{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC094", "name": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Port", "shortDescription": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "fullDescription": {"text": "Use 0600 for files, 0700 for dirs that should be private."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `firebase-functions-test` is 3 major version(s) behind (^0.2.0 -> 3.5.0)", "shortDescription": {"text": "npm package `firebase-functions-test` is 3 major version(s) behind (^0.2.0 -> 3.5.0)"}, "fullDescription": {"text": "`firebase-functions-test` is pinned/resolved at ^0.2.0 but the latest stable release on the npm registry is 3.5.0 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5030", "name": "golang.org/x/net: GO-2026-5030", "shortDescription": {"text": "golang.org/x/net: GO-2026-5030"}, "fullDescription": {"text": "Invoking duplicate attributes can cause XSS in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5029", "name": "golang.org/x/net: GO-2026-5029", "shortDescription": {"text": "golang.org/x/net: GO-2026-5029"}, "fullDescription": {"text": "Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5028", "name": "golang.org/x/net: GO-2026-5028", "shortDescription": {"text": "golang.org/x/net: GO-2026-5028"}, "fullDescription": {"text": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5027", "name": "golang.org/x/net: GO-2026-5027", "shortDescription": {"text": "golang.org/x/net: GO-2026-5027"}, "fullDescription": {"text": "Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5026", "name": "golang.org/x/net: GO-2026-5026", "shortDescription": {"text": "golang.org/x/net: GO-2026-5026"}, "fullDescription": {"text": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5025", "name": "golang.org/x/net: GO-2026-5025", "shortDescription": {"text": "golang.org/x/net: GO-2026-5025"}, "fullDescription": {"text": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC032", "name": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without valida", "shortDescription": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served direc"}, "fullDescription": {"text": "Validate THREE things server-side:\n  1. Extension allowlist:\n       ALLOWED = {'.png', '.jpg', '.pdf'}\n       ext = Path(file.filename).suffix.lower()\n       if ext not in ALLOWED: abort(400)\n  2. Magic-byte check (don't trust the extension):\n       import magic\n       mime = magic.from_buffer(file.read(2048), mime=True)\n  3. Save with a random/UUID filename to a non-executable directory.\nSanitize with `werkzeug.secure_filename`. Never reuse the user's name."}, "properties": {"scanner": "repobility-threat-engine", "category": "file_upload", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` pinned to mutable ref `@v2.0", "shortDescription": {"text": "Action `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` pinned to mutable ref `@v2.0.0`"}, "fullDescription": {"text": "`uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `alpine:3.18` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `alpine:3.18` not pinned by digest"}, "fullDescription": {"text": "`FROM alpine:3.18` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1000"}, "properties": {"repository": "kptdev/kpt", "repoUrl": "https://github.com/kptdev/kpt", "branch": "main"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 93747, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 93746, "scanner": "repobility-docker", "fingerprint": "b1ea521f84895408da9d4c29c788580e03d9ee0cbfd8876088d9c358e13e012a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b1ea521f84895408da9d4c29c788580e03d9ee0cbfd8876088d9c358e13e012a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "release/images/Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 93724, "scanner": "repobility-threat-engine", "fingerprint": "41c624a5fc5eaced8ed0fb05c35d54eaa17ceaf2b346abbca9bfb04554c5ddf2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.WriteFile(fileName, data, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|41c624a5fc5eaced8ed0fb05c35d54eaa17ceaf2b346abbca9bfb04554c5ddf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/alpha/wasm/pull/command.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `firebase-functions-test` is 3 major version(s) behind (^0.2.0 -> 3.5.0)"}, "properties": {"repobilityId": 93719, "scanner": "repobility-dependency-currency", "fingerprint": "a5448b8c42779b177c9ba7443133a291c5f9e1b036d6d845ca87072849e8d2c7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "firebase-functions-test", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.5.0", "correlation_key": "fp|a5448b8c42779b177c9ba7443133a291c5f9e1b036d6d845ca87072849e8d2c7", "current_version": "^0.