f026", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4312e7bb314d52aca1c40535ba1d0318a75042215814a1e4e60a4a89d48f026"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 141028, "scanner": "repobility-ast-engine", "fingerprint": "31d987d53ac3db126d1bba623475c54472f662167e9d5c397dc1269ced07764b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31d987d53ac3db126d1bba623475c54472f662167e9d5c397dc1269ced07764b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 141027, "scanner": "repobility-ast-engine", "fingerprint": "f60a8599032fa1eedc6ad7a7bfb1714a24ed9de354f6424fbf16b05c93d24aa2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f60a8599032fa1eedc6ad7a7bfb1714a24ed9de354f6424fbf16b05c93d24aa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 141026, "scanner": "repobility-ast-engine", "fingerprint": "76148b44a96cfab99ee9e3cb6947778e6c15e8035edf8f5b47839a67e2fe8bbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|76148b44a96cfab99ee9e3cb6947778e6c15e8035edf8f5b47839a67e2fe8bbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 141025, "scanner": "repobility-ast-engine", "fingerprint": "0be02323ed7b25d075bd4628e16ca14dc75e2452fb635bcbe6a1726aefc954c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0be02323ed7b25d075bd4628e16ca14dc75e2452fb635bcbe6a1726aefc954c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/fixtures/mock-github-oauth.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141166, "scanner": "gitleaks", "fingerprint": "deff0b216b084667fd4f767f9390d87b295bdafd76e2ade72e372e196d044266", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "oauth_token: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/gitlab.rs|53|oauth_token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gitlab.rs"}, "region": {"startLine": 534}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141165, "scanner": "gitleaks", "fingerprint": "18b6e757253a3f6063399ee44f09af28635382d7c88b7d488a788027887c03ff", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/gitlab.rs|45|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gitlab.rs"}, "region": {"startLine": 456}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141164, "scanner": "gitleaks", "fingerprint": "9024392bc336ce8fecdb77332e63c7a382a4aa6ecda75923563d599ff4562eaf", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "TOKEN=\"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|e2e/cli/test_token_forgejo|5|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/cli/test_token_forgejo"}, "region": {"startLine": 56}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141163, "scanner": "gitleaks", "fingerprint": "080e7d48a29346292f1acadc07a450ef592b5303a70d13d5ba3d9dcd0011a44d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "__MISE_ENV_CACHE_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|e2e/env/test_env_cache|1|__mise_env_cache_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/env/test_env_cache"}, "region": {"startLine": 7}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141162, "scanner": "gitleaks", "fingerprint": "2d2d317d757dd91e865a241b6f2b49a5ea021df0f3f56e4ce3b8d3dc50dae2c3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "__MISE_ENV_CACHE_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|e2e/env/test_env_cache_venv|2|__mise_env_cache_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/env/test_env_cache_venv"}, "region": {"startLine": 24}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141161, "scanner": "gitleaks", "fingerprint": "706310fac8ba1f5ef8fedd4c2b3e3655130629255e6fde6ea7ef43cae999c49d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "__MISE_ENV_CACHE_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|__mise_env_cache_key redacted", "duplicate_count": 4, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["4788c2764806eff40b756b18572da1ced5af4e57fabd4dabac98c4474313759f", "706310fac8ba1f5ef8fedd4c2b3e3655130629255e6fde6ea7ef43cae999c49d", "7e55d3f1c099c9c549b85cbbb84ec807f593719a10f1e368c1074b9ca968b4d3", "f3ff937eee6b44082018a0be33c6ba1d6a3d281acaf11684c0c59cdba639f453", "f67b16a641fb84bd42a3780ca1b1359dbb7f391d0701aa70a7ca944ee55f20cf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/env/test_env_cache_fresh"}, "region": {"startLine": 9}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 141160, "scanner": "gitleaks", "fingerprint": "f77fda1dfa74f8facbfcdbe5c5599cb6ad28977e7d5f68ee1dbdfa674da4fd1f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "apiKey: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/.vitepress/config.ts|25|apikey: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/.vitepress/config.ts"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 141137, "scanner": "repobility-threat-engine", "fingerprint": "54a4633e0f47969edad58396ecba4b7361699c7aa93317be02819d2d0526da69", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54a4633e0f47969edad58396ecba4b7361699c7aa93317be02819d2d0526da69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/config/env_directive/source.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 141136, "scanner": "repobility-threat-engine", "fingerprint": "ad5277df06a432302ab5f4f8aa6e964460a9d475efca4963fc8f502a7f5f1040", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad5277df06a432302ab5f4f8aa6e964460a9d475efca4963fc8f502a7f5f1040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/config/env_directive/path.