{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `_benchmark_algo` (dict): `def _benchmark_algo(... = []/{}/set())` \u2014 Python's def", "shortDescription": {"text": "[MINED109] Mutable default argument in `_benchmark_algo` (dict): `def _benchmark_algo(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates "}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def _benchmark_algo(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `validate` has cognitive complexity 19 (SonarSource scale). Cognitive comp", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `validate` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC031", "name": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternati", "shortDescription": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process"}, "fullDescription": {"text": "Three options, pick one:\n  1. Rewrite the pattern to avoid nested quantifiers. E.g. `(a+)+` is      functionally equivalent to `a+` for matching purposes.\n  2. Use Google's re2 (`pip install google-re2`): linear-time, drop-in      replacement for `re` for most use cases.\n  3. Set a hard timeout: `signal.alarm(1)` before regex eval.\nTest patterns against `safe-regex` or `redos-detector` before shipping."}, "properties": {"scanner": "repobility-threat-engine", "category": "redos", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml` pinned to mutable ref `", "shortDescription": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@main` resolves at workflow-r"}, "fullDescription": {"text": "Replace with: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@<40-char-sha>  # main` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/zizmorcore/zizmor-pre-commit` pinned to mutable rev `v1.24.1`: `.pre-comm", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/zizmorcore/zizmor-pre-commit` pinned to mutable rev `v1.24.1`: `.pre-commit-config.yaml` references `https://github.com/zizmorcore/zizmor-pre-commit` at `rev: v1.24.1`. If `{rev}` is a branch o"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.shell` used but never assigned in __init__: Method `line_profile` of class `CumlAccelMagics` reads `sel", "shortDescription": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `line_profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first"}, "fullDescription": {"text": "Initialize `self.shell = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_import_error_non_existant_file_in_accelerated_module: Test function `test_import_", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_import_error_non_existant_file_in_accelerated_module: Test function `test_import_error_non_existant_file_in_accelerated_module` runs code but contains no assert / expect / should call \u2014 it passes regar"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED011", "name": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match.", "shortDescription": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `", "shortDescription": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import warnings` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED005", "name": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection.", "shortDescription": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1315"}, "properties": {"repository": "rapidsai/cuml", "repoUrl": "https://github.com/rapidsai/cuml", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134238, "scanner": "repobility-ast-engine", "fingerprint": "5e22577074b3851a09b28f51e092abf1f49a6b530438a850c85a602320ad77f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e22577074b3851a09b28f51e092abf1f49a6b530438a850c85a602320ad77f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/upstream/xfail_manager.py"}, "region": {"startLine": 678}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134237, "scanner": "repobility-ast-engine", "fingerprint": "c1d870ce33824ae2255977747e53c50ff809753ac48bc8864694d3e90b77a654", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1d870ce33824ae2255977747e53c50ff809753ac48bc8864694d3e90b77a654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/upstream/xfail_manager.py"}, "region": {"startLine": 575}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134236, "scanner": "repobility-ast-engine", "fingerprint": "adffe8161c6b43a04a05255bf1875f40898b7d3e73689c7b8b3521bdc90cca16", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|adffe8161c6b43a04a05255bf1875f40898b7d3e73689c7b8b3521bdc90cca16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/upstream/xfail_manager.py"}, "region": {"startLine": 499}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_benchmark_algo` (dict): `def _benchmark_algo(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134235, "scanner": "repobility-ast-engine", "fingerprint": "c171cafdf6695ffab8d5fb71524e8745d479a16be6960af18ca025090ae39b21", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c171cafdf6695ffab8d5fb71524e8745d479a16be6960af18ca025090ae39b21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/automated/utils/utils.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134234, "scanner": "repobility-ast-engine", "fingerprint": "165380a5539864fec548001de9e6ff6bd4bdac404efcaefd320cf42afc182d14", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|165380a5539864fec548001de9e6ff6bd4bdac404efcaefd320cf42afc182d14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/experimental/hyperopt_utils/plotting_utils.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134233, "scanner": "repobility-ast-engine", "fingerprint": "b1319700718fa2a946b6160f71c16570677c5850aa25451aa0302d76b83581e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1319700718fa2a946b6160f71c16570677c5850aa25451aa0302d76b83581e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/experimental/hyperopt_utils/plotting_utils.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_docstring` (list): `def generate_docstring(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134231, "scanner": "repobility-ast-engine", "fingerprint": "5adc126954e0a6ae8d5ac354b7a9e9e0ce5d9b4e43d57dc92a9b26749e6111b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5adc126954e0a6ae8d5ac354b7a9e9e0ce5d9b4e43d57dc92a9b26749e6111b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/common/doc_utils.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134230, "scanner": "repobility-ast-engine", "fingerprint": "2f4bfa78f84a39a158a9e47dc23789f97bd254a1c3205a2e976470273942414b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f4bfa78f84a39a158a9e47dc23789f97bd254a1c3205a2e976470273942414b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/health_checks/__main__.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134229, "scanner": "repobility-ast-engine", "fingerprint": "ac3879247c27c0f250155d1ff94c1d5ec9cb6faa002f1cb36a5223635b61b7a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac3879247c27c0f250155d1ff94c1d5ec9cb6faa002f1cb36a5223635b61b7a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/runners.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_run_one_size` (dict): `def _run_one_size(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134228, "scanner": "repobility-ast-engine", "fingerprint": "b1508841e88cce3c6c7436b97610414c0021622bea519c5a2a840b0ae968b002", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1508841e88cce3c6c7436b97610414c0021622bea519c5a2a840b0ae968b002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/runners.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run` (dict): `def run(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134227, "scanner": "repobility-ast-engine", "fingerprint": "efd3df90957e9eb048b890c1796989f67a6448a2e9d8d049687e5cb116b2896e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efd3df90957e9eb048b890c1796989f67a6448a2e9d8d049687e5cb116b2896e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/runners.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_run_one_size` (dict): `def _run_one_size(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134226, "scanner": "repobility-ast-engine", "fingerprint": "d9e6fb3d528c05eb99acb7da23cdc4c33dab6c254c9aa76ea0f4d193f6ce18a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9e6fb3d528c05eb99acb7da23cdc4c33dab6c254c9aa76ea0f4d193f6ce18a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/runners.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run_variations` (list): `def run_variations(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134225, "scanner": "repobility-ast-engine", "fingerprint": "d0e3c9a13954a514e11be0560c42697f8bab8359024bb96163cdfa50de2e3f3e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0e3c9a13954a514e11be0560c42697f8bab8359024bb96163cdfa50de2e3f3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/runners.py"}, "region": {"startLine": 390}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run_cuml` (dict): `def run_cuml(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134224, "scanner": "repobility-ast-engine", "fingerprint": "81d4296687ee15b2ff7c85ba57e2823d8b686f065eded7e617bb8f4bf0f259ff", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81d4296687ee15b2ff7c85ba57e2823d8b686f065eded7e617bb8f4bf0f259ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/algorithms.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run_cpu` (dict): `def run_cpu(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134223, "scanner": "repobility-ast-engine", "fingerprint": "bf3532a336d05368f97b9529bc92d258249c141d314b44ec2c29af72a858603d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf3532a336d05368f97b9529bc92d258249c141d314b44ec2c29af72a858603d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/algorithms.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 134222, "scanner": "repobility-ast-engine", "fingerprint": "a2f8667390630cf9a8b059a56a616bd5ee1ddcb00a0be6898ea3fe79454835f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2f8667390630cf9a8b059a56a616bd5ee1ddcb00a0be6898ea3fe79454835f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/algorithms.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134221, "scanner": "repobility-ast-engine", "fingerprint": "ce682561308657317370c6a037fc366facc45f396e904bb5b3e0eb23383bc526", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce682561308657317370c6a037fc366facc45f396e904bb5b3e0eb23383bc526"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/benchmark/gpu_check.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134218, "scanner": "repobility-ast-engine", "fingerprint": "027f14e8b9f3eadef29fab3e130671ef22231b9d17b1176025e4a2c6e73a0ea4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|027f14e8b9f3eadef29fab3e130671ef22231b9d17b1176025e4a2c6e73a0ea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/runners.