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "firebase/functions/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `firebase-functions` is 4 major version(s) behind (^3.14.1 -> 7.2.5)"}, "properties": {"repobilityId": 93718, "scanner": "repobility-dependency-currency", "fingerprint": "e52b31308f5764e1258f01ec2e52cdae4ea7e96c4d3e6997d37ce85d42ffbb8d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "firebase-functions", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.5", "correlation_key": "fp|e52b31308f5764e1258f01ec2e52cdae4ea7e96c4d3e6997d37ce85d42ffbb8d", "current_version": "^3.14.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "firebase/functions/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `firebase-admin` is 4 major version(s) behind (^9.8.0 -> 13.10.0)"}, "properties": {"repobilityId": 93717, "scanner": "repobility-dependency-currency", "fingerprint": "f30d227f628dcc7ae42c71ef630f1c50bc298edb6ab2d46761e1d4902db94eba", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "firebase-admin", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "13.10.0", "correlation_key": "fp|f30d227f628dcc7ae42c71ef630f1c50bc298edb6ab2d46761e1d4902db94eba", "current_version": "^9.8.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "firebase/functions/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 93745, "scanner": "repobility-threat-engine", "fingerprint": "65e73ef08bd587af43b23777f997011229b33b747fc1f99001bb52327cc1cafd", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"https://github.com/kptdev/kpt/archive/\" + version + \".tar.gz\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|65e73ef08bd587af43b23777f997011229b33b747fc1f99001bb52327cc1cafd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "release/formula/main.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 93727, "scanner": "repobility-threat-engine", "fingerprint": "8b4f3d1b48259b09bec7d94422e4973217e76581591d60b604bac41b08581c07", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = c.RegisterFlagCompletionFunc(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b4f3d1b48259b09bec7d94422e4973217e76581591d60b604bac41b08581c07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/pkg/update/cmdupdate.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 93726, "scanner": "repobility-threat-engine", "fingerprint": "410bf1929971fd78b0183fc88952d0b254888cbc0a872effc17e534f4f99369e", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = c.RegisterFlagCompletionFunc(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|410bf1929971fd78b0183fc88952d0b254888cbc0a872effc17e534f4f99369e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/pkg/get/cmdget.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 93725, "scanner": "repobility-threat-engine", "fingerprint": "b5adb382cdc6a3409127ab264370f2748bd2a26e34974e620c96c3c342f4fc60", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = c.RegisterFlagCompletionFunc(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b5adb382cdc6a3409127ab264370f2748bd2a26e34974e620c96c3c342f4fc60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/fn/render/cmdrender.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `hugo-extended` is minor version(s) behind (^0.161.1 -> 0.162.1)"}, "properties": {"repobilityId": 93715, "scanner": "repobility-dependency-currency", "fingerprint": "b9871bd6fbe34f8d2b424e1a94269e9e48ccd37f0d22f68f6d9c826962a1c72b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "hugo-extended", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.162.1", "correlation_key": "fp|b9871bd6fbe34f8d2b424e1a94269e9e48ccd37f0d22f68f6d9c826962a1c72b", "current_version": "^0.161.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `autoprefixer` is minor version(s) behind (^10.4.21 -> 10.5.0)"}, "properties": {"repobilityId": 93714, "scanner": "repobility-dependency-currency", "fingerprint": "54c96a5a14f806a33683338d7da2ffadf01d8f5fd7262a0c94e7334246eb8a50", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "autoprefixer", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.5.0", "correlation_key": "fp|54c96a5a14f806a33683338d7da2ffadf01d8f5fd7262a0c94e7334246eb8a50", "current_version": "^10.4.21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93693, "scanner": "repobility-ai-code-hygiene", "fingerprint": "273733a79b2beacdffc8d0fc7794093769f9cd87e093dededd76cb6decbac8fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/lib/util/args/args.go", "duplicate_line": 37, "correlation_key": "fp|273733a79b2beacdffc8d0fc7794093769f9cd87e093dededd76cb6decbac8fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "thirdparty/cmdconfig/commands/runner/runner.