{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `cmake` is 1 major version(s) behind (3.26.3 -> 4.3.2)", "shortDescription": {"text": "Python package `cmake` is 1 major version(s) behind (3.26.3 -> 4.3.2)"}, "fullDescription": {"text": "`cmake==3.26.3` is 1 major version(s) behind the latest stable release on PyPI (4.3.2). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `_verify_metrics_larger_than_zero` (dict)", "shortDescription": {"text": "Mutable default argument in `_verify_metrics_larger_than_zero` (dict)"}, "fullDescription": {"text": "`def _verify_metrics_larger_than_zero(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `inject_scenario_id` has cognitive complexity 8 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `inject_scenario_id` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `node:lts-alpine` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `node:lts-alpine` not pinned by digest"}, "fullDescription": {"text": "`FROM node:lts-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.install` used but never assigned in __init__", "shortDescription": {"text": "`self.install` used but never assigned in __init__"}, "fullDescription": {"text": "Method `install_compiler` of class `PacmanPackageManager` reads `self.install`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "pkcs12-file", "name": "Found a PKCS #12 file, which commonly contain bundled private keys.", "shortDescription": {"text": "Found a PKCS #12 file, which commonly contain bundled private keys."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/971"}, "properties": {"repository": "apache/nifi-minifi-cpp", "repoUrl": "https://github.com/apache/nifi-minifi-cpp", "branch": "main"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 91166, "scanner": "repobility-journey-contract", "fingerprint": "b75af2f2d8bf596e0e5a9d959decb599a99cc0b6c2daeb5477ddb910e7194ae9", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|docs/status/index.html|618|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/status/index.html"}, "region": {"startLine": 618}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 91165, "scanner": "repobility-journey-contract", "fingerprint": "c95e6d2e8da6db3012e74f4d26461112e5201ec0392bdfa851d2374e14edd857", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|docs/status/index.html|468|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/status/index.html"}, "region": {"startLine": 468}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 91164, "scanner": "osv-scanner", "fingerprint": "5e412512fde2d8002b45ff105711605526b00fbf635ba1adb7eced73a31af08e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|. token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/github_scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 91151, "scanner": "repobility-docker", "fingerprint": "f40477de16571898438bc5d420375946142f86a0e9e00cdbe7e8afba0891f615", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nginx:1.29.4", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f40477de16571898438bc5d420375946142f86a0e9e00cdbe7e8afba0891f615"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/grafana-loki/tests/features/resources/reverse-proxy/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 91148, "scanner": "repobility-docker", "fingerprint": "4dc16244f98636afd9ee070561d5e469d42bde17db9894bbd329d8c8523e7acb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:lts-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4dc16244f98636afd9ee070561d5e469d42bde17db9894bbd329d8c8523e7acb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/tests/features/resources/kinesis-mock/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 91147, "scanner": "repobility-docker", "fingerprint": "bc5721e735fbdd76d021739ca268d0456517db42104c54c76c245a28d262fec9", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bc5721e735fbdd76d021739ca268d0456517db42104c54c76c245a28d262fec9", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/rockylinux/Dockerfile"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 91145, "scanner": "repobility-docker", "fingerprint": "ce62f360700bce64620ee5fb2d2ac977f4d93b0e364c3685069f9579c46073a4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/windows/servercore:ltsc2022", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ce62f360700bce64620ee5fb2d2ac977f4d93b0e364c3685069f9579c46073a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/installed/Dockerfile.win"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 91140, "scanner": "repobility-docker", "fingerprint": "d3e90180519d5957a6f921fcca71d382a8deead471721ce03e5c1bbde66ba176", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d3e90180519d5957a6f921fcca71d382a8deead471721ce03e5c1bbde66ba176", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 91135, "scanner": "repobility-threat-engine", "fingerprint": "5e014e439bbc895ef573459146d1c9f63fc662c7899910388119514d72acc683", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ">eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|40|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/lua/LuaScriptExecutor.cpp"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 91134, "scanner": "repobility-threat-engine", "fingerprint": "f88ffb9d5067e61f458e3d811c4a1bdaeffc2b4994b9a7039fc279a3ec5d3a4b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|42|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/lua/LuaScriptEngine.h"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 91133, "scanner": "repobility-threat-engine", "fingerprint": "d3d9d3ac9fdb2376a33771f7cf9a75cf0de7a92eafc82c89ebd30fdfde2eeff8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ":eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|85|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/lua/LuaScriptEngine.cpp"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 91111, "scanner": "repobility-threat-engine", "fingerprint": "95b83e19c8bf3249a23723093aa01ef001e3d13700cdff28a6532f5966f5db27", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def to_yaml(self) -> str:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|95b83e19c8bf3249a23723093aa01ef001e3d13700cdff28a6532f5966f5db27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/minifi/flow_definition.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 91099, "scanner": "repobility-threat-engine", "fingerprint": "22599a70a80a9b645cc64c9fc327ba293043cf29f45791285543868c95f6c6e4", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD=\"<redacted>\"", "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/resources/nifi/convert_cert_to_jks.sh"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `cmake` is 1 major version(s) behind (3.26.3 -> 4.3.2)"}, "properties": {"repobilityId": 91083, "scanner": "repobility-dependency-currency", "fingerprint": "85dcf1f65bcbb646c397810baac5f4007b9b1432da884fdc9ad19cae2d0f9b0d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "cmake", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "4.3.2", "correlation_key": "fp|85dcf1f65bcbb646c397810baac5f4007b9b1432da884fdc9ad19cae2d0f9b0d", "current_version": "3.26.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 91053, "scanner": "repobility-ast-engine", "fingerprint": "6945c212bea08b05122fc102c2b3c4c2296f0ab69036dd35e932b6c82f7a89e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6945c212bea08b05122fc102c2b3c4c2296f0ab69036dd35e932b6c82f7a89e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/container_windows.py"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 91052, "scanner": "repobility-ast-engine", "fingerprint": "a32f26eed3dbd3fe01f7757c8eac2f09cc3f14bbc2827d704417d4559f795eb9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a32f26eed3dbd3fe01f7757c8eac2f09cc3f14bbc2827d704417d4559f795eb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/container_linux.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `_verify_metrics_larger_than_zero` (dict)"}, "properties": {"repobilityId": 91051, "scanner": "repobility-ast-engine", "fingerprint": "6dc5250851229ba533c5d1f24ff8c8c7d933a6d6e5ebc50a476dc648a92391df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6dc5250851229ba533c5d1f24ff8c8c7d933a6d6e5ebc50a476dc648a92391df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/prometheus/tests/features/resources/prometheus_checker.