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134212, "scanner": "repobility-ast-engine", "fingerprint": "932ea6f4c117d8d6f37bf6311e2179e8123f047c7bdea3880e69be3426871189", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|932ea6f4c117d8d6f37bf6311e2179e8123f047c7bdea3880e69be3426871189"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/pytest_plugin.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134201, "scanner": "repobility-ast-engine", "fingerprint": "54c679f9b8ef6790fb7b0df1110c4ebda90f139ef78aba9300caf25dbbfc3773", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54c679f9b8ef6790fb7b0df1110c4ebda90f139ef78aba9300caf25dbbfc3773"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/dask/test_dask_pca.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134194, "scanner": "repobility-ast-engine", "fingerprint": "cdd9ae597537329a8aa5830f60c8426950b8d29993250079dd7e5a6b68d59316", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdd9ae597537329a8aa5830f60c8426950b8d29993250079dd7e5a6b68d59316"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/conftest.py"}, "region": {"startLine": 369}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134187, "scanner": "repobility-ast-engine", "fingerprint": "236401b1651c7e0a864f75295409a8b5f1509e2ec5f7a80ff03f0e5fc17877bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|236401b1651c7e0a864f75295409a8b5f1509e2ec5f7a80ff03f0e5fc17877bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/umap_dev_tools/web_results_generation.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134186, "scanner": "repobility-ast-engine", "fingerprint": "86d4faaeba955c46961941b7e64d598872f564d96585156e4df5dfa8eb717a25", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86d4faaeba955c46961941b7e64d598872f564d96585156e4df5dfa8eb717a25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/umap_dev_tools/web_results_generation.py"}, "region": {"startLine": 326}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134185, "scanner": "repobility-ast-engine", "fingerprint": "317bd5835b83d96ace762e92a91af1049e6301f5a95d307073c2fa98737c5567", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|317bd5835b83d96ace762e92a91af1049e6301f5a95d307073c2fa98737c5567"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/umap_dev_tools/run_umap_debug.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134156, "scanner": "repobility-ast-engine", "fingerprint": "6e5f3b1cee7f6b624e8444e075dd7cb13f83859388982a311c736585b6247bec", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e5f3b1cee7f6b624e8444e075dd7cb13f83859388982a311c736585b6247bec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/source/sphinxext/github_link.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134155, "scanner": "repobility-ast-engine", "fingerprint": "10c8aa5be71b36f2af800824eb9dfbcd3385035aa57c2c0dc8e7525bf0424579", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10c8aa5be71b36f2af800824eb9dfbcd3385035aa57c2c0dc8e7525bf0424579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/source/sphinxext/github_link.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 134154, "scanner": "repobility-ast-engine", "fingerprint": "ab2bf862b14b76419b677463cea8ee8df7786f93f101b157a7a7ad206103f653", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab2bf862b14b76419b677463cea8ee8df7786f93f101b157a7a7ad206103f653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/source/sphinxext/github_link.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 134153, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134152, "scanner": "repobility-docker", "fingerprint": "c1477ce95d03078dec6c7d9bc05b7e8f01a40aa9ff67c646a3e1e71b5295c7ff", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${PYTHON_PACKAGE_MANAGER}-base", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c1477ce95d03078dec6c7d9bc05b7e8f01a40aa9ff67c646a3e1e71b5295c7ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 134119, "scanner": "repobility-threat-engine", "fingerprint": "60afaa09f805049e61a4187c27a776cfe39be908b603630a9d0499240287c0e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def split(self, X, y):\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|60afaa09f805049e61a4187c27a776cfe39be908b603630a9d0499240287c0e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/model_selection/_split.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 134115, "scanner": "repobility-threat-engine", "fingerprint": "f26e3928d10e7b6140daa84057d6f2c3a8ace927e09b85ef0bbeb2687a4298db", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|85|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/runners.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 134114, "scanner": "repobility-threat-engine", "fingerprint": "1f11a4b5b2aef464248a6dda3c972dcf8b7984944db92a79fbf6025aef7a73c4", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|81|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 134101, "scanner": "repobility-threat-engine", "fingerprint": "f787f99b1909b88ea6cb952946eff3d9da3fdeb29215eccad616c9c5997d1250", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n        cmd,\n        check=False,\n        shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|61|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/scripts/cuda-memcheck.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `validate` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=4, except=1, for=1, if=8, nested_bonus=5."}, "properties": {"repobilityId": 134091, "scanner": "repobility-threat-engine", "fingerprint": "8eaf9b425a19fdf3af1a81d06aba3c9a10bc35460d5b24cac59aa806c03b1c68", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate", "breakdown": {"if": 8, "for": 1, "elif": 4, "except": 1, "nested_bonus": 5}, "complexity": 19, "correlation_key": "fp|8eaf9b425a19fdf3af1a81d06aba3c9a10bc35460d5b24cac59aa806c03b1c68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "SEC031", "level": "warning", "message": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process. CWE-1333. Real CVEs: CVE-2017-16129 (minimatch), CVE-2021-3807 (ansi-regex), and dozens more."}, "properties": {"repobilityId": 134082, "scanner": "repobility-threat-engine", "fingerprint": "43816c52acb785fa61fdb95a9c7b2b0d66f0812aee015de6242509ba65d87b2b", "category": "redos", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "re.compile(r\"^\\d+(?:\\.\\d+)+", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC031", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|43816c52acb785fa61fdb95a9c7b2b0d66f0812aee015de6242509ba65d87b2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 134149, "scanner": "repobility-docker", "fingerprint": "8967ccdc209d42f78b638222f52650771c7a3f689781f0a73ed022e92ce22027", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8967ccdc209d42f78b638222f52650771c7a3f689781f0a73ed022e92ce22027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134147, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a8bf9cbfd5d3d4940ab957c148404a061c538487e7228769edac6aa2286f205", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/_version.py", "duplicate_line": 1, "correlation_key": "fp|9a8bf9cbfd5d3d4940ab957c148404a061c538487e7228769edac6aa2286f205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/libcuml/libcuml/_version.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134146, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad082940a1d5cba23ffc3b34bd395a75fac16ef09af404caa1fbe7793fe5dca9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml_accel_tests/upstream/summarize-results.py", "duplicate_line": 8, "correlation_key": "fp|ad082940a1d5cba23ffc3b34bd395a75fac16ef09af404caa1fbe7793fe5dca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/upstream/xfail_manager.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134145, "scanner": "repobility-ai-code-hygiene", "fingerprint": "023d23b59210f46dcd03ba39930db0ee119e8521e69864577f7f1bc710056c11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/svm/svc.py", "duplicate_line": 35, "correlation_key": "fp|023d23b59210f46dcd03ba39930db0ee119e8521e69864577f7f1bc710056c11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/svm/svr.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134144, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e0b898e0b206de10beb676ddd106beb63fc769480c6b4dad7078c5c0df0169b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/preprocessing/onehotencoder_mg.py", "duplicate_line": 10, "correlation_key": "fp|1e0b898e0b206de10beb676ddd106beb63fc769480c6b4dad7078c5c0df0169b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/preprocessing/ordinalencoder_mg.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134143, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c83cb097f098215335d93fe62f6d1e7163483b8076792dff9e303032c3a2476", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/preprocessing/_label.py", "duplicate_line": 25, "correlation_key": "fp|6c83cb097f098215335d93fe62f6d1e7163483b8076792dff9e303032c3a2476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/preprocessing/label.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134142, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0459267819a61fc2d9686c4f42612899c5fc06155dd6ebb176ea74dd98f0a1a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/preprocessing/encoders.py", "duplicate_line": 152, "correlation_key": "fp|0459267819a61fc2d9686c4f42612899c5fc06155dd6ebb176ea74dd98f0a1a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/preprocessing/encoders.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134141, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a9aba3d8a8500f1b7765dde04bbcd8044866318958503f1eff5529e882a1953", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/linear_model/mbsgd_classifier.py", "duplicate_line": 47, "correlation_key": "fp|1a9aba3d8a8500f1b7765dde04bbcd8044866318958503f1eff5529e882a1953"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/linear_model/mbsgd_regressor.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134140, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb99444dbacbd1262729b9a87132ca9de4b0680f8a681d112a0042b77f22410d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/linear_model/elastic_net.py", "duplicate_line": 68, "correlation_key": "fp|fb99444dbacbd1262729b9a87132ca9de4b0680f8a681d112a0042b77f22410d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/linear_model/lasso.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134139, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31ff82c78448e94f6a0132350359b9c84de0766f74824e2e947483891d7bacc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/feature_extraction/_tfidf_vectorizer.py", "duplicate_line": 8, "correlation_key": "fp|31ff82c78448e94f6a0132350359b9c84de0766f74824e2e947483891d7bacc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/feature_extraction/_vectorizers.