{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `minio` image uses the latest tag", "shortDescription": {"text": "Compose service `minio` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "depends_on controls startup order, but without condition: service_healthy an app can start while the database is still initializing and fail intermittently."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "SEC033", "name": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without fil", "shortDescription": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting ever"}, "fullDescription": {"text": "Sanitize keys BEFORE merge:\n  function sanitize(obj) {\n    delete obj.__proto__;\n    delete obj.constructor;\n    delete obj.prototype;\n    return obj;\n  }\nOr use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "SEC009", "name": "[SEC009] .env File Committed: .env file with secrets committed to repository.", "shortDescription": {"text": "[SEC009] .env File Committed: .env file with secrets committed to repository."}, "fullDescription": {"text": "Add .env to .gitignore. Rotate all exposed credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_ENV_FILE", "name": ".env file committed to repository", "shortDescription": {"text": ".env file committed to repository"}, "fullDescription": {"text": "Remove .env from version control: git rm --cached .env. Add '.env' to .gitignore. Rotate all exposed credentials."}, "properties": {"scanner": "repobility-core", "category": "security", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/451"}, "properties": {"repository": "be-BOP-io-SA/be-BOP", "repoUrl": "https://github.com/be-BOP-io-SA/be-BOP.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 23461, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 23460, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `minio` image uses the latest tag"}, "properties": {"repobilityId": 23445, "scanner": "repobility-docker", "fingerprint": "6881e44c82a6a6e1c36736e9c445e5546c5e7588c588c39caf554087323353e4", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "quay.io/minio/minio:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6881e44c82a6a6e1c36736e9c445e5546c5e7588c588c39caf554087323353e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKC016", "level": "warning", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 23444, "scanner": "repobility-docker", "fingerprint": "f2eb03f4a94fd6fa0cd6cf1b50327cbce953cb322d3b7cd619b7fee23dea9eab", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dependency database has a healthcheck but the app does not use condition: service_healthy.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "bebop", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f2eb03f4a94fd6fa0cd6cf1b50327cbce953cb322d3b7cd619b7fee23dea9eab", "dependency_has_healthcheck": true}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 23439, "scanner": "repobility-docker", "fingerprint": "834b8d65b9f3bc9fb68fed2d01f674f5856e71305c56822deae7b3c610d66616", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|834b8d65b9f3bc9fb68fed2d01f674f5856e71305c56822deae7b3c610d66616"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 23459, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 23458, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 23457, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 23456, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 23448, "scanner": "repobility-docker", "fingerprint": "3b0ff0e6cb8bb9a4b660669f26a7552454549f4539008ad302e88e5173afc135", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "minio", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|3b0ff0e6cb8bb9a4b660669f26a7552454549f4539008ad302e88e5173afc135"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 23443, "scanner": "repobility-docker", "fingerprint": "7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "bebop", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 23441, "scanner": "repobility-docker", "fingerprint": "2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "bebop", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 23440, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cab92b9055f248e79c6189c231205400ec1dc1aeebb8ed73acc9fcce740450c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/TagWidget/TagWidgetVariation1.svelte", "duplicate_line": 29, "correlation_key": "fp|cab92b9055f248e79c6189c231205400ec1dc1aeebb8ed73acc9fcce740450c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/TagWidget/TagWidgetVariation2.svelte"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85ae366be6cd5001f7e0e0e3806038cea078968c16b672e994537fd80cf22c8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/TagWidget/TagWidgetVariation1.svelte", "duplicate_line": 1, "correlation_key": "fp|85ae366be6cd5001f7e0e0e3806038cea078968c16b672e994537fd80cf22c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/TagWidget/TagWidgetVariation1noBG.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "024c815dbe77b49b40fc8608c9f73ef97633d1741ab34dc888f1d6b077a1e403", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/TagWidget/TagWidgetVariation1.svelte", "duplicate_line": 1, "correlation_key": "fp|024c815dbe77b49b40fc8608c9f73ef97633d1741ab34dc888f1d6b077a1e403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/TagWidget/TagWidgetVariation1Reverse.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8dd0335d60b6f691ba518fc9f1f9b3e41446b66e69e1a47b640a8d863260253", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/TagWidget/TagWidgetVariation1.svelte", "duplicate_line": 1, "correlation_key": "fp|e8dd0335d60b6f691ba518fc9f1f9b3e41446b66e69e1a47b640a8d863260253"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/TagWidget/TagWidgetVariation1CTAless.