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `_verify_metric_larger_than_zero` (dict)"}, "properties": {"repobilityId": 91050, "scanner": "repobility-ast-engine", "fingerprint": "dcd1355c70be61971cad1b9f11f514c9d8fbaa0a7e7de468e604b7de4e7b632d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcd1355c70be61971cad1b9f11f514c9d8fbaa0a7e7de468e604b7de4e7b632d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/prometheus/tests/features/resources/prometheus_checker.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `_verify_metrics_exist` (dict)"}, "properties": {"repobilityId": 91049, "scanner": "repobility-ast-engine", "fingerprint": "7a8bba52cc11dc766d10ae856dfadd254912aa05385d07d1c7545d99de6b7506", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a8bba52cc11dc766d10ae856dfadd254912aa05385d07d1c7545d99de6b7506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/prometheus/tests/features/resources/prometheus_checker.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `_verify_metric_exists` (dict)"}, "properties": {"repobilityId": 91048, "scanner": "repobility-ast-engine", "fingerprint": "3c2a7c92001205990695f17a0d98ff10b8bff2dea4679de93e687d2c7644c615", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c2a7c92001205990695f17a0d98ff10b8bff2dea4679de93e687d2c7644c615"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/prometheus/tests/features/resources/prometheus_checker.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 91150, "scanner": "repobility-docker", "fingerprint": "90801560f9da1df89d9ed57a88945f0a3b73fafd12a9f09a69ab39dde63c47da", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|90801560f9da1df89d9ed57a88945f0a3b73fafd12a9f09a69ab39dde63c47da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/grafana-loki/tests/features/resources/reverse-proxy/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 91149, "scanner": "repobility-docker", "fingerprint": "dde1da87022f9393c0b10c73dd41cf4c9061a3e233b8e89da3453f9b1299b1bb", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|dde1da87022f9393c0b10c73dd41cf4c9061a3e233b8e89da3453f9b1299b1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/grafana-loki/tests/features/resources/reverse-proxy/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 91142, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 91118, "scanner": "repobility-threat-engine", "fingerprint": "4c9fec1f0724b8a2f2cba4b18ea269a5e42851f282a141e335575093401b93bb", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "' as none of the possible required fields [\" + field_list_string + \"] is available\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c9fec1f0724b8a2f2cba4b18ea269a5e42851f282a141e335575093401b93bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libminifi/src/core/flow/CheckRequiredField.cpp"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 91117, "scanner": "repobility-threat-engine", "fingerprint": "080260047117ec55efc61b0d39328645bca78069158ef4a3992033d9b51f10d4", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Invalid parameter provider type: \" + full_class_name + \" is not a subclass of ParameterProvider\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|080260047117ec55efc61b0d39328645bca78069158ef4a3992033d9b51f10d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libminifi/src/core/FlowConfiguration.cpp"}, "region": {"startLine": 216}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 91116, "scanner": "repobility-threat-engine", "fingerprint": "8a3d341ea03a0c3c83a076e24af0d27898494f1644683c58128c2c4eb76390e7", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"(http|https)://(\" + hostname + \":)([0-9]+)?(/.*)\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a3d341ea03a0c3c83a076e24af0d27898494f1644683c58128c2c4eb76390e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/include/utils/HTTPUtils.h"}, "region": {"startLine": 37}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `inject_scenario_id` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=3, nested_bonus=3, ternary=1."}, "properties": {"repobilityId": 91096, "scanner": "repobility-threat-engine", "fingerprint": "db8239a4c89f3f4ddbfd0b13feb79f464dd76675a5fd580974c60fd2f5e7fecb", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "inject_scenario_id", "breakdown": {"if": 3, "for": 1, "ternary": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|db8239a4c89f3f4ddbfd0b13feb79f464dd76675a5fd580974c60fd2f5e7fecb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/core/hooks.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `wait_for_condition` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, if=4, nested_bonus=3, while=1."}, "properties": {"repobilityId": 91095, "scanner": "repobility-threat-engine", "fingerprint": "15d221e56d62b06d3ba27b89ecdc9c52bf0905e331c3a02ae444378d2a971980", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "wait_for_condition", "breakdown": {"if": 4, "while": 1, "except": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|15d221e56d62b06d3ba27b89ecdc9c52bf0905e331c3a02ae444378d2a971980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/core/helpers.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `build` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=3, if=3, nested_bonus=4, recursion=1."}, "properties": {"repobilityId": 91094, "scanner": "repobility-threat-engine", "fingerprint": "39b25bbf755a4ba2aad9ae5da91a82d6d7beb35546aeb5a810a1112c64e85406", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "build", "breakdown": {"if": 3, "for": 3, "except": 1, "recursion": 1, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|39b25bbf755a4ba2aad9ae5da91a82d6d7beb35546aeb5a810a1112c64e85406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/docker_image_builder.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `requests` is minor version(s) behind (2.33.0 -> 2.34.2)"}, "properties": {"repobilityId": 91086, "scanner": "repobility-dependency-currency", "fingerprint": "1f5e88aada55d58c37f53f1ab84c7e5f2572879e7f4d681bbd1f903d085a94cf", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "requests", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.34.2", "correlation_key": "fp|1f5e88aada55d58c37f53f1ab84c7e5f2572879e7f4d681bbd1f903d085a94cf", "current_version": "2.33.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/github_scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `ninja` is minor version(s) behind (1.11.1 -> 1.13.0)"}, "properties": {"repobilityId": 91085, "scanner": "repobility-dependency-currency", "fingerprint": "2be97cbc31e3626eac3b431385480d8076d57707324d0dfc84350ed54b7a0891", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ninja", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.13.0", "correlation_key": "fp|2be97cbc31e3626eac3b431385480d8076d57707324d0dfc84350ed54b7a0891", "current_version": "1.11.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `distro` is minor version(s) behind (1.8.0 -> 1.9.0)"}, "properties": {"repobilityId": 91084, "scanner": "repobility-dependency-currency", "fingerprint": "a8d3f4be24603d64919083064cf8fa7e3ebdb67ccc3a7cc86e7d22e4aea76ed6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "distro", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.9.0", "correlation_key": "fp|a8d3f4be24603d64919083064cf8fa7e3ebdb67ccc3a7cc86e7d22e4aea76ed6", "current_version": "1.8.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `inquirer` is minor version(s) behind (3.2.4 -> 3.4.1)"}, "properties": {"repobilityId": 91082, "scanner": "repobility-dependency-currency", "fingerprint": "efd0f64e59dcc02821b1fdc072db5d50eec6c118d19f3470698f94cd7d0a9ad5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "inquirer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.4.1", "correlation_key": "fp|efd0f64e59dcc02821b1fdc072db5d50eec6c118d19f3470698f94cd7d0a9ad5", "current_version": "3.2.