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93692, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8433fe74b0a8b394507d66637fb806822900e8fa1b575c820050edb7f26c5095", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/lib/update/merge3/resource_matcher.go", "duplicate_line": 66, "correlation_key": "fp|8433fe74b0a8b394507d66637fb806822900e8fa1b575c820050edb7f26c5095"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/lib/util/addmergecomment/addmergecomment.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93691, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3954de3a36df7241ff033667a04c6733633301a1306f8a9f2923f7f413184e12", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/fn/runtime/imagepullpolicy.go", "duplicate_line": 2, "correlation_key": "fp|3954de3a36df7241ff033667a04c6733633301a1306f8a9f2923f7f413184e12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/lib/runneroptions/imagepullpolicy.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93690, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7cc0b08f4be221a6bb7683be3a4c864e76f3c46975cf7c3e7ad3bceee602749c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "commands/alpha/live/plan/command.go", "duplicate_line": 75, "correlation_key": "fp|7cc0b08f4be221a6bb7683be3a4c864e76f3c46975cf7c3e7ad3bceee602749c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/live/destroy/cmddestroy.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93689, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8791173248f5b9d70eb63b06b146423a7bfdd7610e89cdd4bfa4fd684a17905", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "commands/live/apply/cmdapply.go", "duplicate_line": 128, "correlation_key": "fp|b8791173248f5b9d70eb63b06b146423a7bfdd7610e89cdd4bfa4fd684a17905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/live/destroy/cmddestroy.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93688, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45cb220f21fd2b28367039f4f54cbe078bcb23dcbf71fb9c71b9bff92eb225d4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "commands/alpha/live/plan/command.go", "duplicate_line": 75, "correlation_key": "fp|45cb220f21fd2b28367039f4f54cbe078bcb23dcbf71fb9c71b9bff92eb225d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/live/apply/cmdapply.go"}, "region": {"startLine": 132}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93687, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aaef746790de9317449f8f827934d044e7cb653ccd98e18c596be8915f40e215", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "commands/alpha/wasm/pull/command.go", "duplicate_line": 24, "correlation_key": "fp|aaef746790de9317449f8f827934d044e7cb653ccd98e18c596be8915f40e215"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/alpha/wasm/push/command.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 93739, "scanner": "repobility-threat-engine", "fingerprint": "f59f8825f89258cb1d8b1fc06f52a10f3f3b261d5d4396b73470254051a0abc0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f59f8825f89258cb1d8b1fc06f52a10f3f3b261d5d4396b73470254051a0abc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/scripts/serve-with-pagefind.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 93738, "scanner": "repobility-threat-engine", "fingerprint": "12441116a7bdaf8cdb76e06244b420827ed95a6ebc1c2fe0c081f4b90aff9602", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12441116a7bdaf8cdb76e06244b420827ed95a6ebc1c2fe0c081f4b90aff9602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "demos/demo-magic/demo-magic.sh"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 93737, "scanner": "repobility-threat-engine", "fingerprint": "48b739a9fa0558510a36febe9f4875b0bfd5f165c1c45d54c4a64b2111fc2582", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|48b739a9fa0558510a36febe9f4875b0bfd5f165c1c45d54c4a64b2111fc2582", "aggregated_count": 4}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 93736, "scanner": "repobility-threat-engine", "fingerprint": "76c9f2c44a8001443745201981f2084ec35d2d62c9ace351975d6064b21b544f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76c9f2c44a8001443745201981f2084ec35d2d62c9ace351975d6064b21b544f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/fn/runtime/exec.