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134138, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31f4bb2eefa10b2bb8622a1b0e78485fbc822276a27104633807ddbd6b539b53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/feature_extraction/_tfidf.py", "duplicate_line": 63, "correlation_key": "fp|31f4bb2eefa10b2bb8622a1b0e78485fbc822276a27104633807ddbd6b539b53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/feature_extraction/_tfidf_vectorizer.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134137, "scanner": "repobility-ai-code-hygiene", "fingerprint": "839152f658c1d1ae85214ab233bf47a28c9640adce5a7bbda9831532e635c092", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/ensemble/randomforestclassifier.py", "duplicate_line": 190, "correlation_key": "fp|839152f658c1d1ae85214ab233bf47a28c9640adce5a7bbda9831532e635c092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/ensemble/randomforestregressor.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134136, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90c4e730fb8c0270cc58fe8c48f8bfb6caff1f25d2749def3fe79517faccf9aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/ensemble/randomforestclassifier.py", "duplicate_line": 153, "correlation_key": "fp|90c4e730fb8c0270cc58fe8c48f8bfb6caff1f25d2749def3fe79517faccf9aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/ensemble/randomforestregressor.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134135, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89e499687de0862ece31c9a9c6a0a3e32acf8a9fd94c9516bedd52c69a388851", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/ensemble/randomforestclassifier.py", "duplicate_line": 44, "correlation_key": "fp|89e499687de0862ece31c9a9c6a0a3e32acf8a9fd94c9516bedd52c69a388851"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/ensemble/randomforestclassifier.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134134, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cde93e196df585fd3cb5498930b520e17079e6e468d243b09d55aa7ef3f03205", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/_thirdparty/sklearn/utils/extmath.py", "duplicate_line": 35, "correlation_key": "fp|cde93e196df585fd3cb5498930b520e17079e6e468d243b09d55aa7ef3f03205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/decomposition/incremental_pca.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134133, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21caf685859249bb26a4d2227eece49dfe5db62ef53d50c299c00e50e58147cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/datasets/classification.py", "duplicate_line": 15, "correlation_key": "fp|21caf685859249bb26a4d2227eece49dfe5db62ef53d50c299c00e50e58147cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/datasets/classification.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134132, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4abb239365e58e16b8e319e291f2e70dede60bf30e142af851b14b3d28bbdd6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/linear_model/linear_regression.py", "duplicate_line": 53, "correlation_key": "fp|4abb239365e58e16b8e319e291f2e70dede60bf30e142af851b14b3d28bbdd6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/solvers/cd.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134131, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8e0f7747d35610291e343f72dd5b1a6247ea9eacca550f6a4d55d916d907b2d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/linear_model/ridge.py", "duplicate_line": 42, "correlation_key": "fp|c8e0f7747d35610291e343f72dd5b1a6247ea9eacca550f6a4d55d916d907b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/solvers/cd.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134130, "scanner": "repobility-ai-code-hygiene", "fingerprint": "638dd659a54935f41d4e9631f1d3ebbff16aff08bb0a9356ea5738980aab33b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/neighbors/kneighbors_classifier.py", "duplicate_line": 21, "correlation_key": "fp|638dd659a54935f41d4e9631f1d3ebbff16aff08bb0a9356ea5738980aab33b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/neighbors/nearest_neighbors.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134129, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eaf1cfbbded2a8499f96923567cc445e472aea2207da26a0101ccd3ec5973594", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/neighbors/kneighbors_classifier.py", "duplicate_line": 19, "correlation_key": "fp|eaf1cfbbded2a8499f96923567cc445e472aea2207da26a0101ccd3ec5973594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/neighbors/kneighbors_regressor.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134128, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c19ad7e1bd155313a098ce6758aa1d2f89c919239d7bdd439fdf3fdf3dffdabc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/linear_model/linear_regression.py", "duplicate_line": 52, "correlation_key": "fp|c19ad7e1bd155313a098ce6758aa1d2f89c919239d7bdd439fdf3fdf3dffdabc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/linear_model/ridge.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134127, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1861d8244552cbb20dd943a688341191679ebbd7b7277bedffb55f20b32524b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/linear_model/elastic_net.py", "duplicate_line": 26, "correlation_key": "fp|e1861d8244552cbb20dd943a688341191679ebbd7b7277bedffb55f20b32524b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/linear_model/lasso.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134126, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b746762a14751dc139129eb5bf1bdcf7532d82cf146761fbdd60cbeae615b53d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/ensemble/randomforestclassifier.py", "duplicate_line": 20, "correlation_key": "fp|b746762a14751dc139129eb5bf1bdcf7532d82cf146761fbdd60cbeae615b53d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/ensemble/randomforestregressor.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134125, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7e8a1367cc5cd4233368c53328aed1a171e74fe511aef83cc65c0bd47be9147", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/decomposition/pca.py", "duplicate_line": 141, "correlation_key": "fp|c7e8a1367cc5cd4233368c53328aed1a171e74fe511aef83cc65c0bd47be9147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/decomposition/tsvd.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134124, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de55b9c6d2f622fea173f185fa376871dce766e37e4417a37b5a77f5a9eca88e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/dask/common/input_utils.py", "duplicate_line": 212, "correlation_key": "fp|de55b9c6d2f622fea173f185fa376871dce766e37e4417a37b5a77f5a9eca88e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/common/part_utils.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134123, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d8e03bb94789806a3a8a373db4d96fb1a67fc9af7a36596020d7aa698f5b547", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/cuml/cuml/covariance/empirical_covariance.py", "duplicate_line": 37, "correlation_key": "fp|8d8e03bb94789806a3a8a373db4d96fb1a67fc9af7a36596020d7aa698f5b547"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/covariance/ledoit_wolf.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134122, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6547eecf27227312c8b284668915d5e8337de126cc7c64efb42a96546dd091c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cpp/src/glm/qn/simple_mat/dense.hpp", "duplicate_line": 33, "correlation_key": "fp|6547eecf27227312c8b284668915d5e8337de126cc7c64efb42a96546dd091c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/glm/qn/simple_mat/sparse.hpp"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134121, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb95f012ed55e088dea10cab96f53e518ae2074a7ef6a37500137d2a672a3efe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cpp/include/cuml/linear_model/ols_mg.hpp", "duplicate_line": 21, "correlation_key": "fp|cb95f012ed55e088dea10cab96f53e518ae2074a7ef6a37500137d2a672a3efe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/include/cuml/solvers/cd_mg.hpp"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134120, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df0fb8b890babae2f33733d80f4e0cdb4adee57fa8683facf99dcacf4a452d98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cpp/include/cuml/linear_model/ols_mg.hpp", "duplicate_line": 17, "correlation_key": "fp|df0fb8b890babae2f33733d80f4e0cdb4adee57fa8683facf99dcacf4a452d98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/include/cuml/linear_model/ridge_mg.hpp"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC005", "level": "note", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 134102, "scanner": "repobility-threat-engine", "fingerprint": "9d791422322a217d0225217cdddfc4ed0956f9fd8053f9e28d437aa115214aa9", "category": "injection", "severity": "low", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Command is a hardcoded string literal \u2014 lower risk", "evidence": {"match": "subprocess.check_output(\"%s --version\" % args.exe, shell=True", "reason": "Command is a hardcoded string literal \u2014 lower risk", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "code|injection|token|89|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/scripts/run-clang-tidy.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `release_value` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=2, nested_bonus=4."}, "properties": {"repobilityId": 134093, "scanner": "repobility-threat-engine", "fingerprint": "0d766cc8ae8925643c83351a9eb8e5d079545ea76e440b6816a07991c26f0f87", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "release_value", "breakdown": {"if": 2, "for": 2, "continue": 1, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|0d766cc8ae8925643c83351a9eb8e5d079545ea76e440b6816a07991c26f0f87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=3, if=1, nested_bonus=1, or=3, ternary=1."}, "properties": {"repobilityId": 134092, "scanner": "repobility-threat-engine", "fingerprint": "2364dd4fc20e53d77270db677b291553b0df2991b4bbe061fbc89463a1a9c2cc", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "or": 3, "for": 3, "else": 1, "ternary": 1, "nested_bonus": 1}, "complexity": 10, "correlation_key": "fp|2364dd4fc20e53d77270db677b291553b0df2991b4bbe061fbc89463a1a9c2cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 134151, "scanner": "repobility-docker", "fingerprint": "a8d5b13a294d398c04c0029920e77e97f0e06b8dec516def2bc4e1147efabe2c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${PYTHON_PACKAGE_MANAGER}-base", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a8d5b13a294d398c04c0029920e77e97f0e06b8dec516def2bc4e1147efabe2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 134150, "scanner": "repobility-docker", "fingerprint": "97db342f43ee34a21eef991b9ff5411d2a3672dd08a87b1b71b9b48c99414dc2", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|97db342f43ee34a21eef991b9ff5411d2a3672dd08a87b1b71b9b48c99414dc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 134148, "scanner": "repobility-docker", "fingerprint": "56907fa6b55a71678fb267e74f65b0bd13f15fd22272a8e536ecf0c06e98b0b1", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|56907fa6b55a71678fb267e74f65b0bd13f15fd22272a8e536ecf0c06e98b0b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134113, "scanner": "repobility-threat-engine", "fingerprint": "4a4c5a139f4d19cfc4265466c023ca2373c26735363e6195974784884a7ac954", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a4c5a139f4d19cfc4265466c023ca2373c26735363e6195974784884a7ac954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/dask/decomposition/pca.