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91022, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e508b8eda125407942268a573092ac4f2d459b005177a7a5d6b742d81e1fd3e9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/FetchGCSObject.h", "duplicate_line": 40, "correlation_key": "fp|e508b8eda125407942268a573092ac4f2d459b005177a7a5d6b742d81e1fd3e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/PutGCSObject.h"}, "region": {"startLine": 146}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a108c7e1ab1b4416738c10f36eb7ca7fff99ee41c42c3576b55bcd1384378f03", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/ListGCSBucket.h", "duplicate_line": 34, "correlation_key": "fp|a108c7e1ab1b4416738c10f36eb7ca7fff99ee41c42c3576b55bcd1384378f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/PutGCSObject.h"}, "region": {"startLine": 101}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c02ae48e5eca0f7f5cdbd661a1277934ccc2bc75c1cc9771359d1ab8ca7a008c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/FetchGCSObject.cpp", "duplicate_line": 69, "correlation_key": "fp|c02ae48e5eca0f7f5cdbd661a1277934ccc2bc75c1cc9771359d1ab8ca7a008c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/PutGCSObject.cpp"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91019, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b144109189dffa1f401302c863918252210e903edab2a4f8007929fd1e2dded0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/DeleteGCSObject.cpp", "duplicate_line": 8, "correlation_key": "fp|b144109189dffa1f401302c863918252210e903edab2a4f8007929fd1e2dded0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/PutGCSObject.cpp"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba614ec22aab56031a863fd45e09c5e65d51c58f2d969cef3df60a81b753dc52", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/DeleteGCSObject.h", "duplicate_line": 7, "correlation_key": "fp|ba614ec22aab56031a863fd45e09c5e65d51c58f2d969cef3df60a81b753dc52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/FetchGCSObject.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91017, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac0d3e6e33fb0e0df05d5d045fa7de22b78bc5a83ac9c3fe6fdeb79dbc1d987f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/gcp/processors/DeleteGCSObject.cpp", "duplicate_line": 8, "correlation_key": "fp|ac0d3e6e33fb0e0df05d5d045fa7de22b78bc5a83ac9c3fe6fdeb79dbc1d987f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/FetchGCSObject.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91016, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f8b5b7f4fef0db6a14a77a928277a50e1939298cdc96d415ccdc6b37589064a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/couchbase/processors/GetCouchbaseKey.h", "duplicate_line": 18, "correlation_key": "fp|8f8b5b7f4fef0db6a14a77a928277a50e1939298cdc96d415ccdc6b37589064a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/couchbase/processors/PutCouchbaseKey.h"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91015, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61f4e076cc069b80b018e08d7b1bbbce08ecc7370889de24193c04e5cdd57ff7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/couchbase/processors/GetCouchbaseKey.cpp", "duplicate_line": 7, "correlation_key": "fp|61f4e076cc069b80b018e08d7b1bbbce08ecc7370889de24193c04e5cdd57ff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/couchbase/processors/PutCouchbaseKey.cpp"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91014, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cbc3311b4a5feaf902c71b707fb9f126a6aa68900a2cc50a79bd7433af9a824", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/azure/processors/ListAzureBlobStorage.cpp", "duplicate_line": 40, "correlation_key": "fp|2cbc3311b4a5feaf902c71b707fb9f126a6aa68900a2cc50a79bd7433af9a824"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/azure/processors/ListAzureDataLakeStorage.cpp"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91013, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbd15b0d57fad5eecfca4c78988b44af990c733c538b79031435c49632ea72ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/azure/controllerservices/AzureStorageCredentialsService.h", "duplicate_line": 27, "correlation_key": "fp|cbd15b0d57fad5eecfca4c78988b44af990c733c538b79031435c49632ea72ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/azure/processors/AzureBlobStorageProcessorBase.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91012, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3382904aa5b91195a1b0191f7cbf21bb342781e870c0dc6c3869abae67b632ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/aws/processors/DeleteS3Object.cpp", "duplicate_line": 35, "correlation_key": "fp|3382904aa5b91195a1b0191f7cbf21bb342781e870c0dc6c3869abae67b632ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/processors/PutS3Object.cpp"}, "region": {"startLine": 197}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b7a5edb61dd5a708ab41d267d234460cdaa4e82847e4108c32ea6f44559b092", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extensions/aws/processors/DeleteS3Object.cpp", "duplicate_line": 35, "correlation_key": "fp|4b7a5edb61dd5a708ab41d267d234460cdaa4e82847e4108c32ea6f44559b092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/processors/FetchS3Object.cpp"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "023eef12b57d15351fcf49e27d68c16e33dbd825a7cd630221ecde517abb5bc2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "extension-framework/cpp-extension-lib/include/api/utils/Ssl.h", "duplicate_line": 2, "correlation_key": "fp|023eef12b57d15351fcf49e27d68c16e33dbd825a7cd630221ecde517abb5bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extension-framework/include/utils/net/Ssl.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91009, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23b642d154ec399a5101e3278354b7ee3eb31a8d3b43a3fd2cabdac32be7f6a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "behave_framework/src/minifi_behave/minifi/input_port.py", "duplicate_line": 2, "correlation_key": "fp|23b642d154ec399a5101e3278354b7ee3eb31a8d3b43a3fd2cabdac32be7f6a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/minifi/output_port.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 91008, "scanner": "repobility-ai-code-hygiene", "fingerprint": "345a778be37d28296b8dfb3468ad495f5bca02d2e10a740ab38ef84305eb3244", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "behave_framework/src/minifi_behave/containers/container_linux.py", "duplicate_line": 214, "correlation_key": "fp|345a778be37d28296b8dfb3468ad495f5bca02d2e10a740ab38ef84305eb3244"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/container_windows.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 91146, "scanner": "repobility-docker", "fingerprint": "ab35ec33ada6b428d4b7960658c08816318de96f5d15339979ce48220787f00d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ab35ec33ada6b428d4b7960658c08816318de96f5d15339979ce48220787f00d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/rockylinux/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 91144, "scanner": "repobility-docker", "fingerprint": "a933d60f54fea2e595b60d8a955a6f9ef9e42f33294ad3cf9244d12106b6f563", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a933d60f54fea2e595b60d8a955a6f9ef9e42f33294ad3cf9244d12106b6f563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/installed/Dockerfile.rpm"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 91143, "scanner": "repobility-docker", "fingerprint": "bb4b307be20f45582bd34e8e5af687c8f48210837ce4ed3a35799cd42cfcfc7d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bb4b307be20f45582bd34e8e5af687c8f48210837ce4ed3a35799cd42cfcfc7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/installed/Dockerfile.installed"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 91141, "scanner": "repobility-docker", "fingerprint": "2b97818d28dd3a63fa1009ef44f99224b5e68efd18bbc81f67a81e29cbbb4148", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|2b97818d28dd3a63fa1009ef44f99224b5e68efd18bbc81f67a81e29cbbb4148"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 