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 93735, "scanner": "repobility-threat-engine", "fingerprint": "a206e76119a09a7b377fd48fca243fe34bf38fd8a33ee8c602202e4d279f930f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a206e76119a09a7b377fd48fca243fe34bf38fd8a33ee8c602202e4d279f930f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "main.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 93734, "scanner": "repobility-threat-engine", "fingerprint": "1972f84d9d2995035b65824d1d5aa350245e4f2ee2445693f62f278c7d3780fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1972f84d9d2995035b65824d1d5aa350245e4f2ee2445693f62f278c7d3780fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/util/factory.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 93733, "scanner": "repobility-threat-engine", "fingerprint": "b811b0437afa60639f9e815322ad663dd70882e80ae3bb985766ca637f3861f4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b811b0437afa60639f9e815322ad663dd70882e80ae3bb985766ca637f3861f4", "aggregated_count": 2}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 93728, "scanner": "repobility-threat-engine", "fingerprint": "ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6"}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 93723, "scanner": "repobility-threat-engine", "fingerprint": "85c4896443af68563c201765b60383810d346ee42e0660a82238ba53d71ba096", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|85c4896443af68563c201765b60383810d346ee42e0660a82238ba53d71ba096", "aggregated_count": 1}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 93722, "scanner": "repobility-threat-engine", "fingerprint": "9a00e4e3d94bc868d17e9b54a5f10624845a6ab2c9cdd96b87a1a39bc3a5b000", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a00e4e3d94bc868d17e9b54a5f10624845a6ab2c9cdd96b87a1a39bc3a5b000"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/live/planner/cluster.go"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 93721, "scanner": "repobility-threat-engine", "fingerprint": "cec4b6518668ab38e5b43f414aab8c91d0ef0f89ae59ec1317aad1b13da3978a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cec4b6518668ab38e5b43f414aab8c91d0ef0f89ae59ec1317aad1b13da3978a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/gitutil/errors.go"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 93720, "scanner": "repobility-threat-engine", "fingerprint": "076d85ffdb08edb8e5b26c1dd66bb9350afdcc5576d703238b1a2aabcd097bb1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|076d85ffdb08edb8e5b26c1dd66bb9350afdcc5576d703238b1a2aabcd097bb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/alpha/live/plan/command.go"}, "region": {"startLine": 170}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `postcss` is patch version(s) behind (^8.5.6 -> 8.5.15)"}, "properties": {"repobilityId": 93716, "scanner": "repobility-dependency-currency", "fingerprint": "d17bca6dfabdf9a43fd2c652e81cdaa1e683559ee92a40613f2cd5a2609298cb", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "postcss", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.5.15", "correlation_key": "fp|d17bca6dfabdf9a43fd2c652e81cdaa1e683559ee92a40613f2cd5a2609298cb", "current_version": "^8.5.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 93768, "scanner": "osv-scanner", "fingerprint": "52b38d2217ba544d07fcf6074d897f793500f7ed5b496dda7a0d04ab5ffb734e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 93767, "scanner": "osv-scanner", "fingerprint": "262f04f2add4f4f01f6fbf3cd8d6a4d02cacfa93e7d75d992e936363db2b165a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 93766, "scanner": "osv-scanner", "fingerprint": "36f553b54df36de71ed69d6f29b3b6a1ccd98ccb39a36618671f3a8451c29e37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 93765, "scanner": "osv-scanner", "fingerprint": "6537137973b8910afcc3795083447716b890e592b051015e92a52bfc1505455d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 93764, "scanner": "osv-scanner", "fingerprint": "f9803c6247306528db4be7f8104f03bc23251d2f8c7c45c61189681924626b68", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 93763, "scanner": "osv-scanner", "fingerprint": "8073d7e93e84a6bb48992cc58f1ada5b7e9e96a2b6c32459cd43a5240e90aed2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 93762, "scanner": "osv-scanner", "fingerprint": "2e066ac6464e289ef1e9de66187587fdce66c37e15eaf53423e36106685d88ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 