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134112, "scanner": "repobility-threat-engine", "fingerprint": "e90418bce49c7d21266519c48427d64c0ca5521cfee6b7210cbb797a808542a1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e90418bce49c7d21266519c48427d64c0ca5521cfee6b7210cbb797a808542a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/source/sphinxext/github_link.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 134107, "scanner": "repobility-threat-engine", "fingerprint": "b7c1605aedab4ccb7a0808ebf537fc9846a4fe6288fc4602c05b3899fe137cc3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7c1605aedab4ccb7a0808ebf537fc9846a4fe6288fc4602c05b3899fe137cc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/tsne/tsne_runner.cuh"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 134106, "scanner": "repobility-threat-engine", "fingerprint": "43c581b8dc4cd4a518b96cbd3e0fd40c301e4044e5fd4b9a69c57a3189f423a6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43c581b8dc4cd4a518b96cbd3e0fd40c301e4044e5fd4b9a69c57a3189f423a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/tsne/tsne.cu"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 134100, "scanner": "repobility-threat-engine", "fingerprint": "efeaca944886b3512430ee5f5bdee33fb69915167a1ecc8ba25791b9c3e16b46", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|efeaca944886b3512430ee5f5bdee33fb69915167a1ecc8ba25791b9c3e16b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/examples/kmeans/prepare_input.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 134099, "scanner": "repobility-threat-engine", "fingerprint": "87a112e57fb3120f5c19879f64356d333c1622c98d4626402117a5b18a1da828", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|87a112e57fb3120f5c19879f64356d333c1622c98d4626402117a5b18a1da828"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/examples/dbscan/gen_dataset.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 134098, "scanner": "repobility-threat-engine", "fingerprint": "719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 62 more): Same pattern found in 62 additional files. Review if needed."}, "properties": {"repobilityId": 134094, "scanner": "repobility-threat-engine", "fingerprint": "75d4ddfc8ca6eb751539ebe7056fa65e50c16d03d66a5534fd4e353ef77460c4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 62 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "validate", "breakdown": {"if": 8, "for": 1, "elif": 4, "except": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 19, "correlation_key": "fp|75d4ddfc8ca6eb751539ebe7056fa65e50c16d03d66a5534fd4e353ef77460c4", "aggregated_count": 62}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 134090, "scanner": "repobility-threat-engine", "fingerprint": "cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd4ff08cbb509778875d04bc81c4d5dddf6eb913fbf65972cae2187283af5035", "aggregated_count": 12}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134089, "scanner": "repobility-threat-engine", "fingerprint": "4bc33d2bddfa8973663cf3142e21870f23c22ffe7e11d88f3835ef55cd111ef6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4bc33d2bddfa8973663cf3142e21870f23c22ffe7e11d88f3835ef55cd111ef6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/__main__.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134088, "scanner": "repobility-threat-engine", "fingerprint": "5cd1a5ff6d19db37d203adbf884b607c465c082d1ebf0f7fdbe36a80353dc369", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5cd1a5ff6d19db37d203adbf884b607c465c082d1ebf0f7fdbe36a80353dc369"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/__init__.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134087, "scanner": "repobility-threat-engine", "fingerprint": "5efe447a63c06cf3a75e94c99b6cb9646d57880a11555ce57c6ce03306705c58", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5efe447a63c06cf3a75e94c99b6cb9646d57880a11555ce57c6ce03306705c58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 134086, "scanner": "repobility-threat-engine", "fingerprint": "95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "aggregated_count": 2}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134274, "scanner": "repobility-supply-chain", "fingerprint": "0ee4e1073c8a112c82bac724c5e0a33e8cb4504c8960f68b39dcae1d723cc3f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ee4e1073c8a112c82bac724c5e0a33e8cb4504c8960f68b39dcae1d723cc3f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 334}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134273, "scanner": "repobility-supply-chain", "fingerprint": "cf48a9dfe8a07081264be5eb70b5a8292e540efd1f8b19e50d095f419033ce31", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf48a9dfe8a07081264be5eb70b5a8292e540efd1f8b19e50d095f419033ce31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-build.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-build.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134272, "scanner": "repobility-supply-chain", "fingerprint": "d4dedd814b510ed5da094623174cadd59ab65e81cdf4439db5105c3d4a8edc6b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4dedd814b510ed5da094623174cadd59ab65e81cdf4439db5105c3d4a8edc6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/custom-job.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/custom-job.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134271, "scanner": "repobility-supply-chain", "fingerprint": "76b8ba84d32d1a16e287a783a032578bbdc4ec2b87aad86ba1d9b1a9c1af452a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76b8ba84d32d1a16e287a783a032578bbdc4ec2b87aad86ba1d9b1a9c1af452a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/checks.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/checks.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134270, "scanner": "repobility-supply-chain", "fingerprint": "b88d366e78d69ddc0e12dd68fb5150a9f88d9c4e7479232180662383c3097768", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b88d366e78d69ddc0e12dd68fb5150a9f88d9c4e7479232180662383c3097768"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/changed-files.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/changed-files.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134269, "scanner": "repobility-supply-chain", "fingerprint": "fa985b26c895c5451b42eb6ddf375af64ea0f0d10c0754e0879fe558039406e8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa985b26c895c5451b42eb6ddf375af64ea0f0d10c0754e0879fe558039406e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-actions/check_nightly_success/dispatch` pinned to mutable ref `@main`: `uses: rapidsai/shared-actions/check_nightly_success/dispatch@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134268, "scanner": "repobility-supply-chain", "fingerprint": "fd06d9fc8ca38e683ffea63ffdb00cc838fbefc99bf0f9b9a006e8fd0e11385c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd06d9fc8ca38e683ffea63ffdb00cc838fbefc99bf0f9b9a006e8fd0e11385c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-actions/telemetry-dispatch-stash-base-env-vars` pinned to mutable ref `@main`: `uses: rapidsai/shared-actions/telemetry-dispatch-stash-base-env-vars@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134267, "scanner": "repobility-supply-chain", "fingerprint": "182d94955c99cf379f687ae9f01b9dc524065f481fd4bd1dadd038be99ead194", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|182d94955c99cf379f687ae9f01b9dc524065f481fd4bd1dadd038be99ead194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/pr-builder.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/pr-builder.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134266, "scanner": "repobility-supply-chain", "fingerprint": "8f12b940de8a487a4e2b03f4bf2a68001f9efecfd73af2a0562e2fb146b7ae13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f12b940de8a487a4e2b03f4bf2a68001f9efecfd73af2a0562e2fb146b7ae13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/project-get-set-single-select-field.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/project-get-set-single-select-field.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134265, "scanner": "repobility-supply-chain", "fingerprint": "b58e824bd3ccff1829cf6fba4dad8e0ae9237867491e07d85c8cc02cb1cddb5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b58e824bd3ccff1829cf6fba4dad8e0ae9237867491e07d85c8cc02cb1cddb5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_issue_status_automation.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/project-get-set-single-select-field.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/project-get-set-single-select-field.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134264, "scanner": "repobility-supply-chain", "fingerprint": "de59d0c3008e31a02cd5a4103a5d62dd575d421ac69ac74cb072285af1314023", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de59d0c3008e31a02cd5a4103a5d62dd575d421ac69ac74cb072285af1314023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_issue_status_automation.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/project-get-item-id.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/project-get-item-id.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134263, "scanner": "repobility-supply-chain", "fingerprint": "e4968ffde9dbfe90131885931738f468a462acbc4a828d865d61b2b66c52b19c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4968ffde9dbfe90131885931738f468a462acbc4a828d865d61b2b66c52b19c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_issue_status_automation.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/breaking-change-alert.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/breaking-change-alert.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134262, "scanner": "repobility-supply-chain", "fingerprint": "e6de12d994b1b1169bb839c67e5a0aa5c7e472e2c81e61b04f9ea2b5fc526c43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6de12d994b1b1169bb839c67e5a0aa5c7e472e2c81e61b04f9ea2b5fc526c43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/trigger-breaking-change-alert.