76}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 91139, "scanner": "repobility-docker", "fingerprint": "53044e387e4ef5b2dbb542af57b4d92a44cb6139d4477f9c27efc4a24e7ed3e2", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|53044e387e4ef5b2dbb542af57b4d92a44cb6139d4477f9c27efc4a24e7ed3e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 91136, "scanner": "repobility-threat-engine", "fingerprint": "7ad821c68fd7d69c56ceaf843dc975879999279796dea3d5e69af832688addea", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7ad821c68fd7d69c56ceaf843dc975879999279796dea3d5e69af832688addea"}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 91131, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 91127, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 91123, "scanner": "repobility-threat-engine", "fingerprint": "7b990c59a59a231ab74545553785eddf6010f76184455cdb20a0912964580127", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7b990c59a59a231ab74545553785eddf6010f76184455cdb20a0912964580127", "aggregated_count": 1}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 91122, "scanner": "repobility-threat-engine", "fingerprint": "9ffe5ccda71e83d0771082213d11ce67503dae337fb00aed9d2eb71da7c95ea2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9ffe5ccda71e83d0771082213d11ce67503dae337fb00aed9d2eb71da7c95ea2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/python/pythonprocessor-examples/h2o/ConvertDsToCsv.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 91121, "scanner": "repobility-threat-engine", "fingerprint": "3666c603e60bc5d796aa0c30d18dd981cdf803fbbefbdf595dd1f41b3206d112", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3666c603e60bc5d796aa0c30d18dd981cdf803fbbefbdf595dd1f41b3206d112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/python/pythonprocessor-examples/google/SentimentAnalyzer.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 91120, "scanner": "repobility-threat-engine", "fingerprint": "73086f91e00d17104b349e91d0570cbd4a569f8c71c988299e625495815a6c1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73086f91e00d17104b349e91d0570cbd4a569f8c71c988299e625495815a6c1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/RunBehaveTests.sh"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 91119, "scanner": "repobility-threat-engine", "fingerprint": "802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c"}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 91115, "scanner": "repobility-threat-engine", "fingerprint": "2aaa89bea20a0c4bcbdb01b816f47286e9d4ed8824a16e26c0af8b9bdb1d2fe0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2aaa89bea20a0c4bcbdb01b816f47286e9d4ed8824a16e26c0af8b9bdb1d2fe0", "aggregated_count": 8}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 91114, "scanner": "repobility-threat-engine", "fingerprint": "28feecaf573bcd65db95dab53d6043f73d45c0d189c3601485896faba5602557", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28feecaf573bcd65db95dab53d6043f73d45c0d189c3601485896faba5602557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "encrypt-config/EncryptConfigMain.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 91113, "scanner": "repobility-threat-engine", "fingerprint": "87b8d57b2c9000747f8e7ae646322eb6c1f3fc4ef25e63de53dc8139bb359959", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87b8d57b2c9000747f8e7ae646322eb6c1f3fc4ef25e63de53dc8139bb359959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/include/utils/Id.h"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 91112, "scanner": "repobility-threat-engine", "fingerprint": "a18a1ac46be67009693818b52085fe287b568361ed3e8ee8eec9249789fe970a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a18a1ac46be67009693818b52085fe287b568361ed3e8ee8eec9249789fe970a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/include/core/ObjectFactory.h"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 91110, "scanner": "repobility-threat-engine", "fingerprint": "e8c3ac191256bff3fa8acf445058a729794d157297f1f2e8bbaefbce65592710", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8c3ac191256bff3fa8acf445058a729794d157297f1f2e8bbaefbce65592710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/core/minifi_test_context.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 91108, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 91107, "scanner": "repobility-threat-engine", "fingerprint": "652356d8a887797c53395c904cae1a5de17b2a714992b98adfa4829860793834", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|652356d8a887797c53395c904cae1a5de17b2a714992b98adfa4829860793834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/scripts/lua/reverse_flow_file_content.lua"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 91106, "scanner": "repobility-threat-engine", "fingerprint": "959ebe72fa5f293c1e2797e76ca63242916863de03cfe9c2765f59fb7291ad97", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|959ebe72fa5f293c1e2797e76ca63242916863de03cfe9c2765f59fb7291ad97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/scripts/lua/heads_or_tails.lua"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 91105, "scanner": "repobility-threat-engine", "fingerprint": "511f476bf9b2ca0103d9b719334d7aa90fa05c73345a12cef613206e8b3d192a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|511f476bf9b2ca0103d9b719334d7aa90fa05c73345a12cef613206e8b3d192a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/src/http/BaseHTTPClient.cpp"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 91104, "scanner": "repobility-threat-engine", "fingerprint": "649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|649d6d6fcdf017ef6b135647f3ec984864db51b5f2d71e3a11ae83a90e69859a"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 91100, "scanner": "repobility-threat-engine", "fingerprint": "f4aa31bc46d4029c9a38beb25b384598af8be1886cdfabd1aaf17d10c25a9180", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "password=\" + password;\n\n  client->setPostFields(client->escape(payload));\n\n  client->submit();\n\n  if", "reason": "Safe context pattern detected", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|7|password + password client- setpostfields client- escape payload client- submit if"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/src/http/BaseHTTPClient.cpp"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 91098, "scanner": "repobility-threat-engine", "fingerprint": "b5f1fc4cbb26b3dd878b410cd0b88fd399ffb6278410ec921fa180d4b8147983", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "password='<redacted>'", "reason": "Safe context pattern detected", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|4|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/http_proxy_container.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 91097, "scanner": "repobility-threat-engine", "fingerprint": "d77c5009f48b7037f4b39dca2da19e88620f9ee944ab4de5a78fef76b97d4995", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "build", "breakdown": {"if": 3, "for": 3, "except": 1, "recursion": 1, "nested_bonus": 4}, "aggregated": true, "complexity": 12, "correlation_key": "fp|d77c5009f48b7037f4b39dca2da19e88620f9ee944ab4de5a78fef76b97d4995", "aggregated_count": 8}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 91093, "scanner": "repobility-threat-engine", "fingerprint": "0e87fb84ca93ee29f593dc34b2e01034b2b11f7cd91040a7dfa844a7632b0d1e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0e87fb84ca93ee29f593dc34b2e01034b2b11f7cd91040a7dfa844a7632b0d1e", "aggregated_count": 6}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 91092, "scanner": "repobility-threat-engine", "fingerprint": "7abeb42c3f716b091e6df15c3816ab972b95ee560070c94863d4f88607e01084", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7abeb42c3f716b091e6df15c3816ab972b95ee560070c94863d4f88607e01084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/core/minifi_test_context.