{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `update` has cognitive complexity 17 (SonarSource scale). Cognitive comple", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `update` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all we"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `remove_nsfw_sites` (list)", "shortDescription": {"text": "Mutable default argument in `remove_nsfw_sites` (list)"}, "fullDescription": {"text": "`def remove_nsfw_sites(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_README", "name": "No README file found", "shortDescription": {"text": "No README file found"}, "fullDescription": {"text": "Create a README.md with: project name and description, installation instructions, usage examples, configuration options, and contribution guidelines."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `sherlock/sherlock (no tag)` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `sherlock/sherlock (no tag)` not pinned by digest"}, "fullDescription": {"text": "`FROM sherlock/sherlock (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_no_usernames_provided", "shortDescription": {"text": "Phantom test coverage: test_no_usernames_provided"}, "fullDescription": {"text": "Test function `test_no_usernames_provided` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.result` used but never assigned in __init__", "shortDescription": {"text": "`self.result` used but never assigned in __init__"}, "fullDescription": {"text": "Method `__str__` of class `QueryNotifyPrint` reads `self.result`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "curl-auth-header", "name": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed r", "shortDescription": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/797"}, "properties": {"repository": "sherlock-project/sherlock", "repoUrl": "https://github.com/sherlock-project/sherlock", "branch": "master"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 67874, "scanner": "repobility-docker", "fingerprint": "b228f79b4485823052d80f718266efce3dac1331c8dd87bedbbb561ba08b541d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim-bullseye", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b228f79b4485823052d80f718266efce3dac1331c8dd87bedbbb561ba08b541d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 67872, "scanner": "repobility-docker", "fingerprint": "f298447d5bc5e520cbded412bc84068d45787901883e7e002d9ffd7338ece6c0", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "sherlock/sherlock", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f298447d5bc5e520cbded412bc84068d45787901883e7e002d9ffd7338ece6c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 67865, "scanner": "repobility-docker", "fingerprint": "1bc45417d9c4c6df458f922a6f9d90de98857b972f2db0d0d8e170e5e070c522", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "sherlock/sherlock", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1bc45417d9c4c6df458f922a6f9d90de98857b972f2db0d0d8e170e5e070c522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `update` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=4, else=1, if=7, nested_bonus=5."}, "properties": {"repobilityId": 67858, "scanner": "repobility-threat-engine", "fingerprint": "84ed196f8e148cc97a83d41979d86ff351a11f80ba4b16ce8472fd5054063c0a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update", "breakdown": {"if": 7, "elif": 4, "else": 1, "nested_bonus": 5}, "complexity": 17, "correlation_key": "fp|84ed196f8e148cc97a83d41979d86ff351a11f80ba4b16ce8472fd5054063c0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `summarize_junit_xml` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=2, elif=1, for=2, if=6, nested_bonus=8, ternary=2."}, "properties": {"repobilityId": 67857, "scanner": "repobility-threat-engine", "fingerprint": "2a31fa25bf66a10b1e68565289139428d51c1549f2b4bbd4448a5d2235554afc", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "summarize_junit_xml", "breakdown": {"if": 6, "and": 2, "for": 2, "elif": 1, "ternary": 2, "nested_bonus": 8}, "complexity": 21, "correlation_key": "fp|2a31fa25bf66a10b1e68565289139428d51c1549f2b4bbd4448a5d2235554afc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "devel/summarize_site_validation.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 67856, "scanner": "repobility-agent-runtime", "fingerprint": "cd949363f570d584b7e44e11246a28fc687199db6f9d915568eb14a3e4d13e08", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|cd949363f570d584b7e44e11246a28fc687199db6f9d915568eb14a3e4d13e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/resources/data.json"}, "region": {"startLine": 1485}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 67833, "scanner": "repobility-ast-engine", "fingerprint": "b7fe4fc2628b1d20077dd085f746f43b7675f4b39e495c3b5837dcdfd87c1a0b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7fe4fc2628b1d20077dd085f746f43b7675f4b39e495c3b5837dcdfd87c1a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sherlock.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 67832, "scanner": "repobility-ast-engine", "fingerprint": "166183bfeab1f9fa241121dadecd69f8c26f65ff3d97c6695f62b3f52042aeba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|166183bfeab1f9fa241121dadecd69f8c26f65ff3d97c6695f62b3f52042aeba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sherlock.