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/wheels-test.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/wheels-test.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134261, "scanner": "repobility-supply-chain", "fingerprint": "7616bc7f133e823d75009b63f9d2944a5480d45b29999ebd4312c9e072213b3a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7616bc7f133e823d75009b63f9d2944a5480d45b29999ebd4312c9e072213b3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/wheels-test.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/wheels-test.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134260, "scanner": "repobility-supply-chain", "fingerprint": "79652de27f3b9a9e687c6b7eeaad6e9765876c3efa5a11b51c496ef27fe318d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79652de27f3b9a9e687c6b7eeaad6e9765876c3efa5a11b51c496ef27fe318d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/wheels-test.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/wheels-test.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134259, "scanner": "repobility-supply-chain", "fingerprint": "5cbc759e21cf75ca4c9b3e988015cbb99d2f6c5323281911d02a96b08b8a54da", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cbc759e21cf75ca4c9b3e988015cbb99d2f6c5323281911d02a96b08b8a54da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/wheels-test.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/wheels-test.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134258, "scanner": "repobility-supply-chain", "fingerprint": "feb427dd0672c420cf519f6d6137e4a5af2897045d13837f68197c4d3d84a639", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|feb427dd0672c420cf519f6d6137e4a5af2897045d13837f68197c4d3d84a639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/custom-job.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/custom-job.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134257, "scanner": "repobility-supply-chain", "fingerprint": "d8ae5e5b7b162ff8b68375cc898874e4b248cd5fd775a3d98f44fef6a7d4b264", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8ae5e5b7b162ff8b68375cc898874e4b248cd5fd775a3d98f44fef6a7d4b264"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134256, "scanner": "repobility-supply-chain", "fingerprint": "c479fd1550cff85736e22e79f695d9810d223042987ee81417b44428b04edbd8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c479fd1550cff85736e22e79f695d9810d223042987ee81417b44428b04edbd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134255, "scanner": "repobility-supply-chain", "fingerprint": "9494092f90e3938c0e3914d0f0aae34179f75764055e298198bb50c5b9980ea1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9494092f90e3938c0e3914d0f0aae34179f75764055e298198bb50c5b9980ea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134254, "scanner": "repobility-supply-chain", "fingerprint": "6306aa6cc190783e3edbacd385bb1f51bb6fc55e7320d95990bf02f05b544937", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6306aa6cc190783e3edbacd385bb1f51bb6fc55e7320d95990bf02f05b544937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134253, "scanner": "repobility-supply-chain", "fingerprint": "ddbd2529bcc662ae12de4ed72d95508b9185fc16ddc8ec3cef288b8115e25ce9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ddbd2529bcc662ae12de4ed72d95508b9185fc16ddc8ec3cef288b8115e25ce9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-python-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134252, "scanner": "repobility-supply-chain", "fingerprint": "ee998a0fef521d9bfef593661fd0eeab759edcf0fb717879cb7c6e2a5f586f68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee998a0fef521d9bfef593661fd0eeab759edcf0fb717879cb7c6e2a5f586f68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-tests.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-tests.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134251, "scanner": "repobility-supply-chain", "fingerprint": "47381874f2c37dc5395a6f9261d3ed2b4970ff2a5576d38741c17817380d7749", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47381874f2c37dc5395a6f9261d3ed2b4970ff2a5576d38741c17817380d7749"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml` pinned to mutable ref `@main`: `uses: rapidsai/shared-workflows/.github/workflows/conda-cpp-post-build-checks.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134250, "scanner": "repobility-supply-chain", "fingerprint": "f870afb2df630664392247e81c40768584cd9803cf7f1adefa9b9e9db85a34db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f870afb2df630664392247e81c40768584cd9803cf7f1adefa9b9e9db85a34db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/zizmorcore/zizmor-pre-commit` pinned to mutable rev `v1.24.1`: `.pre-commit-config.yaml` references `https://github.com/zizmorcore/zizmor-pre-commit` at `rev: v1.24.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134249, "scanner": "repobility-supply-chain", "fingerprint": "5c5aa9d9d16a6710c2dc04d24e54d638c1d56c1ec732da4c8dabab1bb983872e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5c5aa9d9d16a6710c2dc04d24e54d638c1d56c1ec732da4c8dabab1bb983872e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/shellcheck-py/shellcheck-py` pinned to mutable rev `v0.10.0.1`: `.pre-commit-config.yaml` references `https://github.com/shellcheck-py/shellcheck-py` at `rev: v0.10.0.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134248, "scanner": "repobility-supply-chain", "fingerprint": "96603a97ae59e7e15352d9aa3340f5bf3ce61b9cdc14323422ef240034f6c96a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96603a97ae59e7e15352d9aa3340f5bf3ce61b9cdc14323422ef240034f6c96a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/rapidsai/dependency-file-generator` pinned to mutable rev `v1.20.0`: `.pre-commit-config.yaml` references `https://github.com/rapidsai/dependency-file-generator` at `rev: v1.20.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134247, "scanner": "repobility-supply-chain", "fingerprint": "5ba921efd723ccda5b61ca28b8783e85838ecf14375ae0c920b37ff2cc72fa14", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ba921efd723ccda5b61ca28b8783e85838ecf14375ae0c920b37ff2cc72fa14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/rapidsai/pre-commit-hooks` pinned to mutable rev `v1.4.2`: `.pre-commit-config.yaml` references `https://github.com/rapidsai/pre-commit-hooks` at `rev: v1.4.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134246, "scanner": "repobility-supply-chain", "fingerprint": "3fdbbf9673c168b6ccca25d8e11ca7401a092e2de257c11bba4396e6e3df6b5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3fdbbf9673c168b6ccca25d8e11ca7401a092e2de257c11bba4396e6e3df6b5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.1`: `.pre-commit-config.yaml` references `https://github.com/codespell-project/codespell` at `rev: v2.4.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134245, "scanner": "repobility-supply-chain", "fingerprint": "7e5b93c22957487216c40266dacc1d7dce5dd6fce069b070f7cc7093f4afa0f3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e5b93c22957487216c40266dacc1d7dce5dd6fce069b070f7cc7093f4afa0f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-clang-format` pinned to mutable rev `v20.1.8`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-clang-format` at `rev: v20.1.8`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134244, "scanner": "repobility-supply-chain", "fingerprint": "8016f0e45854dfdb33760018c2b56e36f6df1635b09e84135153464228aad22b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8016f0e45854dfdb33760018c2b56e36f6df1635b09e84135153464228aad22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/MarcoGorelli/cython-lint` pinned to mutable rev `v0.16.6`: `.pre-commit-config.yaml` references `https://github.com/MarcoGorelli/cython-lint` at `rev: v0.16.6`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134243, "scanner": "repobility-supply-chain", "fingerprint": "df177eff9704740b63a81e26165945ea5763ef4aac261bf34e4422130352a869", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df177eff9704740b63a81e26165945ea5763ef4aac261bf34e4422130352a869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pycqa/isort` pinned to mutable rev `5.13.2`: `.pre-commit-config.yaml` references `https://github.com/pycqa/isort` at `rev: 5.13.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134242, "scanner": "repobility-supply-chain", "fingerprint": "d1f8888ca0f08bd125fe7d92dd142f057c840468442dd750789fa62d2c8f5506", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1f8888ca0f08bd125fe7d92dd142f057c840468442dd750789fa62d2c8f5506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.3`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.14.3`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134241, "scanner": "repobility-supply-chain", "fingerprint": "5f42b3e4b617fcf5dcc8343e9feb1c87f551e84316de8d7fdbe2145e08468c85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f42b3e4b617fcf5dcc8343e9feb1c87f551e84316de8d7fdbe2145e08468c85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v5.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v5.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 134240, "scanner": "repobility-supply-chain", "fingerprint": "2b7b036456949476206636218a27975d42a8a5da6b9ff55662a1ce1c4a27c61d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b7b036456949476206636218a27975d42a8a5da6b9ff55662a1ce1c4a27c61d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `line_profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134217, "scanner": "repobility-ast-engine", "fingerprint": "a234741821182e6b974cc37b3369299b6b7e263feabaa573c2513dc2544b1709", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a234741821182e6b974cc37b3369299b6b7e263feabaa573c2513dc2544b1709"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `line_profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134216, "scanner": "repobility-ast-engine", "fingerprint": "bc22c8c1d5dddf99736c647144996360091dd0cd833912d6eb25e4246c92ddb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc22c8c1d5dddf99736c647144996360091dd0cd833912d6eb25e4246c92ddb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `line_profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134215, "scanner": "repobility-ast-engine", "fingerprint": "d00058bdd5a96cad94275599366eed8b723a8a87665f68111763dd620b878c8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d00058bdd5a96cad94275599366eed8b723a8a87665f68111763dd620b878c8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134214, "scanner": "repobility-ast-engine", "fingerprint": "b12c00e92f2df16e7ada63830ffbccd22a0d1cf688ee9a291cd5b72ab5c990ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b12c00e92f2df16e7ada63830ffbccd22a0d1cf688ee9a291cd5b72ab5c990ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.shell` used but never assigned in __init__: Method `profile` of class `CumlAccelMagics` reads `self.shell`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134213, "scanner": "repobility-ast-engine", "fingerprint": "0fdaa6a69308984f34f7a76f0c17625cf0ae4d45f7967f20d3231007c3c69b2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fdaa6a69308984f34f7a76f0c17625cf0ae4d45f7967f20d3231007c3c69b2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_pop_timer` used but never assigned in __init__: Method `_trace` of class `LineProfiler` reads `self._maybe_pop_timer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134211, "scanner": "repobility-ast-engine", "fingerprint": "d7d84fee4001358ea21ad789e2f895219601370ee599415550b0783a46726502", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7d84fee4001358ea21ad789e2f895219601370ee599415550b0783a46726502"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_pop_timer` used but never assigned in __init__: Method `_trace` of class `LineProfiler` reads `self._maybe_pop_timer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134210, "scanner": "repobility-ast-engine", "fingerprint": "2bd7d7688b4f8a893273c1997eb584a8daa8e00f0b3eb48316299f3de494ee3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bd7d7688b4f8a893273c1997eb584a8daa8e00f0b3eb48316299f3de494ee3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 480}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._trace` used but never assigned in __init__: Method `_trace` of class `LineProfiler` reads `self._trace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134209, "scanner": "repobility-ast-engine", "fingerprint": "735cf54fb52b9609ee7bb4e2eda35f941a137db2772a232a81e73cb1db57807f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|735cf54fb52b9609ee7bb4e2eda35f941a137db2772a232a81e73cb1db57807f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 489}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.print_report` used but never assigned in __init__: Method `__exit__` of class `LineProfiler` reads `self.print_report`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134208, "scanner": "repobility-ast-engine", "fingerprint": "c5ed925b3bb1130ac079e435f03bab2a5f41e1f49263494856319fffdfadac79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5ed925b3bb1130ac079e435f03bab2a5f41e1f49263494856319fffdfadac79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 461}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_time` used but never assigned in __init__: Method `__exit__` of class `LineProfiler` reads `self._start_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134207, "scanner": "repobility-ast-engine", "fingerprint": "cfdeb7351b1d41e5a4800d6f3dffb2595dd467ae3f70db4e6b15f2626173ff2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfdeb7351b1d41e5a4800d6f3dffb2595dd467ae3f70db4e6b15f2626173ff2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 457}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.start` used but never assigned in __init__: Method `__enter__` of class `LineProfiler` reads `self.start`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134206, "scanner": "repobility-ast-engine", "fingerprint": "c3df86c239c338dc3348495227e8e1ed88fc114236585363507af364931c26e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3df86c239c338dc3348495227e8e1ed88fc114236585363507af364931c26e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._trace` used but never assigned in __init__: Method `start` of class `LineProfiler` reads `self._trace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134205, "scanner": "repobility-ast-engine", "fingerprint": "dc2401477e5c156e098ac46b8e7dfedf48aa81827aa5748d73a5bfbf0aec5739", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc2401477e5c156e098ac46b8e7dfedf48aa81827aa5748d73a5bfbf0aec5739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 442}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._trace` used but never assigned in __init__: Method `start` of class `LineProfiler` reads `self._trace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134204, "scanner": "repobility-ast-engine", "fingerprint": "aa152eefd8d54b3d2b20f4fc97173d325c0f003ffe00b5cdd62cdc8faaa2c47f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa152eefd8d54b3d2b20f4fc97173d325c0f003ffe00b5cdd62cdc8faaa2c47f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 437}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_time` used but never assigned in __init__: Method `start` of class `LineProfiler` reads `self._start_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134203, "scanner": "repobility-ast-engine", "fingerprint": "1247b9fd4ef726e10de712d4a67335d09614759d223f20c708dc3cfeffae558b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1247b9fd4ef726e10de712d4a67335d09614759d223f20c708dc3cfeffae558b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._old_trace` used but never assigned in __init__: Method `start` of class `LineProfiler` reads `self._old_trace`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134202, "scanner": "repobility-ast-engine", "fingerprint": "6aaded25e275dd351ba3ec635e6e28795730deb07b7376b1e054f312c06fb926", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6aaded25e275dd351ba3ec635e6e28795730deb07b7376b1e054f312c06fb926"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/profilers.py"}, "region": {"startLine": 439}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.direct_call` used but never assigned in __init__: Method `nested_call` of class `MyEstimator` reads `self.direct_call`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134197, "scanner": "repobility-ast-engine", "fingerprint": "1fd754e3253eb1c719cf2735491195d83a16fec051bd97e98ccf09eb8bce9118", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fd754e3253eb1c719cf2735491195d83a16fec051bd97e98ccf09eb8bce9118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_reflection.py"}, "region": {"startLine": 542}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_event` used but never assigned in __init__: Method `on_train_end` of class `Callback` reads `self.train_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134193, "scanner": "repobility-ast-engine", "fingerprint": "09fba50cc25fcae16682bb46b6524042ddecff5f5774737d284f329b10dbe316", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09fba50cc25fcae16682bb46b6524042ddecff5f5774737d284f329b10dbe316"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 1004}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.epoch_event` used but never assigned in __init__: Method `on_epoch_end` of class `Callback` reads `self.epoch_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134192, "scanner": "repobility-ast-engine", "fingerprint": "7ac392d9e15fe147ded11ae373fdaeea997d1957ca55981797938fec64707fee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac392d9e15fe147ded11ae373fdaeea997d1957ca55981797938fec64707fee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 1001}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.preprocess_event` used but never assigned in __init__: Method `on_preprocess_end` of class `Callback` reads `self.preprocess_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134191, "scanner": "repobility-ast-engine", "fingerprint": "eb312a85d5995f5574f25a2e3541f51702880be96a871877e09ffe80f1fc422d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb312a85d5995f5574f25a2e3541f51702880be96a871877e09ffe80f1fc422d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 998}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.epoch_event` used but never assigned in __init__: Method `check` of class `Callback` reads `self.epoch_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134190, "scanner": "repobility-ast-engine", "fingerprint": "5716350f0f17f071f739872aeb10f15e883f24b020af0eff96205b28f4ffe5d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5716350f0f17f071f739872aeb10f15e883f24b020af0eff96205b28f4ffe5d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 994}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_event` used but never assigned in __init__: Method `check` of class `Callback` reads `self.train_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134189, "scanner": "repobility-ast-engine", "fingerprint": "eb06d81bba0eb0745bc29f923caaa113b8346120a47ebd9291b33ba7001db4f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb06d81bba0eb0745bc29f923caaa113b8346120a47ebd9291b33ba7001db4f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 995}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.preprocess_event` used but never assigned in __init__: Method `check` of class `Callback` reads `self.preprocess_event`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134188, "scanner": "repobility-ast-engine", "fingerprint": "8c6de209d0662ed05351ae61aaf4161476e31ba1726a8608ff1f715b5f485043", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c6de209d0662ed05351ae61aaf4161476e31ba1726a8608ff1f715b5f485043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_umap.py"}, "region": {"startLine": 993}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.n_features_in_` used but never assigned in __init__: Method `fit` of class `HostTransformer` reads `self.n_features_in_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134184, "scanner": "repobility-ast-engine", "fingerprint": "ffaf05174814a290e692f3784ef1cdcbed8ef99a61a772512da44b1460607fb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffaf05174814a290e692f3784ef1cdcbed8ef99a61a772512da44b1460607fb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_pipeline.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.kwargs` used but never assigned in __init__: Method `__call__` of class `MockMethod` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134183, "scanner": "repobility-ast-engine", "fingerprint": "765159b37e67d0e15d55e3e4a3291aae1c05fdd4095f1e5919a392492062a866", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|765159b37e67d0e15d55e3e4a3291aae1c05fdd4095f1e5919a392492062a866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_pipeline.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.args` used but never assigned in __init__: Method `__call__` of class `MockMethod` reads `self.args`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 134182, "scanner": "repobility-ast-engine", "fingerprint": "199f0ea5273e9fe92b4875973049cfc31bffd1ded52400d02b3aa6fd90a2a1d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|199f0ea5273e9fe92b4875973049cfc31bffd1ded52400d02b3aa6fd90a2a1d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_pipeline.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_import_error_non_existant_file_in_accelerated_module: Test function `test_import_error_non_existant_file_in_accelerated_module` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134181, "scanner": "repobility-ast-engine", "fingerprint": "f6d361cc7d63335d1c975a1aeb00603675182709a077f69d57452e9e53001ce2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6d361cc7d63335d1c975a1aeb00603675182709a077f69d57452e9e53001ce2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_accelerator.