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 91091, "scanner": "repobility-threat-engine", "fingerprint": "c411a203a5a2fe2e85bf33cf5f17d02fe1739d8fe0e78fb15f58bc2ba3cd8e59", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c411a203a5a2fe2e85bf33cf5f17d02fe1739d8fe0e78fb15f58bc2ba3cd8e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/minifi_protocol.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 91090, "scanner": "repobility-threat-engine", "fingerprint": "078eb0320a81c9ec148a0f180a200081596925f5d1d55b724a3d0a93155d3241", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|078eb0320a81c9ec148a0f180a200081596925f5d1d55b724a3d0a93155d3241"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/container_protocol.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 91089, "scanner": "repobility-threat-engine", "fingerprint": "80b7003499b4061d446635ca2af899923c3799bfc674224a7a4b1da6ce37ffb8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80b7003499b4061d446635ca2af899923c3799bfc674224a7a4b1da6ce37ffb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/github_scripts/github_actions_cache_cleanup.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 91138, "scanner": "repobility-threat-engine", "fingerprint": "18a6588ee3c5a364bad438e4ff94f64d750c64bfe8a3e1dffb0f28d25f46eb9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18a6588ee3c5a364bad438e4ff94f64d750c64bfe8a3e1dffb0f28d25f46eb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "minifi_main/Fips.cpp"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 91132, "scanner": "repobility-threat-engine", "fingerprint": "c0319e687ea1781af76a3135be28ec2ae2dfaea4c9fdb2738ffc480ec9367e7e", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|170|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/libarchive/FocusArchiveEntry.cpp"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 91130, "scanner": "repobility-threat-engine", "fingerprint": "232b609eca4f027c0a13d7d30d99e4ddb26fac9b4e2754b53b93c4c5e891bca8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|232b609eca4f027c0a13d7d30d99e4ddb26fac9b4e2754b53b93c4c5e891bca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/PutGCSObject.h"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 91129, "scanner": "repobility-threat-engine", "fingerprint": "5f14a90efce6b762d3587eee6b1c2d8eb9bf19bd2d5c6722e871a0f40921224d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f14a90efce6b762d3587eee6b1c2d8eb9bf19bd2d5c6722e871a0f40921224d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/processors/ListGCSBucket.h"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 91128, "scanner": "repobility-threat-engine", "fingerprint": "8981a434b113493386727857f30e3a729d4c82a70d0545937b2850a02407357a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8981a434b113493386727857f30e3a729d4c82a70d0545937b2850a02407357a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/GCPAttributes.h"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 91126, "scanner": "repobility-threat-engine", "fingerprint": "c1fa404c91b15850212ad59d1e16a16e12166af159200d5b6d1629c4ae83b751", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "xml_doc.save(xml_string_stream, \"  \", xml_formatting_flags);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c1fa404c91b15850212ad59d1e16a16e12166af159200d5b6d1629c4ae83b751"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/standard-processors/controllers/XMLRecordSetWriter.cpp"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 91125, "scanner": "repobility-threat-engine", "fingerprint": "cc60fa9bacc52648a235ef38208c5ab4abc731139773d307befd8b247f224181", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bootstrap_file.update(encryption_key_name, key_encoded);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc60fa9bacc52648a235ef38208c5ab4abc731139773d307befd8b247f224181"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "encrypt-config/EncryptConfig.cpp"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 91124, "scanner": "repobility-threat-engine", "fingerprint": "87d0605ccac297dea67ca2dd1ca78d4b72d27fc9a314fcc54ad46e728cf5d965", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "config_file.update(property_key, encrypted_property_value);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|87d0605ccac297dea67ca2dd1ca78d4b72d27fc9a314fcc54ad46e728cf5d965"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "encrypt-config/ConfigFileEncryptor.cpp"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 91109, "scanner": "repobility-threat-engine", "fingerprint": "40019379a0c43a3f9569f70a7e61e1d8c7d7fc3dd23f753ad41580bb05b4d667", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40019379a0c43a3f9569f70a7e61e1d8c7d7fc3dd23f753ad41580bb05b4d667"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/core/hooks.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 91103, "scanner": "repobility-threat-engine", "fingerprint": "c336b023df422343d7c4300c10749d21a60f6cdba8db5e05eed745059c1d87f0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c336b023df422343d7c4300c10749d21a60f6cdba8db5e05eed745059c1d87f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core-framework/include/http/BaseHTTPClient.h"}, "region": {"startLine": 266}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 91102, "scanner": "repobility-threat-engine", "fingerprint": "461da0de7a54687c2c6abec749cffebb2e0c2c1a22913ae68ff676debf3515fc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|461da0de7a54687c2c6abec749cffebb2e0c2c1a22913ae68ff676debf3515fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/steps/configuration_steps.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 91101, "scanner": "repobility-threat-engine", "fingerprint": "34eabc3c84670850afa86a8f3774439c5474b559166a1524a151788941f487fe", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|34eabc3c84670850afa86a8f3774439c5474b559166a1524a151788941f487fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "behave_framework/src/minifi_behave/containers/minifi_protocol.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 91088, "scanner": "repobility-threat-engine", "fingerprint": "d2ebddd808579b330f3d1614673e516f8b82f0146f6cce4dfb064f43d8de3719", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'refs/pull/([\\d]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|75|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/github_scripts/github_actions_cache_cleanup.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 91087, "scanner": "repobility-threat-engine", "fingerprint": "c058d14789f09cc7a8b5085ecc6c06112ae676dd1563ac59accb8ecedfdaa5cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c058d14789f09cc7a8b5085ecc6c06112ae676dd1563ac59accb8ecedfdaa5cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/github_scripts/github_actions_cache_cleanup.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91081, "scanner": "repobility-supply-chain", "fingerprint": "bfa99373dcc2d1cfa5e365f50c78d1f48ad53fb7d4b037523ec0d7ea1ccc9e58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfa99373dcc2d1cfa5e365f50c78d1f48ad53fb7d4b037523ec0d7ea1ccc9e58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91080, "scanner": "repobility-supply-chain", "fingerprint": "7ce0e61ebcad40333c4f79093f54bfa9ec113a75424c1d4ba9f996fc550f54b8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ce0e61ebcad40333c4f79093f54bfa9ec113a75424c1d4ba9f996fc550f54b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91079, "scanner": "repobility-supply-chain", "fingerprint": "811a753571b912f6cdf26db7f35160a93443873a1af5473131f919d7724117c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|811a753571b912f6cdf26db7f35160a93443873a1af5473131f919d7724117c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91078, "scanner": "repobility-supply-chain", "fingerprint": "cfc547d954d1f07fb9ae612b509895a9b6dac4b64933b9ec9e909395f754e446", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cfc547d954d1f07fb9ae612b509895a9b6dac4b64933b9ec9e909395f754e446"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 