93761, "scanner": "osv-scanner", "fingerprint": "50fcb1a91ac43de46d5d4e3e5b484fe6fd3043d9ce3ff0f72e8b4bd65f04ab9e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 93760, "scanner": "osv-scanner", "fingerprint": "8c2400c654b667c042eeb9bd3cd692f0d8e17ae1cb8303e0cd12dcd85fdd4302", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|healthcheck/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "healthcheck/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 93759, "scanner": "osv-scanner", "fingerprint": "a83e627c146ec5ae6354a209b08e46b90552fb3a55f244faf312d2b6a843ac55", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 93758, "scanner": "osv-scanner", "fingerprint": "26372ffc012a6e2f27ce548bd31a794161794f6db76480f81788e01849ca8dcf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 93757, "scanner": "osv-scanner", "fingerprint": "7541d4dba5fe7d349432ff80e6bd46b2c38dd49496f069ec8dc88c96fdceac42", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 93756, "scanner": "osv-scanner", "fingerprint": "f56f13f5fd0d02e616781fb4e263264064c55d496b56f34e2e697db0a1750dd6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 93755, "scanner": "osv-scanner", "fingerprint": "346c97831be09b89603f8819967a1caf39f8f572a2d5dc5925a9ae0a6b98856e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 93754, "scanner": "osv-scanner", "fingerprint": "796445bee725d6616761216b224cb420e85017321d01a56e43bf03efe210c5f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 93753, "scanner": "osv-scanner", "fingerprint": "acf4f4ae909e3489f7be9bc36808d846c836956d4a36bc26ba43890f213b1436", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 93752, "scanner": "osv-scanner", "fingerprint": "2a9be343e7c5c43785f4d36c5506f23f8b055fb0d461a84395ad634441be541a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 93751, "scanner": "osv-scanner", "fingerprint": "be62fe7df92442560f1a21cceb16f1ca23f3e9cbe2e00b9699b8ae286a0012ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 93750, "scanner": "osv-scanner", "fingerprint": "913e00ba3977e02a6a7d89d2765f64c814fc84b147cb11585ba50dbab2010115", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|documentation/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 93749, "scanner": "osv-scanner", "fingerprint": "d83c66d4dd99b5d9a986650f2c98b9c0ef84255c0b42b9a1840af4d499c6ec79", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|documentation/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 93748, "scanner": "osv-scanner", "fingerprint": "a47beb0e1b0e08757a4a04135f31f8b9d4f9447b632af9d878c0c1e65e71a6e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|documentation/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "documentation/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC032", "level": "error", "message": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs."}, "properties": {"repobilityId": 93744, "scanner": "repobility-threat-engine", "fingerprint": "3beaf9dd9697f5293e68139d40d28026030e0f86c564edb4d13d5c9c3f356b9c", "category": "file_upload", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Open(f.Filename)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC032", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3beaf9dd9697f5293e68139d40d28026030e0f86c564edb4d13d5c9c3f356b9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/fn/runtime/wasm.go"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 93743, "scanner": "repobility-threat-engine", "fingerprint": "d3d1f9bfede0987f848b6dbd7a7931fd3f3ec29ddcb238729ec73335d243081d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3d1f9bfede0987f848b6dbd7a7931fd3f3ec29ddcb238729ec73335d243081d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/fn/runtime/exec.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 93742, "scanner": "repobility-threat-engine", "fingerprint": "5ec6505a75a6f7e403bce68093f0926cd1a1d096efb40bc1a91ccfa3abbff56f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5ec6505a75a6f7e403bce68093f0926cd1a1d096efb40bc1a91ccfa3abbff56f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/fn/runtime/container_utils.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 93741, "scanner": "repobility-threat-engine", "fingerprint": "3a4e6022614054355790ec4e0f06d124edb1ed3dc205675c02cd7922ddd6290d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3a4e6022614054355790ec4e0f06d124edb1ed3dc205675c02cd7922ddd6290d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "release/formula/main.