{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/397"}, "properties": {"repository": "Mirascope/mirascope", "repoUrl": "https://github.com/Mirascope/mirascope.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 13050, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 13044, "scanner": "repobility-threat-engine", "fingerprint": "f2e86cba73aada7ed6da0fe52364578804ed0718a539f76bb46ba365844719c7", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.2 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD = \"<redacted>\"", "reason": "Low entropy value (3.2 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|website/server-entry.ts|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "website/server-entry.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 13043, "scanner": "repobility-agent-runtime", "fingerprint": "b8a99ea9d411f32272013182cb686369e432114b6a02e337a90b8989e68e1fed", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b8a99ea9d411f32272013182cb686369e432114b6a02e337a90b8989e68e1fed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/docs/v1/docs/getting-started/contributing.mdx"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13042, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87f93cad403c73da1c0c8f75e9307336d57c66eca78af2efe54cb086fbb14165", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/google/provider.py", "duplicate_line": 59, "correlation_key": "fp|87f93cad403c73da1c0c8f75e9307336d57c66eca78af2efe54cb086fbb14165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/openai/completions/base_provider.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13041, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6201e110102cae4b9f3aa9ab516a4598f94b3cfbafebcc5acefbd4595fe0625", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/errors.py", "duplicate_line": 15, "correlation_key": "fp|c6201e110102cae4b9f3aa9ab516a4598f94b3cfbafebcc5acefbd4595fe0625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/openai/_utils/errors.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13040, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db054acaa4f1a292bfad2403aff71d67d3937e40ec2714f31330abb844df8972", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/beta_provider.py", "duplicate_line": 7, "correlation_key": "fp|db054acaa4f1a292bfad2403aff71d67d3937e40ec2714f31330abb844df8972"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/mlx/provider.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13039, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca4870752c7d3f21ab6433b982ac72eb30cd8db148c5905e3f8711840bf1e413", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/beta_provider.py", "duplicate_line": 7, "correlation_key": "fp|ca4870752c7d3f21ab6433b982ac72eb30cd8db148c5905e3f8711840bf1e413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/mirascope/provider.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13038, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cbf7d44410afc1e4591036dfc8511f1a140f2441f4950eca749331c5203311e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/beta_provider.py", "duplicate_line": 7, "correlation_key": "fp|2cbf7d44410afc1e4591036dfc8511f1a140f2441f4950eca749331c5203311e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/google/provider.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13037, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2eee6b4ea7bc867947b211bfc957c0e3b8fcad6db6078c48c549a7d32f85af60", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/encode.py", "duplicate_line": 10, "correlation_key": "fp|2eee6b4ea7bc867947b211bfc957c0e3b8fcad6db6078c48c549a7d32f85af60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/google/_utils/encode.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13036, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79d3659d8c2f02f083d6f195b3cf975d3837c0952e1e9fcdd78901a0c63b02b5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/decode.py", "duplicate_line": 17, "correlation_key": "fp|79d3659d8c2f02f083d6f195b3cf975d3837c0952e1e9fcdd78901a0c63b02b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/google/_utils/decode.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13035, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a3792a5459f077042681390dcf2de25d07d0f022b0b079bfd7169c758eef192", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/beta_decode.py", "duplicate_line": 17, "correlation_key": "fp|2a3792a5459f077042681390dcf2de25d07d0f022b0b079bfd7169c758eef192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/google/_utils/decode.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13034, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4aefa986756b408209eb9f7abaec8929136f036565c602cdb4c98229777f41f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/beta_provider.py", "duplicate_line": 9, "correlation_key": "fp|f4aefa986756b408209eb9f7abaec8929136f036565c602cdb4c98229777f41f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/anthropic/provider.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13033, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75f8c290dc4f45aa63cdbc46a20ce3c9238d3684be7056d6f608ac6bc308ed3b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/beta_encode.py", "duplicate_line": 220, "correlation_key": "fp|75f8c290dc4f45aa63cdbc46a20ce3c9238d3684be7056d6f608ac6bc308ed3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/anthropic/_utils/encode.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13032, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2756218b6e916759b2699169750f7396d0f6bb03ebef90c810727338d2dbc962", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/providers/anthropic/_utils/beta_decode.py", "duplicate_line": 17, "correlation_key": "fp|2756218b6e916759b2699169750f7396d0f6bb03ebef90c810727338d2dbc962"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/providers/anthropic/_utils/decode.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 13031, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32056d88800d13e3e6402042968897a3753f478a2d2785adebdf433f402a4eaf", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "python/mirascope/llm/prompts/__init__.py", "duplicate_line": 7, "correlation_key": "fp|32056d88800d13e3e6402042968897a3753f478a2d2785adebdf433f402a4eaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/mirascope/llm/prompts/decorator.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 13051, "scanner": "repobility-web-presence", "fingerprint": "052aa8852fc018b17598c08d59db12d8e107d7f78f11d9feb59b45fe048af8b3", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|052aa8852fc018b17598c08d59db12d8e107d7f78f11d9feb59b45fe048af8b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/tests/e2e/input/cassettes/test_authentication_error/anthropic_beta_claude_sonnet_4_0.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 13049, "scanner": "repobility-threat-engine", "fingerprint": "8efac5e922a95e692dbebb6834eefe1462562ceffa88fada3b7dbdff48fc5504", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "console.log(`Input tokens: ${response.usage.inputTokens}`)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|console.log input tokens: response.usage.inputtokens"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "typescript/examples/responses/usage.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 13048, "scanner": "repobility-threat-engine", "fingerprint": "9a728bf1fe65219fe512bcb07ece5c3f3160bf367fd9189ecaa3fb2759ede91a", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(\"Response was truncated due to token limit\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|1|console.log response was truncated due to token limit"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "typescript/examples/responses/finish-reason.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 13047, "scanner": "repobility-threat-engine", "fingerprint": "3d8a09f182cfa046b80d87d4554ea1c2e87f4a9a735b5f003aa0c9bef460d712", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|47|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "typescript/src/llm/retries/utils.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 13046, "scanner": "repobility-threat-engine", "fingerprint": "72a1a49003c354d4def9600e04b6a3d34390fee15ac0814cb110a01f999f8044", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|81|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "typescript/src/ops/_internal/closure.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 13045, "scanner": "repobility-threat-engine", "fingerprint": "b722e63b98bd11a4c8cc562be125a8024299457280f58321cf8c693b4c1202c3", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|27|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "website/app/components/mdx/elements/mermaid-diagram.tsx"}, "region": {"startLine": 27}}}]}]}]}