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 141135, "scanner": "repobility-threat-engine", "fingerprint": "a6d60af9e4f12884c3cf49f245c0c08cdc317ac463eb8794a5c2b2ae6b766abf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6d60af9e4f12884c3cf49f245c0c08cdc317ac463eb8794a5c2b2ae6b766abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/config/env_directive/file.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 141134, "scanner": "repobility-threat-engine", "fingerprint": "04b866bb707b3098858c5d0fa46b5914ac7e778095b78886b8c67d6f37696cca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04b866bb707b3098858c5d0fa46b5914ac7e778095b78886b8c67d6f37696cca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release-alpine.sh"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 141113, "scanner": "repobility-threat-engine", "fingerprint": "168a1e33db8511da4ee00b77df32b51f11a35b5bc88448d65e7ea38983bf62c2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|168a1e33db8511da4ee00b77df32b51f11a35b5bc88448d65e7ea38983bf62c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-leiningen/hooks/post_install.lua"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 141112, "scanner": "repobility-threat-engine", "fingerprint": "21645afd48c11d76877d21dea65dde4a4198d287b74530802f7bb0f07ff56ce6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|21645afd48c11d76877d21dea65dde4a4198d287b74530802f7bb0f07ff56ce6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-chicken/hooks/post_install.lua"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED007", "level": "error", "message": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"repobilityId": 141111, "scanner": "repobility-threat-engine", "fingerprint": "67737bdd5e793f7a5208d3cea272c20cc6b90c74a0509e2e2d8942bc2fe9bdc8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "sql-string-concat", "owasp": "A03:2021", "cwe_ids": ["CWE-89"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347914+00:00", "triaged_in_corpus": 20, "observations_count": 210457, "ai_coder_pattern_id": 12}, "scanner": "repobility-threat-engine", "correlation_key": "fp|67737bdd5e793f7a5208d3cea272c20cc6b90c74a0509e2e2d8942bc2fe9bdc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/vfox/embedded-plugins/vfox-azure-functions-core-tools/hooks/post_install.lua"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ZIPSIGN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141076, "scanner": "repobility-supply-chain", "fingerprint": "203077954692354fbba2a41d9cf0e03373e5e93bd9770d981ebc2c92ed0ab860", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|203077954692354fbba2a41d9cf0e03373e5e93bd9770d981ebc2c92ed0ab860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GPG_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141075, "scanner": "repobility-supply-chain", "fingerprint": "ce356511fd0afb8bb117aa7e6219958412d98af3e1fc1d095abbcb31a0529df9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce356511fd0afb8bb117aa7e6219958412d98af3e1fc1d095abbcb31a0529df9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GPG_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141074, "scanner": "repobility-supply-chain", "fingerprint": "4b0ed90383cc38085e83f637dca6fec39d7c3f34e38ad3d9e83a32ef4a32b90b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b0ed90383cc38085e83f637dca6fec39d7c3f34e38ad3d9e83a32ef4a32b90b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GPG_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141073, "scanner": "repobility-supply-chain", "fingerprint": "4ac449d44efc807ff62afc275d14bb0cd12042ea7c9c8e38175cbdcfed6cf61f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ac449d44efc807ff62afc275d14bb0cd12042ea7c9c8e38175cbdcfed6cf61f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTS_P12_PASS` on a `pull_request` trigger"}, "properties": {"repobilityId": 141072, "scanner": "repobility-supply-chain", "fingerprint": "472688c033be3774aa423dd4101d6b778d24a493390e50e91b76dc66da605ade", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|472688c033be3774aa423dd4101d6b778d24a493390e50e91b76dc66da605ade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTS_P12` on a `pull_request` trigger"}, "properties": {"repobilityId": 141071, "scanner": "repobility-supply-chain", "fingerprint": "987d57ec3516e2401e38119176d8b6e69e51fa14d13f095ee0cd3459d8a9f315", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|987d57ec3516e2401e38119176d8b6e69e51fa14d13f095ee0cd3459d8a9f315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MINIO_AWS_SECRET_ACCESS_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141070, "scanner": "repobility-supply-chain", "fingerprint": "1eefa850fe99cd5ae11ac7cc3ed3c6a54b9afe21e7bb737cb2ddcaaf2a6813e9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1eefa850fe99cd5ae11ac7cc3ed3c6a54b9afe21e7bb737cb2ddcaaf2a6813e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MINIO_AWS_ACCESS_KEY_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 141069, "scanner": "repobility-supply-chain", "fingerprint": "1a8687ae49d270144600b0db84a316ff286e7edbd9a17529d5d1b0451552c165", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a8687ae49d270144600b0db84a316ff286e7edbd9a17529d5d1b0451552c165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MINIO_AWS_SECRET_ACCESS_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141068, "scanner": "repobility-supply-chain", "fingerprint": "761fffb50341d84086771e51d3540999c133bf47d044d06337bdcd28d4bf5fab", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|761fffb50341d84086771e51d3540999c133bf47d044d06337bdcd28d4bf5fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MINIO_AWS_ACCESS_KEY_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 