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d98cec20411cf2fff78ba1196815e07247b55985d3c5327f2aac36ddb450803", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetList.svelte", "duplicate_line": 106, "correlation_key": "fp|3d98cec20411cf2fff78ba1196815e07247b55985d3c5327f2aac36ddb450803"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMobile.svelte"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae1266f93538441b2e9c5c0072749b56ba5b4bd585d661e086423bd26f46c501", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetCalendar.svelte", "duplicate_line": 196, "correlation_key": "fp|ae1266f93538441b2e9c5c0072749b56ba5b4bd585d661e086423bd26f46c501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMobile.svelte"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab8ab797f1d0eb78ba91cd65f64495610cb4a513a08292b5114c92660a96c341", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetMain.svelte", "duplicate_line": 6, "correlation_key": "fp|ab8ab797f1d0eb78ba91cd65f64495610cb4a513a08292b5114c92660a96c341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMobile.svelte"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df147dbde09175ed7df632c807ab95f7d2c48b5f20e1859a53f0764d4ba385d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetList.svelte", "duplicate_line": 115, "correlation_key": "fp|df147dbde09175ed7df632c807ab95f7d2c48b5f20e1859a53f0764d4ba385d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMainLight.svelte"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09e09a8760167b8fd2c245dcfb2f8d2322af64e0f04db6d54039e9b7715b1c4e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetCalendar.svelte", "duplicate_line": 196, "correlation_key": "fp|09e09a8760167b8fd2c245dcfb2f8d2322af64e0f04db6d54039e9b7715b1c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMainLight.svelte"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15e91bdf4ad4d72ee4478126474a4e9bc1e61ebbb4a354d8f30b417c908275ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetMain.svelte", "duplicate_line": 6, "correlation_key": "fp|15e91bdf4ad4d72ee4478126474a4e9bc1e61ebbb4a354d8f30b417c908275ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMainLight.svelte"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "720f647727054990966939f3201c1791209fa52e8ad84866316841e6d0da9769", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetList.svelte", "duplicate_line": 106, "correlation_key": "fp|720f647727054990966939f3201c1791209fa52e8ad84866316841e6d0da9769"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMain.svelte"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06e67b14337f758b80cf5381bed4d7af9ac595992fa578fd6201dbee3997f1d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetCalendar.svelte", "duplicate_line": 196, "correlation_key": "fp|06e67b14337f758b80cf5381bed4d7af9ac595992fa578fd6201dbee3997f1d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetMain.svelte"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09631109af00f30ac5d3b72caa0781d0cccd3bddd91167d7967fe4702705f171", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ScheduleWidget/ScheduleWidgetCalendar.svelte", "duplicate_line": 39, "correlation_key": "fp|09631109af00f30ac5d3b72caa0781d0cccd3bddd91167d7967fe4702705f171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ScheduleWidget/ScheduleWidgetList.svelte"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ddc5925af3a5b731acffd32b7e62e5efcfa5efe2df5641c8c20aca0de24443f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation5.svelte", "duplicate_line": 1, "correlation_key": "fp|1ddc5925af3a5b731acffd32b7e62e5efcfa5efe2df5641c8c20aca0de24443f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation6.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14d41a8450b2667779b9b505a375242d410395f2ed979c1133ea8d1ce31566eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetMobile.svelte", "duplicate_line": 41, "correlation_key": "fp|14d41a8450b2667779b9b505a375242d410395f2ed979c1133ea8d1ce31566eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation4.svelte"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1455bce8e8826999ef1566af0564561ffbb63a78f32d7ed502d3bfaa42c8f1b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation2.svelte", "duplicate_line": 41, "correlation_key": "fp|1455bce8e8826999ef1566af0564561ffbb63a78f32d7ed502d3bfaa42c8f1b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation4.svelte"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2699b6bfbf942e77e1244ffdd4ee89789b51cff56cfcc9f3bca0600baaf8619", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation3.svelte", "duplicate_line": 23, "correlation_key": "fp|a2699b6bfbf942e77e1244ffdd4ee89789b51cff56cfcc9f3bca0600baaf8619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation4.svelte"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6562756b750f3c0aa1cfd3597faec722ec093266226b589c94f473dd09ce2b79", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation0.svelte", "duplicate_line": 4, "correlation_key": "fp|6562756b750f3c0aa1cfd3597faec722ec093266226b589c94f473dd09ce2b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation4.svelte"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a9a12e4772d91e5d2498001c809e596e0176aab92316df533a433de5556be5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation1.svelte", "duplicate_line": 47, "correlation_key": "fp|2a9a12e4772d91e5d2498001c809e596e0176aab92316df533a433de5556be5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation3.svelte"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a32716fddeeb9785a973616c74222fc45cb6a48f1c5b198a0e690375b51ac2af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetMobile.svelte", "duplicate_line": 