{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_http_proxy` has cognitive complexity 11 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_http_proxy` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `idna` is minor version(s) behind (3.15 -> 3.18)", "shortDescription": {"text": "Python package `idna` is minor version(s) behind (3.15 -> 3.18)"}, "fullDescription": {"text": "`idna==3.15` is minor version(s) behind the latest stable release on PyPI (3.18). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.__update_yaml` used but never assigned in __init__", "shortDescription": {"text": "`self.__update_yaml` used but never assigned in __init__"}, "fullDescription": {"text": "Method `update_or_notify` of class `Dependency` reads `self.__update_yaml`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/719"}, "properties": {"repository": "ohmyzsh/ohmyzsh", "repoUrl": "https://github.com/ohmyzsh/ohmyzsh", "branch": "master"}, "results": [{"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 58416, "scanner": "repobility-agent-runtime", "fingerprint": "ca1d1bc6c1081ad88e06e9906c2472102a1dc740283adaf466fd3d17309e718b", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ca1d1bc6c1081ad88e06e9906c2472102a1dc740283adaf466fd3d17309e718b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/wd/README.md"}, "region": {"startLine": 88}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 58415, "scanner": "repobility-agent-runtime", "fingerprint": "e30470c220e3ad71751458505e6c43d646c1a24e0f81294a64d7872c07d25b48", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e30470c220e3ad71751458505e6c43d646c1a24e0f81294a64d7872c07d25b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/mise/README.md"}, "region": {"startLine": 12}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 58414, "scanner": "repobility-agent-runtime", "fingerprint": "2904ab6bb045d7f887e75b22db379d2b97c6e5b39f01e655182e7c14bef39495", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|2904ab6bb045d7f887e75b22db379d2b97c6e5b39f01e655182e7c14bef39495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/azure/README.md"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 58411, "scanner": "repobility-ast-engine", "fingerprint": "e0f423069d61080e502edef035490a17f594840822e22192487a1eb0ed4a1c5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0f423069d61080e502edef035490a17f594840822e22192487a1eb0ed4a1c5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_http_proxy` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=5."}, "properties": {"repobilityId": 58419, "scanner": "repobility-threat-engine", "fingerprint": "53b55dbec06cc83cea3d518d0fd8991ec615fe924a4d32053363b6be7187dc68", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_http_proxy", "breakdown": {"if": 6, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|53b55dbec06cc83cea3d518d0fd8991ec615fe924a4d32053363b6be7187dc68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/shell-proxy/proxy.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `colored` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=4, nested_bonus=5."}, "properties": {"repobilityId": 58418, "scanner": "repobility-threat-engine", "fingerprint": "2a39f5841505f4c062d70c87f14cb8c3090bcb3d346ad981d7128e367c107113", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "colored", "breakdown": {"if": 4, "for": 1, "nested_bonus": 5}, "complexity": 10, "correlation_key": "fp|2a39f5841505f4c062d70c87f14cb8c3090bcb3d346ad981d7128e367c107113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/aliases/termcolor.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `pretty_print` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=1, if=2, nested_bonus=2, or=1."}, "properties": {"repobilityId": 58417, "scanner": "repobility-threat-engine", "fingerprint": "e78726db8d3af59e604d7e46eaefec0c521cfb8c7cd4fc0bfa203172067a26f0", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "pretty_print", "breakdown": {"if": 2, "or": 1, "for": 1, "else": 1, "continue": 1, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|e78726db8d3af59e604d7e46eaefec0c521cfb8c7cd4fc0bfa203172067a26f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/aliases/cheatsheet.