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_metadata_routing_consumed: Test function `test_metadata_routing_consumed` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134180, "scanner": "repobility-ast-engine", "fingerprint": "a7c50b67ce34d78211fa1ec08f2ab3776eda852b5b591e5a7efffe3f9cbe91b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7c50b67ce34d78211fa1ec08f2ab3776eda852b5b591e5a7efffe3f9cbe91b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_estimator_proxy.py"}, "region": {"startLine": 855}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_incremental_pca_rejects_unsupported_fit_params: Test function `test_incremental_pca_rejects_unsupported_fit_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134179, "scanner": "repobility-ast-engine", "fingerprint": "fc848b56738129e862598e87f5f3ecd7ff4962a0cf3ccd4a64bb8a0542e0b09c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc848b56738129e862598e87f5f3ecd7ff4962a0cf3ccd4a64bb8a0542e0b09c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_estimator_proxy.py"}, "region": {"startLine": 781}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fit_validates_params: Test function `test_fit_validates_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134178, "scanner": "repobility-ast-engine", "fingerprint": "be044bdd179286de727f202be24b08a130a57e427a602889c412faa4ce4da113", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be044bdd179286de727f202be24b08a130a57e427a602889c412faa4ce4da113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_estimator_proxy.py"}, "region": {"startLine": 673}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fit_warm_start: Test function `test_fit_warm_start` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134177, "scanner": "repobility-ast-engine", "fingerprint": "d6d9c69271ea83d6ac75c9707445d5ca29fe534dd635531eb3e3977bd73d8b93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6d9c69271ea83d6ac75c9707445d5ca29fe534dd635531eb3e3977bd73d8b93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_estimator_proxy.py"}, "region": {"startLine": 628}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_BaseEstimator__validate_params: Test function `test_BaseEstimator__validate_params` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134176, "scanner": "repobility-ast-engine", "fingerprint": "74bca6c76bb5f0ac2d3918f093bbf3b37a518c8e8c70d78d700d6354bbae48aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74bca6c76bb5f0ac2d3918f093bbf3b37a518c8e8c70d78d700d6354bbae48aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_estimator_proxy.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cli_verbose: Test function `test_cli_verbose` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134175, "scanner": "repobility-ast-engine", "fingerprint": "cc81c2ccf25ad2db68dd6fdd6571d2da8cc7b8f21c7906c0bf2493b5be38758b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc81c2ccf25ad2db68dd6fdd6571d2da8cc7b8f21c7906c0bf2493b5be38758b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_cli.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_log_level_magic: Test function `test_log_level_magic` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134174, "scanner": "repobility-ast-engine", "fingerprint": "3fde58722fbcf9ef57aa69f30326297a919a3d6e2bbf15af5481d6a6a244a294", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3fde58722fbcf9ef57aa69f30326297a919a3d6e2bbf15af5481d6a6a244a294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_magics.py"}, "region": {"startLine": 321}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_magic_cudf_pandas_after: Test function `test_magic_cudf_pandas_after` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134173, "scanner": "repobility-ast-engine", "fingerprint": "ba388b599dc6dc16b1c382ffea40d871d61682d052152c4a8a8f08b7395f90b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba388b599dc6dc16b1c382ffea40d871d61682d052152c4a8a8f08b7395f90b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_magics.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_magic_cudf_pandas_before: Test function `test_magic_cudf_pandas_before` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134172, "scanner": "repobility-ast-engine", "fingerprint": "b126cb314b5fd5c2e798a02102e68080bc681d39debd7443215addf816da0393", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b126cb314b5fd5c2e798a02102e68080bc681d39debd7443215addf816da0393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_magics.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_magic: Test function `test_magic` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134171, "scanner": "repobility-ast-engine", "fingerprint": "f3c801bf486e6dc9a9e4b966def5706ee86bfc67a6cb4783ec8740a67dcbedf4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3c801bf486e6dc9a9e4b966def5706ee86bfc67a6cb4783ec8740a67dcbedf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_magics.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_k_neighbors_regressor: Test function `test_k_neighbors_regressor` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134170, "scanner": "repobility-ast-engine", "fingerprint": "1de4f040ebed1d9008af9e7c021d89e6f5503d7a55642305ac19a8c9c53be5ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1de4f040ebed1d9008af9e7c021d89e6f5503d7a55642305ac19a8c9c53be5ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_k_neighbors_classifier: Test function `test_k_neighbors_classifier` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134169, "scanner": "repobility-ast-engine", "fingerprint": "8d81bcae34493ba6972d10378b74357bc99e4da981246016948f376780223ae1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d81bcae34493ba6972d10378b74357bc99e4da981246016948f376780223ae1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_spectral_embedding: Test function `test_spectral_embedding` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134168, "scanner": "repobility-ast-engine", "fingerprint": "10757e4e8e139e9c47010847cf1579a6e5afce12902a0f8ca3ca317db482973c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10757e4e8e139e9c47010847cf1579a6e5afce12902a0f8ca3ca317db482973c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tsne: Test function `test_tsne` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134167, "scanner": "repobility-ast-engine", "fingerprint": "446d3d729153b27da5c3a19c72e5b547cb4630caccce9bc645c2441787f062fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|446d3d729153b27da5c3a19c72e5b547cb4630caccce9bc645c2441787f062fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_lasso: Test function `test_lasso` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134166, "scanner": "repobility-ast-engine", "fingerprint": "ffdc03de842fbcf33577ed53d66409af83360cf50f82bbd411a5b5eaa8c20802", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffdc03de842fbcf33577ed53d66409af83360cf50f82bbd411a5b5eaa8c20802"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_ridge: Test function `test_ridge` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134165, "scanner": "repobility-ast-engine", "fingerprint": "d4cdd929514dda119fbfbfbc58675ea3260377a69c5b28c722c1b05ce6bda8ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4cdd929514dda119fbfbfbc58675ea3260377a69c5b28c722c1b05ce6bda8ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_elastic_net: Test function `test_elastic_net` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134164, "scanner": "repobility-ast-engine", "fingerprint": "8db5c66e41d0d204a6877b753ba63a72c21d66a03d8604803316f881d05e2cea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8db5c66e41d0d204a6877b753ba63a72c21d66a03d8604803316f881d05e2cea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_logistic_regression: Test function `test_logistic_regression` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134163, "scanner": "repobility-ast-engine", "fingerprint": "a2db311bb0ec59e4c06820177446f12f3578398c19b6c92033d3e21cda94c38e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2db311bb0ec59e4c06820177446f12f3578398c19b6c92033d3e21cda94c38e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_linear_regression: Test function `test_linear_regression` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134162, "scanner": "repobility-ast-engine", "fingerprint": "c6239e65df801802a27a1bd8008e50893e1cb8f34e1f0e2b902c77ba39712de3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6239e65df801802a27a1bd8008e50893e1cb8f34e1f0e2b902c77ba39712de3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_truncated_svd: Test function `test_truncated_svd` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134161, "scanner": "repobility-ast-engine", "fingerprint": "97970dde13c12c36404177a2fd1922a3489450197222bb13f0007adc43f288da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97970dde13c12c36404177a2fd1922a3489450197222bb13f0007adc43f288da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_pca: Test function `test_pca` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134160, "scanner": "repobility-ast-engine", "fingerprint": "6dc8400ad1ece5c8cac410e95293cee0c3adfbb2f8e797b384787c5db89ed23c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6dc8400ad1ece5c8cac410e95293cee0c3adfbb2f8e797b384787c5db89ed23c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_spectral_clustering: Test function `test_spectral_clustering` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134159, "scanner": "repobility-ast-engine", "fingerprint": "073554b056e74e041ecb77568edb657378c660a2b01dd76eee2c3dc82dd9b24e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|073554b056e74e041ecb77568edb657378c660a2b01dd76eee2c3dc82dd9b24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_dbscan: Test function `test_dbscan` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134158, "scanner": "repobility-ast-engine", "fingerprint": "21d320bfc0818a2bba60ff5ef212d9545b42c59d7ad176487fcb6bc10e6e203c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21d320bfc0818a2bba60ff5ef212d9545b42c59d7ad176487fcb6bc10e6e203c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_kmeans: Test function `test_kmeans` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 134157, "scanner": "repobility-ast-engine", "fingerprint": "e628f75f979b0baa4b2e61ae8f7cb873640cb949694a86f4b1e43a7a658cc4ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e628f75f979b0baa4b2e61ae8f7cb873640cb949694a86f4b1e43a7a658cc4ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml_accel_tests/test_basic_estimators.