141067, "scanner": "repobility-supply-chain", "fingerprint": "be31f7c36c4dde20c4d3a465844bd6de57f1185f3c7c7148244e3c64e503610a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|be31f7c36c4dde20c4d3a465844bd6de57f1185f3c7c7148244e3c64e503610a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141066, "scanner": "repobility-supply-chain", "fingerprint": "7b2d72fd22d8c7dce04a83f232fe4a8130f34ea58a2ab57e332e97f64ce3e2f9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b2d72fd22d8c7dce04a83f232fe4a8130f34ea58a2ab57e332e97f64ce3e2f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141065, "scanner": "repobility-supply-chain", "fingerprint": "517c66eed342a0b7cb7307e5249b9769d47cfe642df447c6728e4fbbd2a749b8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|517c66eed342a0b7cb7307e5249b9769d47cfe642df447c6728e4fbbd2a749b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141064, "scanner": "repobility-supply-chain", "fingerprint": "5603629ec6401312c125b6e2a31adfdcd45aeee409d44ea60f6107a368caf08e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5603629ec6401312c125b6e2a31adfdcd45aeee409d44ea60f6107a368caf08e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141063, "scanner": "repobility-supply-chain", "fingerprint": "da1810da33fee779213edf8263245c119990d169d19efd581b49557db20463db", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da1810da33fee779213edf8263245c119990d169d19efd581b49557db20463db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/registry.yml"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_VERSIONS_API_SECRET` on a `pull_request` trigger"}, "properties": {"repobilityId": 141062, "scanner": "repobility-supply-chain", "fingerprint": "7b50fcb10b427a1d92e38e45d74d281bef0a4689474afa26bc7c486deb33632b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b50fcb10b427a1d92e38e45d74d281bef0a4689474afa26bc7c486deb33632b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/registry.yml"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141061, "scanner": "repobility-supply-chain", "fingerprint": "ce8e8b9b0d99846d521e97d25b255517a71fcfb5f0b413f6f8c4210b333704ae", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce8e8b9b0d99846d521e97d25b255517a71fcfb5f0b413f6f8c4210b333704ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/registry.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141060, "scanner": "repobility-supply-chain", "fingerprint": "94f37e44cfae27592f5d0e91d276688e1dbff39197c66419d8ab10f7e7a5214e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94f37e44cfae27592f5d0e91d276688e1dbff39197c66419d8ab10f7e7a5214e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/registry.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141059, "scanner": "repobility-supply-chain", "fingerprint": "e6bcd71c70121e5f5841370edc0f8769b2956a2c847a14bfb3a40506310e2e34", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6bcd71c70121e5f5841370edc0f8769b2956a2c847a14bfb3a40506310e2e34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/hyperfine.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CLOUDFLARE_SECRET_ACCESS_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 141058, "scanner": "repobility-supply-chain", "fingerprint": "308ff3ea5fb600848143e31504caf41667ee4b15e341c2dead0376f91f801e18", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|308ff3ea5fb600848143e31504caf41667ee4b15e341c2dead0376f91f801e18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CLOUDFLARE_ACCESS_KEY_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 141057, "scanner": "repobility-supply-chain", "fingerprint": "ec1123c845c9a3e94fec09bc9933683b460e9ef0bce22516e82d22bda02f150e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec1123c845c9a3e94fec09bc9933683b460e9ef0bce22516e82d22bda02f150e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141056, "scanner": "repobility-supply-chain", "fingerprint": "ffac6370d2c488e375d6bedfb905afe7f02250d567a9f4eeb3b0552a7cc8f70b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ffac6370d2c488e375d6bedfb905afe7f02250d567a9f4eeb3b0552a7cc8f70b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_VERSIONS_API_SECRET` on a `pull_request` trigger"}, "properties": {"repobilityId": 141055, "scanner": "repobility-supply-chain", "fingerprint": "219908bef482eea7ae3ec71c6c859fdd6ae1c27ddb69abb6b39a4e88ce08bc92", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|219908bef482eea7ae3ec71c6c859fdd6ae1c27ddb69abb6b39a4e88ce08bc92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.FORGEJO_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141054, "scanner": "repobility-supply-chain", "fingerprint": "f1f6d2e2eda7c33d79b04bbd12ee7d4bb5557c2d870bad23c15a4845ce9dc17d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1f6d2e2eda7c33d79b04bbd12ee7d4bb5557c2d870bad23c15a4845ce9dc17d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141053, "scanner": "repobility-supply-chain", "fingerprint": "870b1ac49a7373dcb3df9be8d737de93aa408dcadf26328d0b7c549b57dde703", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|870b1ac49a7373dcb3df9be8d737de93aa408dcadf26328d0b7c549b57dde703"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.MISE_GH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 141052, "scanner": "repobility-supply-chain", "fingerprint": "91a92f2d99ed735698423038c7c9ec255cd61fd3f04aeb526e95404130167108", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|91a92f2d99ed735698423038c7c9ec255cd61fd3f04aeb526e95404130167108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 21}}}]}]}]}