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `idna` is minor version(s) behind (3.15 -> 3.18)"}, "properties": {"repobilityId": 58413, "scanner": "repobility-dependency-currency", "fingerprint": "a6903078560ccb2ce68c24fe396b6b582b78f5728d1a16680af1180cf141206d", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "idna", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.18", "correlation_key": "fp|a6903078560ccb2ce68c24fe396b6b582b78f5728d1a16680af1180cf141206d", "current_version": "3.15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `certifi` is minor version(s) behind (2026.4.22 -> 2026.5.20)"}, "properties": {"repobilityId": 58412, "scanner": "repobility-dependency-currency", "fingerprint": "338237efb69a8117c8dfcc4262508eec867af01472a67a6318eaf60d1cfda2d3", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "certifi", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.5.20", "correlation_key": "fp|338237efb69a8117c8dfcc4262508eec867af01472a67a6318eaf60d1cfda2d3", "current_version": "2026.4.22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 58427, "scanner": "repobility-threat-engine", "fingerprint": "94c9d2e546e3f553e6d1ab4ab7b36f5db51f2a406346e97658996e76c5e345ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94c9d2e546e3f553e6d1ab4ab7b36f5db51f2a406346e97658996e76c5e345ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/pip/pip.plugin.zsh"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 58426, "scanner": "repobility-threat-engine", "fingerprint": "ec50115beee7aed3bd66272286003c944269489d9abbbc2e29bee7a8dd90c277", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec50115beee7aed3bd66272286003c944269489d9abbbc2e29bee7a8dd90c277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/git-prompt/gitstatus.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 58425, "scanner": "repobility-threat-engine", "fingerprint": "55fbe34379c3c2e1e7462c26584b8683fb1f91cc439a81d77c84df16a7a1044e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55fbe34379c3c2e1e7462c26584b8683fb1f91cc439a81d77c84df16a7a1044e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/emoji/update_emoji.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 58424, "scanner": "repobility-threat-engine", "fingerprint": "c45997c841f8f376ae4782eac4a974b9061b07baa9a37cbd686a907118856245", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c45997c841f8f376ae4782eac4a974b9061b07baa9a37cbd686a907118856245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/sprunge/sprunge.plugin.zsh"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 58423, "scanner": "repobility-threat-engine", "fingerprint": "3123e2ec88fa9d17f140090f2b7482ea0c85a061fe3125e7e0516826b456b509", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3123e2ec88fa9d17f140090f2b7482ea0c85a061fe3125e7e0516826b456b509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/frontend-search/frontend-search.plugin.zsh"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 58422, "scanner": "repobility-threat-engine", "fingerprint": "1f92d7324277efe24496577b2d61d4f642fe78e892178d0d0ba9c56dc00fa94e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f92d7324277efe24496577b2d61d4f642fe78e892178d0d0ba9c56dc00fa94e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/drush/drush.plugin.zsh"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 58420, "scanner": "repobility-threat-engine", "fingerprint": "9fa1cd7adb564f932af8504f32c7c129d9b077ea8f22ab4f6a07de73b8067893", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print('Current terminal type: %s' % os.getenv('TERM')", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|12|print current terminal type: s os.getenv term"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/aliases/termcolor.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 58404, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 58429, "scanner": "repobility-threat-engine", "fingerprint": "4f9621507741376d58718b58a593a05d33bafbcb56457c7d55761330439ad801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f9621507741376d58718b58a593a05d33bafbcb56457c7d55761330439ad801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/tmux/tmux.plugin.zsh"}, "region": {"startLine": 182}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 58428, "scanner": "repobility-threat-engine", "fingerprint": "66ff66ad1fa9da1b8b6b4dc41ef09e7303d23a4290669bd72e722aaa1f398453", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "proxies.update({\"NO_PROXY\": no_proxy, \"no_proxy\": no_proxy})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|66ff66ad1fa9da1b8b6b4dc41ef09e7303d23a4290669bd72e722aaa1f398453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/shell-proxy/proxy.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.__update_yaml` used but never assigned in __init__"}, "properties": {"repobilityId": 58410, "scanner": "repobility-ast-engine", "fingerprint": "e2ec8f27da00361e2238c76b1e356c79dd82b7e62865966e8ca7bdb6b0412cd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2ec8f27da00361e2238c76b1e356c79dd82b7e62865966e8ca7bdb6b0412cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.