393}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91077, "scanner": "repobility-supply-chain", "fingerprint": "745c018863488c86ca50efbf6364d80779a2137c9ca2b9552dc48387ac79a300", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|745c018863488c86ca50efbf6364d80779a2137c9ca2b9552dc48387ac79a300"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 391}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91076, "scanner": "repobility-supply-chain", "fingerprint": "f40ba34a4fcb7b3ff2ab789288eae934e5dd0cd735eeb8a7973815e5938105b6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f40ba34a4fcb7b3ff2ab789288eae934e5dd0cd735eeb8a7973815e5938105b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 380}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91075, "scanner": "repobility-supply-chain", "fingerprint": "1eb4b30cfef606a468406fc27ff12cde2979049ce44d5b663c984c1f7da442ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1eb4b30cfef606a468406fc27ff12cde2979049ce44d5b663c984c1f7da442ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 91074, "scanner": "repobility-supply-chain", "fingerprint": "14764a429ae9ac23eff896b7c9fafdc3977b5c5343eb350449fe7bb6b13655e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14764a429ae9ac23eff896b7c9fafdc3977b5c5343eb350449fe7bb6b13655e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 338}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91073, "scanner": "repobility-supply-chain", "fingerprint": "2d494f24757b7ac5f7910b980e36465e77ded03e68e87fc9b552f28161d7d9b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d494f24757b7ac5f7910b980e36465e77ded03e68e87fc9b552f28161d7d9b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91072, "scanner": "repobility-supply-chain", "fingerprint": "6ced7f9d275a99b5f460e9d7b36674e2077d6a7c78bfc25926d43fd0bc0aabc6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ced7f9d275a99b5f460e9d7b36674e2077d6a7c78bfc25926d43fd0bc0aabc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91071, "scanner": "repobility-supply-chain", "fingerprint": "f1c8ef93a09a3634a2160a9034be6f25362907a296f28150e55b9c1f650fea9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1c8ef93a09a3634a2160a9034be6f25362907a296f28150e55b9c1f650fea9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91070, "scanner": "repobility-supply-chain", "fingerprint": "7fb5d59ff76825f92cdfdd882775b16b81c64d52401f8203d3fa03a26545d2d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7fb5d59ff76825f92cdfdd882775b16b81c64d52401f8203d3fa03a26545d2d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91069, "scanner": "repobility-supply-chain", "fingerprint": "438ffd2cd8b71a9c0d171b12f02f50093ba9c00bc65468f0d0f4f32bb926dcb7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|438ffd2cd8b71a9c0d171b12f02f50093ba9c00bc65468f0d0f4f32bb926dcb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91068, "scanner": "repobility-supply-chain", "fingerprint": "3e9dc3916ea17910e52dad6e065330c92bf759e6e0483c471c0b83eb8831af9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e9dc3916ea17910e52dad6e065330c92bf759e6e0483c471c0b83eb8831af9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91067, "scanner": "repobility-supply-chain", "fingerprint": "5e138b54ec872594e49b0a90852068b81f3f3a2bcd743ec252898827ae2dc75f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e138b54ec872594e49b0a90852068b81f3f3a2bcd743ec252898827ae2dc75f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91066, "scanner": "repobility-supply-chain", "fingerprint": "0246769a041dabfd1824fffaabf75e91ccb686621a73e6dcffc19b1badddb0ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0246769a041dabfd1824fffaabf75e91ccb686621a73e6dcffc19b1badddb0ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 91065, "scanner": "repobility-supply-chain", "fingerprint": "aaff6b1a11cef9ac729c845be74a56086fac0c08c51c9c47365de0684e9d6562", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aaff6b1a11cef9ac729c845be74a56086fac0c08c51c9c47365de0684e9d6562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91064, "scanner": "repobility-supply-chain", "fingerprint": "1588f19e57190dac3cbac7ade0463ff92a40f499acdea256c6bfbd5b5e254b0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1588f19e57190dac3cbac7ade0463ff92a40f499acdea256c6bfbd5b5e254b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91063, "scanner": "repobility-supply-chain", "fingerprint": "a8720ceb1fcdd07baa52133814fc9c3db299e336173a2b029b40389b22138299", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a8720ceb1fcdd07baa52133814fc9c3db299e336173a2b029b40389b22138299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91062, "scanner": "repobility-supply-chain", "fingerprint": "da32f49375916b13621491c2359c9fe4e53283acb2a0b03f94c71997bf33f557", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da32f49375916b13621491c2359c9fe4e53283acb2a0b03f94c71997bf33f557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91061, "scanner": "repobility-supply-chain", "fingerprint": "c64f87614d1db68a4fa7177a3cc0eae0b940e4c2b302e906014487a571b31769", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c64f87614d1db68a4fa7177a3cc0eae0b940e4c2b302e906014487a571b31769"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compiler-support.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91060, "scanner": "repobility-supply-chain", "fingerprint": "9c39661ecfb5cbd40f4a8417d2e62fc5f79b1cc0c80f57ccec65b23294724288", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c39661ecfb5cbd40f4a8417d2e62fc5f79b1cc0c80f57ccec65b23294724288"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compiler-support.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91059, "scanner": "repobility-supply-chain", "fingerprint": "dc7d71b0bc5a9e242e4c566de2e5b210fe93d5afe402bce4101eebfd4d410b5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc7d71b0bc5a9e242e4c566de2e5b210fe93d5afe402bce4101eebfd4d410b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/memcheck_ci.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 91058, "scanner": "repobility-supply-chain", "fingerprint": "46c12d683908ecb6416156004c756701b28bc7ee815c50b0ef96e75bbd0b8515", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|46c12d683908ecb6416156004c756701b28bc7ee815c50b0ef96e75bbd0b8515"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/memcheck_ci.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 91057, "scanner": "repobility-supply-chain", "fingerprint": "a3aa6b13d8f995f44f2ea64262c821e4f54676ba5b91858cb0f35147e13d07ba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a3aa6b13d8f995f44f2ea64262c821e4f54676ba5b91858cb0f35147e13d07ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/memcheck_ci.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:lts-alpine` not pinned by digest"}, "properties": {"repobilityId": 91056, "scanner": "repobility-supply-chain", "fingerprint": "44b6f56c5b1d11d904af978a04b24cd3ed950b24e6374b615c0898b360b776d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44b6f56c5b1d11d904af978a04b24cd3ed950b24e6374b615c0898b360b776d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/tests/features/resources/kinesis-mock/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `nginx:1.29.4` not pinned by digest"}, "properties": {"repobilityId": 91055, "scanner": "repobility-supply-chain", "fingerprint": "ed58b59ab70d0f7ca3740268e4fe900f957158d99cf0515b05d288ce8937647e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed58b59ab70d0f7ca3740268e4fe900f957158d99cf0515b05d288ce8937647e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/grafana-loki/tests/features/resources/reverse-proxy/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `mcr.microsoft.com/windows/servercore:ltsc2022` not pinned by digest"}, "properties": {"repobilityId": 91054, "scanner": "repobility-supply-chain", "fingerprint": "f7149acf045bc418d5b81e0caf0da9bcd293738ee5e62732a63eb276dee0d4e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7149acf045bc418d5b81e0caf0da9bcd293738ee5e62732a63eb276dee0d4e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/installed/Dockerfile.win"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.install` used but never assigned in __init__"}, "properties": {"repobilityId": 