41, "correlation_key": "fp|a32716fddeeb9785a973616c74222fc45cb6a48f1c5b198a0e690375b51ac2af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation3.svelte"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdc8b94c939b8a230897c9192c78bbf726ab8ac14f36aa34d00ca897fea6c6d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation2.svelte", "duplicate_line": 9, "correlation_key": "fp|cdc8b94c939b8a230897c9192c78bbf726ab8ac14f36aa34d00ca897fea6c6d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation3.svelte"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc1e6c12fd7e01e1a420ac60cadc3e453a9a5cb24324aa887fed5e0bf9e77c6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation0.svelte", "duplicate_line": 4, "correlation_key": "fp|dc1e6c12fd7e01e1a420ac60cadc3e453a9a5cb24324aa887fed5e0bf9e77c6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation3.svelte"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14345cdac3edc61fbda986dc5b6e3acb6f343a0eb95348ae6a6c00d28242e8cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation1.svelte", "duplicate_line": 47, "correlation_key": "fp|14345cdac3edc61fbda986dc5b6e3acb6f343a0eb95348ae6a6c00d28242e8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation2.svelte"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "792a84c065ae24081cbe652751b18d032db7ed58dc8257968c412c7e02a88533", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetMobile.svelte", "duplicate_line": 41, "correlation_key": "fp|792a84c065ae24081cbe652751b18d032db7ed58dc8257968c412c7e02a88533"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation2.svelte"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d73b7090cf66a25dd4265ac1a0e7b3173ed64f8435652eed87c098d8e8dc7744", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation0.svelte", "duplicate_line": 4, "correlation_key": "fp|d73b7090cf66a25dd4265ac1a0e7b3173ed64f8435652eed87c098d8e8dc7744"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation2.svelte"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55a2abdad8d066abb8b72087163ebfa5c5e739a4b07b6cb49c16e897395115e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetMobile.svelte", "duplicate_line": 41, "correlation_key": "fp|55a2abdad8d066abb8b72087163ebfa5c5e739a4b07b6cb49c16e897395115e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation1.svelte"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "588037509577b92ecf132b61049b14e1c52904895a4e68fef298ea113813d175", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductWidget/ProductWidgetVariation0.svelte", "duplicate_line": 4, "correlation_key": "fp|588037509577b92ecf132b61049b14e1c52904895a4e68fef298ea113813d175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductWidget/ProductWidgetVariation1.svelte"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d37266eb2be6f5363b59ca562f55a1cc975c348745a119b1d43963b5e864c1fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/ProductType/ProductTypeDeposit.svelte", "duplicate_line": 1, "correlation_key": "fp|d37266eb2be6f5363b59ca562f55a1cc975c348745a119b1d43963b5e864c1fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/ProductType/ProductTypePreorder.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6b4fb8c9890c4ed62060260ee8ed7c0c80b43a21e21d56acd7715a8ec8ac04a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/Order/BitcoinPayment.svelte", "duplicate_line": 14, "correlation_key": "fp|c6b4fb8c9890c4ed62060260ee8ed7c0c80b43a21e21d56acd7715a8ec8ac04a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/Order/LightningPayment.svelte"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6b0aaa2103e97103946a22fe23c82a43c82bc127d4e2c82d099badc59db0e1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/components/CmsDesign.svelte", "duplicate_line": 35, "correlation_key": "fp|b6b0aaa2103e97103946a22fe23c82a43c82bc127d4e2c82d099badc59db0e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/components/CmsPage.svelte"}, "region": {"startLine": 32}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 23401, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23436, "scanner": "repobility-threat-engine", "fingerprint": "929d6979ec498f4ee69b74fe8e0b51d260dcf3bafede8f82a21bb724fc5ecc8c", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log('tokens', tokens, claims)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|src/routes/ app /oauth/ slug /callback/+server.ts|3|console.log tokens tokens claims"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/oauth/[slug]/callback/+server.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 23435, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23455, "scanner": "repobility-journey-contract", "fingerprint": "be44c52544b158f2fb1dbd87a1957d45132344250a20dcbc3affc441e431ac4e", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash / token|11|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/swiss-bitcoin-pay/+page.svelte"}, "region": {"startLine": 11}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23454, "scanner": "repobility-journey-contract", "fingerprint": "84663fd3cc49a882f98b3b806efd6161df9932369a576f53a4acd240f97e46e4", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /sumup/+page.svelte|27|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/sumup/+page.svelte"}, "region": {"startLine": 27}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23453, "scanner": "repobility-journey-contract", "fingerprint": "4ac50d68c9f4acc59962e5db8fe5d48c380ab243daec5d55961f6343a19ff762", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /phoenixd/+page.svelte|86|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/phoenixd/+page.svelte"}, "region": {"startLine": 86}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23452, "scanner": "repobility-journey-contract", "fingerprint": "140985f1e70daa121cdbf92d2dd34b9fa02ed2dcbf7167a2d64cf1351b32abf1", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /paypal/+page.svelte|32|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/paypal/+page.svelte"}, "region": {"startLine": 