__apply_upstream_changes` used but never assigned in __init__"}, "properties": {"repobilityId": 58409, "scanner": "repobility-ast-engine", "fingerprint": "832404630b8448f7fa12c1b0ab8802938d9b0a6b31c3b0890645578d997f6308", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|832404630b8448f7fa12c1b0ab8802938d9b0a6b31c3b0890645578d997f6308"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.took` used but never assigned in __init__"}, "properties": {"repobilityId": 58408, "scanner": "repobility-ast-engine", "fingerprint": "785796d3dce1cfba9815d6786705cf9064b164de910b55687d0c1d7605358e5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|785796d3dce1cfba9815d6786705cf9064b164de910b55687d0c1d7605358e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.start` used but never assigned in __init__"}, "properties": {"repobilityId": 58407, "scanner": "repobility-ast-engine", "fingerprint": "e30cddba47a42515801fda9a07c4c82d38146df2122abdfa7aa6b10ca7269d30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e30cddba47a42515801fda9a07c4c82d38146df2122abdfa7aa6b10ca7269d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.took` used but never assigned in __init__"}, "properties": {"repobilityId": 58406, "scanner": "repobility-ast-engine", "fingerprint": "c8a3c93608ea3f3b37f4cebdcbdd431c04e50771d495da5f26661141707117cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8a3c93608ea3f3b37f4cebdcbdd431c04e50771d495da5f26661141707117cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.start` used but never assigned in __init__"}, "properties": {"repobilityId": 58405, "scanner": "repobility-ast-engine", "fingerprint": "0f59f5fcf3204f977292be173c6fdb74eb65f9caa010f041247950f0182d2e18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f59f5fcf3204f977292be173c6fdb74eb65f9caa010f041247950f0182d2e18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependencies/updater.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 58434, "scanner": "gitleaks", "fingerprint": "883fe8301ec82e7ead9854b69b44414abd5db42b65acc6eab35bbf4df4974830", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "CLIENT_SECRET=\"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|plugins/macos/spotify|5|client_secret redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/macos/spotify"}, "region": {"startLine": 57}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 58433, "scanner": "gitleaks", "fingerprint": "3c5a69c02eecbf24256288282113459bfda4bd3d18c4ec495160526b6999e432", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AWS_S3_TOKEN=<redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|plugins/dotenv/readme.md|2|aws_s3_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/dotenv/README.md"}, "region": {"startLine": 29}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 58432, "scanner": "gitleaks", "fingerprint": "96fe181150bbd3f172480ad486f0a20ee9a514aef8948850c9a7ccdae2ca2506", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "SECRET_KEY=REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|plugins/dotenv/readme.md|2|secret_key redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["4ace6b43d554f90aeb2bfd041dbfbcb5438e00cbaffbc7453ab3f986734d0b60", "96fe181150bbd3f172480ad486f0a20ee9a514aef8948850c9a7ccdae2ca2506"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/dotenv/README.md"}, "region": {"startLine": 21}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 58431, "scanner": "gitleaks", "fingerprint": "cee77e4c7fb8134b1661e01df7fe5e6b02d3ace624258ab8dc56c51cb71c0709", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AWS_S3_TOKEN=<redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|plugins/dotenv/readme.md|1|aws_s3_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/dotenv/README.md"}, "region": {"startLine": 20}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 58430, "scanner": "gitleaks", "fingerprint": "840136199e35e8769fe4533ad240d3f2704fd5b56d75eb91fa49b13f7ea351ca", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "password: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|password: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["44b6c6a0ee0685cffb5f8efb617d996e18930b064f2325c2d1a9b2a0bf0bb338", "840136199e35e8769fe4533ad240d3f2704fd5b56d75eb91fa49b13f7ea351ca"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/genpass/genpass-apple"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 58421, "scanner": "repobility-threat-engine", "fingerprint": "3d443006f1f17b57db21dfe06c24fb32c160787c2445a7dd49ef9012c3f36c23", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d443006f1f17b57db21dfe06c24fb32c160787c2445a7dd49ef9012c3f36c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "plugins/drush/drush.plugin.zsh"}, "region": {"startLine": 64}}}]}]}]}