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 93740, "scanner": "repobility-threat-engine", "fingerprint": "f576bf25d965130a75ee2c475ba084b870bd18bbccd42f5b9999414cb6e2b1ac", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f576bf25d965130a75ee2c475ba084b870bd18bbccd42f5b9999414cb6e2b1ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/kptfile/v1/validation.go"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 93732, "scanner": "repobility-threat-engine", "fingerprint": "9defc4914e05767b3cfa72ae1b8d1c611c898011f7b5d84daff965e17e4841bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9defc4914e05767b3cfa72ae1b8d1c611c898011f7b5d84daff965e17e4841bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/kptfile/v1/validation.go"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 93731, "scanner": "repobility-threat-engine", "fingerprint": "f764fddfba697d6a52b611038bacf6231ad90c77f623f2e41b7c72627ca1b55f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f764fddfba697d6a52b611038bacf6231ad90c77f623f2e41b7c72627ca1b55f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/testutil/setup_manager.go"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 93730, "scanner": "repobility-threat-engine", "fingerprint": "39aaa5e23101435f05987e6c26a438f33a3bf51aec291206180c805832dcf9e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|39aaa5e23101435f05987e6c26a438f33a3bf51aec291206180c805832dcf9e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/pkg/get/cmdget.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 93729, "scanner": "repobility-threat-engine", "fingerprint": "037a65a390516f5a891ba65cc1c3a0903754793c6b5cb5ddd7e15c3936a78f30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|037a65a390516f5a891ba65cc1c3a0903754793c6b5cb5ddd7e15c3936a78f30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "commands/live/init/cmdliveinit.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` pinned to mutable ref `@v2.0.0`"}, "properties": {"repobilityId": 93713, "scanner": "repobility-supply-chain", "fingerprint": "4445fb45101de8406601e3008e9c1db29e33c5d06aa5ab7951f230111935a612", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4445fb45101de8406601e3008e9c1db29e33c5d06aa5ab7951f230111935a612"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `goreleaser/goreleaser-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93712, "scanner": "repobility-supply-chain", "fingerprint": "7d90dc575196171cc016f9550be32340a0e710560a57a8c477a997042118ce9c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d90dc575196171cc016f9550be32340a0e710560a57a8c477a997042118ce9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93711, "scanner": "repobility-supply-chain", "fingerprint": "10bdc206da5d178b36d94470e7c83aa1028501d164b5e7cfbbfbc27dc93f58e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10bdc206da5d178b36d94470e7c83aa1028501d164b5e7cfbbfbc27dc93f58e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93710, "scanner": "repobility-supply-chain", "fingerprint": "e3b5283245e441820e10f0540f77337471b9fbc23eaee29a7cfb696886711d08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3b5283245e441820e10f0540f77337471b9fbc23eaee29a7cfb696886711d08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93709, "scanner": "repobility-supply-chain", "fingerprint": "4d9226b2314ec7900b06cb7925ecd2bb8f142928f7f4717c68573a4eae513036", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d9226b2314ec7900b06cb7925ecd2bb8f142928f7f4717c68573a4eae513036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verifyContent.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93708, "scanner": "repobility-supply-chain", "fingerprint": "1fb122f66d8cb3c61915b1aff8a02360be253bebe1dcf93ad042df3af691b993", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1fb122f66d8cb3c61915b1aff8a02360be253bebe1dcf93ad042df3af691b993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verifyContent.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `engineerd/setup-kind` pinned to mutable ref `@v0.6.2`"}, "properties": {"repobilityId": 93707, "scanner": "repobility-supply-chain", "fingerprint": "870af5ce5c4aba83d98c26feaa29b25158bc5f989de3f2a9e0f67a04f99ad836", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|870af5ce5c4aba83d98c26feaa29b25158bc5f989de3f2a9e0f67a04f99ad836"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/e2eEnvironment.