32}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23451, "scanner": "repobility-journey-contract", "fingerprint": "cfb564755e4888368c6dba443243886f3c49aa7432d81b4c377e2ac7d52bf0a4", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /nostr/+page.svelte|81|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/nostr/+page.svelte"}, "region": {"startLine": 81}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23450, "scanner": "repobility-journey-contract", "fingerprint": "a8cce46996b8078a86cd5f0720a5bd93bd39d4c9f2e5306a4885e40da80ed4ca", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /login/reset/ token /+page.svelte|53|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/login/reset/[token]/+page.svelte"}, "region": {"startLine": 53}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23449, "scanner": "repobility-journey-contract", "fingerprint": "a9ae7152afb7bad1a4e58639c2781e457bfceab568f51e6a1d070692b81663b8", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/routes/ app /admin hash admin_hash /btcpay-server/+page.svelte|57|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/btcpay-server/+page.svelte"}, "region": {"startLine": 57}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 23447, "scanner": "repobility-docker", "fingerprint": "affebd12a4cf5f2747d49d4f8b268f9a4b0f2eda0dd24d00e33e883404a71b20", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9000:9000", "target": "9000", "host_ip": "", "published": "9000"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "minio", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|affebd12a4cf5f2747d49d4f8b268f9a4b0f2eda0dd24d00e33e883404a71b20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC033", "level": "error", "message": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie)."}, "properties": {"repobilityId": 23437, "scanner": "repobility-threat-engine", "fingerprint": "cea66790d6a19e16b42c3c0c86fab91bf8eefa73d42c2a409dd3a018512b8dce", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "[params.lang] =", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC033", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cea66790d6a19e16b42c3c0c86fab91bf8eefa73d42c2a409dd3a018512b8dce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/script/language/[lang].js/+server.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23434, "scanner": "repobility-threat-engine", "fingerprint": "5eb0ac8f8ae39f694f82f69dfc7e03802f3d5d57433808920a6ea1d9853a833a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n\t\t\tg", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5eb0ac8f8ae39f694f82f69dfc7e03802f3d5d57433808920a6ea1d9853a833a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/picture/prepare/+server.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23433, "scanner": "repobility-threat-engine", "fingerprint": "7eb9cc84926a0982102eee621c26d3199ced56b70e760d605a96c7f964451795", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(O", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7eb9cc84926a0982102eee621c26d3199ced56b70e760d605a96c7f964451795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/nostr/+page.server.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23432, "scanner": "repobility-threat-engine", "fingerprint": "6d1ffc3c4707615f8d83257975fed16574b6db11966db55180fce8976ccb11d9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n\t\t\tg", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d1ffc3c4707615f8d83257975fed16574b6db11966db55180fce8976ccb11d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/routes/(app)/admin[[hash=admin_hash]]/digital-file/prepare/+server.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 23446, "scanner": "repobility-docker", "fingerprint": "66a6b11282a826ce51ec2e60d85771aad7c07e0cef1006de68056a87c9a071bf", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "minio", "variable": "MINIO_ACCESS_KEY", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|66a6b11282a826ce51ec2e60d85771aad7c07e0cef1006de68056a87c9a071bf", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 23442, "scanner": "repobility-docker", "fingerprint": "3578f5096ab76b66267b02bdee17078c6017ecb468cf340245c98b45581375ec", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "bebop", "variable": "S3_KEY_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|3578f5096ab76b66267b02bdee17078c6017ecb468cf340245c98b45581375ec", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC009", "level": "error", "message": {"text": "[SEC009] .env File Committed: .env file with secrets committed to repository."}, "properties": {"repobilityId": 23438, "scanner": "repobility-threat-engine", "fingerprint": "5d2991e6b2f00e4b61d743d1035228f1df1aa036f7a4897f3fc085baaab5fc55", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": ".env file exists in repository root", "evidence": {"reason": ".env file exists in repository root", "rule_id": "SEC009", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d2991e6b2f00e4b61d743d1035228f1df1aa036f7a4897f3fc085baaab5fc55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".env"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_ENV_FILE", "level": "error", "message": {"text": ".env file committed to repository"}, "properties": {"repobilityId": 23400, "scanner": "repobility-core", "fingerprint": "23cf83b5b9ef2fbf14bfabb5febcb625a2b459499bad568b550a990d3c7e1f81", "category": "security", "severity": "critical", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_ENV_FILE", "scanner": "repobility-core", "correlation_key": "fp|23cf83b5b9ef2fbf14bfabb5febcb625a2b459499bad568b550a990d3c7e1f81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".env"}, "region": {"startLine": 1}}}]}]}]}