91047, "scanner": "repobility-ast-engine", "fingerprint": "9ac0e7469b963ce3afbb4dd976b0134a661b20ce7672b11283624750ec2e84f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ac0e7469b963ce3afbb4dd976b0134a661b20ce7672b11283624750ec2e84f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._install` used but never assigned in __init__"}, "properties": {"repobilityId": 91046, "scanner": "repobility-ast-engine", "fingerprint": "942ae73da2ef372b245e181fceece5bf0e80547ac5b57b5a33897caffa1416cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|942ae73da2ef372b245e181fceece5bf0e80547ac5b57b5a33897caffa1416cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.install` used but never assigned in __init__"}, "properties": {"repobilityId": 91045, "scanner": "repobility-ast-engine", "fingerprint": "e48bd24c72fc0295998d14a6e93ec86cde887e1d8670a47946ae21bcc440dfc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e48bd24c72fc0295998d14a6e93ec86cde887e1d8670a47946ae21bcc440dfc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._install` used but never assigned in __init__"}, "properties": {"repobilityId": 91044, "scanner": "repobility-ast-engine", "fingerprint": "3e3eaa5a0b4eee61529c5a9526b26f20f1bac9a241fa581cfa2526fca0e7903c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e3eaa5a0b4eee61529c5a9526b26f20f1bac9a241fa581cfa2526fca0e7903c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.install` used but never assigned in __init__"}, "properties": {"repobilityId": 91043, "scanner": "repobility-ast-engine", "fingerprint": "7952ac0fc255bd2c72b66d17862014498edcf3cea63034c0607d6ba92adf5512", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7952ac0fc255bd2c72b66d17862014498edcf3cea63034c0607d6ba92adf5512"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._install` used but never assigned in __init__"}, "properties": {"repobilityId": 91042, "scanner": "repobility-ast-engine", "fingerprint": "e5e5ea46f9837ec54d3f8caa31ca0a39f23577ad4497785d73ecc88efca3c054", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5e5ea46f9837ec54d3f8caa31ca0a39f23577ad4497785d73ecc88efca3c054"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.install` used but never assigned in __init__"}, "properties": {"repobilityId": 91041, "scanner": "repobility-ast-engine", "fingerprint": "379c465379ee93e4fe0b1acbd0fd4273e0080b4233e21b932da4bb1c15937bd4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|379c465379ee93e4fe0b1acbd0fd4273e0080b4233e21b932da4bb1c15937bd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._install` used but never assigned in __init__"}, "properties": {"repobilityId": 91040, "scanner": "repobility-ast-engine", "fingerprint": "d10926a1187419fa15939c7b03c13c406846f8552c2dd0fdbf543cd38d8853ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d10926a1187419fa15939c7b03c13c406846f8552c2dd0fdbf543cd38d8853ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_installed_packages` used but never assigned in __init__"}, "properties": {"repobilityId": 91039, "scanner": "repobility-ast-engine", "fingerprint": "9e779c6cde9acae0959f3301b1c4cfc7b31109ac25fd9ca413ec201bca001f41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e779c6cde9acae0959f3301b1c4cfc7b31109ac25fd9ca413ec201bca001f41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._filter_out_installed_packages` used but never assigned in __init__"}, "properties": {"repobilityId": 91038, "scanner": "repobility-ast-engine", "fingerprint": "f3ff21bc9bd5f5c6b8edddd243a70005732e1e78728fabbd94d9725259614c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3ff21bc9bd5f5c6b8edddd243a70005732e1e78728fabbd94d9725259614c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/package_manager.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91037, "scanner": "repobility-ast-engine", "fingerprint": "279b6943db23da888331d1f22a48ad820a4811ae2915d0362aef2c0558fd5660", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|279b6943db23da888331d1f22a48ad820a4811ae2915d0362aef2c0558fd5660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cpp_info` used but never assigned in __init__"}, "properties": {"repobilityId": 91036, "scanner": "repobility-ast-engine", "fingerprint": "516fba39602d376c87afc3336c822e61c258a217bd90bd74030f512082fc2bfb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|516fba39602d376c87afc3336c822e61c258a217bd90bd74030f512082fc2bfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cpp_info` used but never assigned in __init__"}, "properties": {"repobilityId": 91035, "scanner": "repobility-ast-engine", "fingerprint": "fa31079cb4512f0f72f9fd9dea510b6f8f2cfbc4233cc88c27b3a7cbeb2c2f80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa31079cb4512f0f72f9fd9dea510b6f8f2cfbc4233cc88c27b3a7cbeb2c2f80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cpp_info` used but never assigned in __init__"}, "properties": {"repobilityId": 91034, "scanner": "repobility-ast-engine", "fingerprint": "f55168f3027f2e61e603d5a097503f82c32e5b51d5bfca92ef6b11c28e7ee427", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f55168f3027f2e61e603d5a097503f82c32e5b51d5bfca92ef6b11c28e7ee427"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cpp_info` used but never assigned in __init__"}, "properties": {"repobilityId": 91033, "scanner": "repobility-ast-engine", "fingerprint": "8a824489b472de301de8058dfece3c178dac16b4fa3e64982898e43227036857", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a824489b472de301de8058dfece3c178dac16b4fa3e64982898e43227036857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91032, "scanner": "repobility-ast-engine", "fingerprint": "cfd964be4a296890648c9756a9f43d2e630186c986524769642e6376a2b030e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfd964be4a296890648c9756a9f43d2e630186c986524769642e6376a2b030e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91031, "scanner": "repobility-ast-engine", "fingerprint": "6c628adbc83f4209c608d09c9e78246e44df7464ea4728f364c3c497072eec82", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c628adbc83f4209c608d09c9e78246e44df7464ea4728f364c3c497072eec82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91030, "scanner": "repobility-ast-engine", "fingerprint": "1393d795cce7cb0e570a4ada39b9e1ac629e3ff0b7db6e748b3a373b11bf55ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1393d795cce7cb0e570a4ada39b9e1ac629e3ff0b7db6e748b3a373b11bf55ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91029, "scanner": "repobility-ast-engine", "fingerprint": "da5af14a1430b90dfea32ad4fb6571f4b23736f473820f6464de0830f52531b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da5af14a1430b90dfea32ad4fb6571f4b23736f473820f6464de0830f52531b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.folders` used but never assigned in __init__"}, "properties": {"repobilityId": 91028, "scanner": "repobility-ast-engine", "fingerprint": "2aee7c74cba3d528dce58792ce812e088481fe86f88fa5825bdab8b70982d2d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2aee7c74cba3d528dce58792ce812e088481fe86f88fa5825bdab8b70982d2d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.overwrite_libfile` used but never assigned in __init__"}, "properties": {"repobilityId": 91027, "scanner": "repobility-ast-engine", "fingerprint": "dd08445a43d8480e3e3dd8ff59eaa8e26a6cf506b1d9c26a82c151bce88f1e3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd08445a43d8480e3e3dd8ff59eaa8e26a6cf506b1d9c26a82c151bce88f1e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91026, "scanner": "repobility-ast-engine", "fingerprint": "321c46ca63b7d762239823f9bcbf3ba6d0a9b79f2c9d79c52190f9db85dd75a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|321c46ca63b7d762239823f9bcbf3ba6d0a9b79f2c9d79c52190f9db85dd75a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.package_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91025, "scanner": "repobility-ast-engine", "fingerprint": "ba1179d26415f1573362842f51f2fc43b37731e178f950544487ccd0c60a2878", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba1179d26415f1573362842f51f2fc43b37731e178f950544487ccd0c60a2878"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.source_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91024, "scanner": "repobility-ast-engine", "fingerprint": "ca1020155a7435d9f5c9a0c7205b8b5537da9327993e3b009dfd0c80c9167ab3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca1020155a7435d9f5c9a0c7205b8b5537da9327993e3b009dfd0c80c9167ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.source_folder` used but never assigned in __init__"}, "properties": {"repobilityId": 91023, "scanner": "repobility-ast-engine", "fingerprint": "8f68e2894bec840a882222146a9f0a81277d559a3baec7807d509755d4c9fefc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f68e2894bec840a882222146a9f0a81277d559a3baec7807d509755d4c9fefc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conanfile.