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93706, "scanner": "repobility-supply-chain", "fingerprint": "c83853869add4cb2b33bdaf95fa75dddc53ccd70c3f0b08594737906826566bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c83853869add4cb2b33bdaf95fa75dddc53ccd70c3f0b08594737906826566bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/e2eEnvironment.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93705, "scanner": "repobility-supply-chain", "fingerprint": "4b8da8c3808f578172cf372d364393a37a9751bb59ef7b88014a97099c705e43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b8da8c3808f578172cf372d364393a37a9751bb59ef7b88014a97099c705e43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/e2eEnvironment.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93704, "scanner": "repobility-supply-chain", "fingerprint": "e78b448c36d6bb8fcc3c4b2191800948cc1c2eaa058018e2c2e106be765fb4d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e78b448c36d6bb8fcc3c4b2191800948cc1c2eaa058018e2c2e106be765fb4d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93703, "scanner": "repobility-supply-chain", "fingerprint": "cea8428471a1e39cab76e5778f096aebbcafc4cf6b2144c30981bca8da7d74cb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cea8428471a1e39cab76e5778f096aebbcafc4cf6b2144c30981bca8da7d74cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93702, "scanner": "repobility-supply-chain", "fingerprint": "4c84af23b9bad24092a9cc93c48026316239fb1fdc133cea6921f6bc5b19da8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c84af23b9bad24092a9cc93c48026316239fb1fdc133cea6921f6bc5b19da8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93701, "scanner": "repobility-supply-chain", "fingerprint": "9eec7ef4da0a05db829ba29310f9450a7687754bbb294c57cbe7e4baa279d320", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9eec7ef4da0a05db829ba29310f9450a7687754bbb294c57cbe7e4baa279d320"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `engineerd/setup-kind` pinned to mutable ref `@v0.6.2`"}, "properties": {"repobilityId": 93700, "scanner": "repobility-supply-chain", "fingerprint": "110abc51fffb15c13751cff868aedd26c6408d1147e7234665a8491477ebdbf0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|110abc51fffb15c13751cff868aedd26c6408d1147e7234665a8491477ebdbf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/live-e2e.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93699, "scanner": "repobility-supply-chain", "fingerprint": "61633367efa87ba7d76dab67e8c8104e68845e911c81b581553130eb48958ad8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61633367efa87ba7d76dab67e8c8104e68845e911c81b581553130eb48958ad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/live-e2e.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93698, "scanner": "repobility-supply-chain", "fingerprint": "82ece9e852620afb5bee9979dc4846d9c6c5bf41ed3374582800786ddd92023b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82ece9e852620afb5bee9979dc4846d9c6c5bf41ed3374582800786ddd92023b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/live-e2e.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93697, "scanner": "repobility-supply-chain", "fingerprint": "6d0b95d50e0f6f3a3c41bd5ff49cf24e28df2bc2f72e8c2176c416e9e617652c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d0b95d50e0f6f3a3c41bd5ff49cf24e28df2bc2f72e8c2176c416e9e617652c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/live-e2e.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 93696, "scanner": "repobility-supply-chain", "fingerprint": "c1fd2e0a0df783b101e1d6250630ba5f5603ce4940da108101d9a6d700eaed25", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c1fd2e0a0df783b101e1d6250630ba5f5603ce4940da108101d9a6d700eaed25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verifyDocumentation.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 93695, "scanner": "repobility-supply-chain", "fingerprint": "dc27a5283c0f077dbbef27482bc2e9a679ad3aadcf04798e2b964c6c92014bc3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc27a5283c0f077dbbef27482bc2e9a679ad3aadcf04798e2b964c6c92014bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verifyDocumentation.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `alpine:3.18` not pinned by digest"}, "properties": {"repobilityId": 93694, "scanner": "repobility-supply-chain", "fingerprint": "28a1ac35e1a30eb0f41325710aa1c3f4cb2f3cba01b65b1ae6e38eb68b17514a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28a1ac35e1a30eb0f41325710aa1c3f4cb2f3cba01b65b1ae6e38eb68b17514a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "release/images/Dockerfile"}, "region": {"startLine": 14}}}]}]}]}