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 134118, "scanner": "repobility-threat-engine", "fingerprint": "d47fd508e059e0c26461e01d1c8fce6d1f0c82b81d6ba66f49ce940cfb85ca70", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d47fd508e059e0c26461e01d1c8fce6d1f0c82b81d6ba66f49ce940cfb85ca70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/runners.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 134117, "scanner": "repobility-threat-engine", "fingerprint": "b7178180ce34cb26d60163f242a1620ee604972af7a2ce9715d77dbdab76690f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b7178180ce34cb26d60163f242a1620ee604972af7a2ce9715d77dbdab76690f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/runners.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 134116, "scanner": "repobility-threat-engine", "fingerprint": "884faa942096c26327eb81c8ae9010d1682199fea9fc49851c563ed1c9d03367", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(block", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|884faa942096c26327eb81c8ae9010d1682199fea9fc49851c563ed1c9d03367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/magics.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 134109, "scanner": "repobility-threat-engine", "fingerprint": "8ce6f9427754d9f7f5480b33a990302b38b9c2711cb7a4c31f90257bd0404f71", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ce6f9427754d9f7f5480b33a990302b38b9c2711cb7a4c31f90257bd0404f71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/umap/umap.cuh"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 134108, "scanner": "repobility-threat-engine", "fingerprint": "0a110f201be7435e9f5431e2938d5ee7cb7ec0d5c90bf9944f31ddc36bb026db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a110f201be7435e9f5431e2938d5ee7cb7ec0d5c90bf9944f31ddc36bb026db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/umap/optimize.cuh"}, "region": {"startLine": 171}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 134105, "scanner": "repobility-threat-engine", "fingerprint": "149a2d25ee6856d9fa5a0544823ef63a9b50a6a71898cb7f5b2b8728947257da", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"version ([0-9]+\\.[0-9]+\\.[0-9]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|148|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/scripts/run-clang-tidy.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 134104, "scanner": "repobility-threat-engine", "fingerprint": "64443ed0d6200a29e47454b48b3fbb0da9d1ad9f7a4496a601ca1056598247d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64443ed0d6200a29e47454b48b3fbb0da9d1ad9f7a4496a601ca1056598247d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/scripts/run-clang-tidy.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 134103, "scanner": "repobility-threat-engine", "fingerprint": "5b86878605b94b2cbe70bd29a5c3f140cf1f8fc8d672d91706cf73894d461fe8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b86878605b94b2cbe70bd29a5c3f140cf1f8fc8d672d91706cf73894d461fe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/scripts/cuda-memcheck.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134097, "scanner": "repobility-threat-engine", "fingerprint": "880ad07d1582bd9f9939105179f340b723e644693515c1b7fa65ba68deb00261", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "out.update(estimators)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|880ad07d1582bd9f9939105179f340b723e644693515c1b7fa65ba68deb00261"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/_thirdparty/sklearn/utils/skl_dependencies.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134096, "scanner": "repobility-threat-engine", "fingerprint": "dfb19f6ec7e8e7db8311364076c5b0298c3a47006a3577f04504a3c8f838574f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "split_reg.update({this->quesval, this->colid, this->best_metric_val, this->nLeft});", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dfb19f6ec7e8e7db8311364076c5b0298c3a47006a3577f04504a3c8f838574f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src/decisiontree/batched-levelalgo/split.cuh"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134095, "scanner": "repobility-threat-engine", "fingerprint": "0e9376e3318b14332af7bb64022cd3f6cc8d0344b10eed49ff7c42dae366a270", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "attrDict.update(file=fileName, classname=\"\", line=\"\", name=\"\", time=\"\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0e9376e3318b14332af7bb64022cd3f6cc8d0344b10eed49ff7c42dae366a270"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/utils/nbtestlog2junitxml.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134085, "scanner": "repobility-threat-engine", "fingerprint": "aacb05d8cec8f3b79b1e6d737255c9e06381b4e5ad82a2b4270c998ed4c3488e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aacb05d8cec8f3b79b1e6d737255c9e06381b4e5ad82a2b4270c998ed4c3488e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/accel/__main__.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134084, "scanner": "repobility-threat-engine", "fingerprint": "7653b072d92d2db2371f6706ad33c71b0d3fe4bce7ea82ee94d6708f193d5274", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7653b072d92d2db2371f6706ad33c71b0d3fe4bce7ea82ee94d6708f193d5274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/__init__.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 134083, "scanner": "repobility-threat-engine", "fingerprint": "ea6d694fef4ecb7bf81a3c74faf9bc211d0c2984c7ec0400c09075662625b42c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea6d694fef4ecb7bf81a3c74faf9bc211d0c2984c7ec0400c09075662625b42c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134081, "scanner": "repobility-threat-engine", "fingerprint": "74d3da749c2b3e6d41de9022e01b65503e214fcc2dd9c9f27503a6624b12b3b9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|74d3da749c2b3e6d41de9022e01b65503e214fcc2dd9c9f27503a6624b12b3b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 134080, "scanner": "repobility-threat-engine", "fingerprint": "3734bf716061593e5159644567d5e7d8def81c60ee55d44b61b613b6c036fc9c", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|. token|119|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134239, "scanner": "repobility-ast-engine", "fingerprint": "9089a94e0063eae9f1b86d92e6791696312c7481c1f5dc75f38f700d1bf6c38e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9089a94e0063eae9f1b86d92e6791696312c7481c1f5dc75f38f700d1bf6c38e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/check_pr_release_target.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134232, "scanner": "repobility-ast-engine", "fingerprint": "a590b38bb3437ae0372932ead767643cffa9a36ccf946e37601431ae47f133fc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a590b38bb3437ae0372932ead767643cffa9a36ccf946e37601431ae47f133fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/testing/test_preproc_utils.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134220, "scanner": "repobility-ast-engine", "fingerprint": "6395d1b7d8a1c708b48a08f37c47a12b4ec2113b81d6523ef6046e5ea2e1789e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6395d1b7d8a1c708b48a08f37c47a12b4ec2113b81d6523ef6046e5ea2e1789e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/internals/base.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134219, "scanner": "repobility-ast-engine", "fingerprint": "f68aa5bbb3ec61174371e84446b8b042763be724dd6dbe6e75033c296b640ef2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f68aa5bbb3ec61174371e84446b8b042763be724dd6dbe6e75033c296b640ef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/cuml/internals/validation.py"}, "region": {"startLine": 419}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `copy` used but not imported: The file uses `copy.something(...)` but never imports `copy`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134200, "scanner": "repobility-ast-engine", "fingerprint": "11de8e908fab41e5739d1cab0b02dc2be916c7af1608c3e42851682268599726", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11de8e908fab41e5739d1cab0b02dc2be916c7af1608c3e42851682268599726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_text_feature_extraction.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134199, "scanner": "repobility-ast-engine", "fingerprint": "87b7584fa8a9058a1bb2c6c08a738987663563da5ef01dd8e2d93fb830314a1a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87b7584fa8a9058a1bb2c6c08a738987663563da5ef01dd8e2d93fb830314a1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_input_utils.py"}, "region": {"startLine": 427}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134198, "scanner": "repobility-ast-engine", "fingerprint": "2d43f4c77bd4fa2750b90611db6589918d7cbec4bc808b252e5f820c7cc33514", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d43f4c77bd4fa2750b90611db6589918d7cbec4bc808b252e5f820c7cc33514"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_array.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134196, "scanner": "repobility-ast-engine", "fingerprint": "22f4c21371f1dc709771c9f0e1d298174444e20985d09d290faa48c72ecd7a5a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22f4c21371f1dc709771c9f0e1d298174444e20985d09d290faa48c72ecd7a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_strategies.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 134195, "scanner": "repobility-ast-engine", "fingerprint": "24cd0e3c6574f6309227268b235c48a3879e1393ea32b6f3548a0e0698a3204d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24cd0e3c6574f6309227268b235c48a3879e1393ea32b6f3548a0e0698a3204d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/cuml/tests/test_validation.py"}, "region": {"startLine": 1037}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 134111, "scanner": "repobility-threat-engine", "fingerprint": "7f466c4a58eea6a0850da109e3927656dfdefbf22ff58c8e81a534cb9351f460", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f466c4a58eea6a0850da109e3927656dfdefbf22ff58c8e81a534cb9351f460"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src_prims/matrix/reverse.cuh"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED005", "level": "error", "message": {"text": "[MINED005] Lua Loadstring: loadstring/load executes Lua code. Code injection."}, "properties": {"repobilityId": 134110, "scanner": "repobility-threat-engine", "fingerprint": "406dfa44723b37c18875dc0f1bd5d7016e2f72025adb2b01e6958d34d34881e2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "lua-loadstring", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["lua"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347908+00:00", "triaged_in_corpus": 20, "observations_count": 291730, "ai_coder_pattern_id": 169}, "scanner": "repobility-threat-engine", "correlation_key": "fp|406dfa44723b37c18875dc0f1bd5d7016e2f72025adb2b01e6958d34d34881e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cpp/src_prims/linalg/batched/gemv.cuh"}, "region": {"startLine": 75}}}]}]}]}