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 91163, "scanner": "gitleaks", "fingerprint": "b4015731b25adf4ae10e19121ea468d62e8bafb4f18f343214dc9209168a8272", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|2|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libminifi/test/resources/nifi-cert.pem"}, "region": {"startLine": 21}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91162, "scanner": "gitleaks", "fingerprint": "f7b28d0aef12232570e74eccdacd858140b2ba6963309c118488d79de1e5413a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "nifi.bootstrap.sensitive.key=REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2bc8d646df2db67c62d00fbf02934a3530bb7fce6cef6838a0b0283e3d70aca3", "f7b28d0aef12232570e74eccdacd858140b2ba6963309c118488d79de1e5413a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libminifi/test/resources/conf/bootstrap.conf"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91161, "scanner": "gitleaks", "fingerprint": "5a44625cef3590315069f3e37769d16015d9f4fccaadeb9e0c16ef9efa03103b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/splunk/tests/features/containers/splunk_container.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91160, "scanner": "gitleaks", "fingerprint": "bd6729ead21b59b164a438ada24f7bae5d477d078030e5f4bffb867c51f638d8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "EncryptionKey, \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|19|encryptionkey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/tests/PutGCSObjectTests.cpp"}, "region": {"startLine": 191}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91159, "scanner": "gitleaks", "fingerprint": "7bc88f02b39a313adc108d3d951d745f47bc604b642e7c6059a0285f0b9135e4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|33|key:redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["7bc88f02b39a313adc108d3d951d745f47bc604b642e7c6059a0285f0b9135e4", "b4710dee491e56da0329174741628ad0cdac69e59e044bcc6afeb4650e008c65"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/tests/PutS3ObjectTests.cpp"}, "region": {"startLine": 332}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91158, "scanner": "gitleaks", "fingerprint": "215edacc009ee636a6553dd39ea1faa94aadc8d31e0ab43fd7e85d83e9db562a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "key:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|key:redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["215edacc009ee636a6553dd39ea1faa94aadc8d31e0ab43fd7e85d83e9db562a", "8f3b0cd206d972779730e5c9ec51a7de693801faaca0bfba1f69327ef6f59445"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/aws/tests/PutS3ObjectTests.cpp"}, "region": {"startLine": 32}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 91157, "scanner": "gitleaks", "fingerprint": "43de466dae1e484db8bd70bf1cdbaeac2e6ac3c71c56d08eb3a43af2a86b9929", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|4|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/gcp/tests/GCPCredentialsControllerServiceTests.cpp"}, "region": {"startLine": 41}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91156, "scanner": "gitleaks", "fingerprint": "c9225f942fc158410e7fb988fbc8af3c96addd6b3b7e93d0e74f154413eadfc2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API_KEY = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/elasticsearch/tests/MockElastic.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91155, "scanner": "gitleaks", "fingerprint": "06c4aba2ef4ed0e1fddf16627960b1392f2b994aabfdd47c8ced549d9201aa2e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|accountkey redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["06c4aba2ef4ed0e1fddf16627960b1392f2b994aabfdd47c8ced549d9201aa2e", "806e2d338d630730c7689f426ff71fd6e0e4e14dc6b85e14ba083d500e42bac7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/azure/tests/features/containers/azure_server_container.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "pkcs12-file", "level": "error", "message": {"text": "Found a PKCS #12 file, which commonly contain bundled private keys."}, "properties": {"repobilityId": 91154, "scanner": "gitleaks", "fingerprint": "f9d940e8a4f96b6f4d7a11d2763358006eacb7d4a173a4265c66d926b44bc5ff", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTEDfREDACTEDiREDACTEDlREDACTEDeREDACTED REDACTEDdREDACTEDeREDACTEDtREDACTEDeREDACTEDcREDACTEDtREDACTEDeREDACTEDdREDACTED:REDACTED REDACTED/REDACTEDtREDACTEDmREDACTEDpREDACTED/REDACTEDrREDACTEDeREDACTEDpREDACTEDoREDACTEDbREDACTEDiREDACTEDlREDACTEDiREDACTEDtREDACTEDyREDACTED-REDACTEDaREDACTEDnRED", "rule_id": "pkcs12-file", "scanner": "gitleaks", "detector": "pkcs12-file", "correlation_key": "secret|token||token token token", "duplicate_count": 4, "duplicate_rule_ids": ["pkcs12-file"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["8aed14fd1d72e79a34e7cb6d0e945e1d9eb3fb57e606ec94f2af0b5f91ab8eac", "a029aa3b4b5248ce1e804ef55d1a0361e08eb938baac98c3802eefd36e6413c9", "f07f177e0ccce4c8700836e2df7c471166b7df84c46f54d3aabea5d4f9252870", "f9d940e8a4f96b6f4d7a11d2763358006eacb7d4a173a4265c66d926b44bc5ff", "fb1f96261137b70e151bbdf1c57ea4cbb66cf070cd4653433f56dc28df4eb2fa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extensions/civetweb/tests/resources/badCA_goodClient.p12"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 91153, "scanner": "gitleaks", "fingerprint": "d09d679eb80ea7dfda4a1a5eee5f8afff4ce8329cbcf1a13d816305d95a469af", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "nifi.flowfile.repository.encryption.key=REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|configure.md|77|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "CONFIGURE.md"}, "region": {"startLine": 779}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 91152, "scanner": "gitleaks", "fingerprint": "90b5bdbd1a889c2da79dfd0c99486668d47be42c93ecebd80c5e3a5a3fd39fec", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 14 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted", "duplicate_count": 14, "duplicate_rule_ids": ["private-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["08755e68f8359f3094077baad01c0745c33c6ff8f87b6b6b6d862a93be4d286d", "0c129183293b2ce8d8ee114d818c7687b20d96385360af3917f6a756874a93f9", "189017ea22ffdb41e13e6ca8f8eadcdea56b919c3f64db18d3b9b7e57ea07c62", "3813a6b1b06bc29227d9b2a98319dd838d7176077b59cc3e9c0398334800563c", "4252bb8c40953c1d86712d9ab9befe507b5063fcb94f3fddc526e8702c476d71", "4598c404121b7f4a94a0b6fe704888a8ff9fde8da840b9e02665da16c537de36", "4831aacb83cc7cb59c97dfcdbbbd8a743fc9b91e82052360e52f4cbf9a9219b8", "4cc763c3efe69724fe103e6ef52f236096a78a1a3b2474548ed3fa34f1fe5a7d", "56f8e21423b3a131813b8654dfeee7070be13604a06d9b7683405579fabe9730", "6c5aa605ca063d16152e4ea7d66820031b9877a7feab56fc8ea06eb65e905eb6", "826c395fba3e565be352964eca45d0879e94eead15600ef8ed2d491d245be0a3", "90b5bdbd1a889c2da79dfd0c99486668d47be42c93ecebd80c5e3a5a3fd39fec"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controller/tests/resources/minifi-cpp-flow.key"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 91137, "scanner": "repobility-threat-engine", "fingerprint": "001ddb7d7570262b514ad7e322b68251a78d3374f6b3dc266e5b81ef3035543b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|001ddb7d7570262b514ad7e322b68251a78d3374f6b3dc266e5b81ef3035543b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libminifi/src/core/state/nodes/DeviceInformation.cpp"}, "region": {"startLine": 134}}}]}]}]}