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 67831, "scanner": "repobility-ast-engine", "fingerprint": "85e5c9bd8e6c8fdba20d505312b2cf86abac8ee0754cd320f3a1afb568bf6dc5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85e5c9bd8e6c8fdba20d505312b2cf86abac8ee0754cd320f3a1afb568bf6dc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sherlock.py"}, "region": {"startLine": 768}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 67830, "scanner": "repobility-ast-engine", "fingerprint": "a18efee6e8ca5ecd28d7691897a440b98e16fc602d16ddef8cbe3e8f802fb266", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a18efee6e8ca5ecd28d7691897a440b98e16fc602d16ddef8cbe3e8f802fb266"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sherlock.py"}, "region": {"startLine": 714}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 67813, "scanner": "repobility-ast-engine", "fingerprint": "ffc14fbe4f8af6c24e23215552869c9b693eb3807d3d637bad209c7bdfaa772e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffc14fbe4f8af6c24e23215552869c9b693eb3807d3d637bad209c7bdfaa772e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `remove_nsfw_sites` (list)"}, "properties": {"repobilityId": 67812, "scanner": "repobility-ast-engine", "fingerprint": "9a4809e569eb6f5c00d95601189ebf24964bc6327fd1da87c7d3ca2deb100fae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a4809e569eb6f5c00d95601189ebf24964bc6327fd1da87c7d3ca2deb100fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 67811, "scanner": "repobility-ast-engine", "fingerprint": "33b1e7059249b4d0e8d6417820ca28f428149e55e6be89918cd5e2a5f62a8821", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33b1e7059249b4d0e8d6417820ca28f428149e55e6be89918cd5e2a5f62a8821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "CORE_NO_README", "level": "warning", "message": {"text": "No README file found"}, "properties": {"repobilityId": 67810, "scanner": "repobility-core", "fingerprint": "b55c73163757fe6b2364bb829fcd26e87b9d9e7b367dd2a3307a814b02b29cbd", "category": "documentation", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_README", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_readme"}}}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 67873, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 67871, "scanner": "repobility-docker", "fingerprint": "3752e023ef00b98f0573cdb8f0c9272e899e5a2c0decee90aa384eb616bb2bd4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3752e023ef00b98f0573cdb8f0c9272e899e5a2c0decee90aa384eb616bb2bd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 67870, "scanner": "repobility-docker", "fingerprint": "bd8e7cd728087048d3c4690c878f44f3ed717dd17e36f751527dc2eb0bbdde4d", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bd8e7cd728087048d3c4690c878f44f3ed717dd17e36f751527dc2eb0bbdde4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 67869, "scanner": "repobility-docker", "fingerprint": "b5b6947119e0aacd6decd73cb45efcf97c195214d149271aec179f3f7988db96", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b5b6947119e0aacd6decd73cb45efcf97c195214d149271aec179f3f7988db96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 67868, "scanner": "repobility-docker", "fingerprint": "74ee689582f70d84027f9f42343e019b13dcec7f7ee443ec17c15f5d0923286b", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|74ee689582f70d84027f9f42343e019b13dcec7f7ee443ec17c15f5d0923286b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 67867, "scanner": "repobility-docker", "fingerprint": "176e837781aa0da94116a70666159db6f6f4995373a067bd5d954edb7166dff5", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|176e837781aa0da94116a70666159db6f6f4995373a067bd5d954edb7166dff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 67866, "scanner": "repobility-docker", "fingerprint": "5d585aefab07f10155a4c28591bcc390d74612f29ddccf6b66577bcb60143bcd", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5d585aefab07f10155a4c28591bcc390d74612f29ddccf6b66577bcb60143bcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 67864, "scanner": "repobility-threat-engine", "fingerprint": "9fd0657ce6873c0e99eb68eb75f1067d184d1537d36300b62caa3a37147c71f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9fd0657ce6873c0e99eb68eb75f1067d184d1537d36300b62caa3a37147c71f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 67863, "scanner": "repobility-threat-engine", "fingerprint": "261cdf1ecfc1ae94efda4081cf891956848165d8676101c6732fbd62e50a0340", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|261cdf1ecfc1ae94efda4081cf891956848165d8676101c6732fbd62e50a0340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 67861, "scanner": "repobility-threat-engine", "fingerprint": "a547daf2f148d975f81dcbd6b891d62f5b655bb6c7ba3091598455b1c92f62ab", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|a547daf2f148d975f81dcbd6b891d62f5b655bb6c7ba3091598455b1c92f62ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 67862, "scanner": "repobility-threat-engine", "fingerprint": "4f9b079af49a2f3067169a52ee80b123e32e5e64c2639fa15377fa50e915acb8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f9b079af49a2f3067169a52ee80b123e32e5e64c2639fa15377fa50e915acb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 67860, "scanner": "repobility-threat-engine", "fingerprint": "aeaa53c80d7788018f332c56c021bde3693f0da2d6b139b01b4528e8377ec961", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(url=EXCLUSIONS_URL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aeaa53c80d7788018f332c56c021bde3693f0da2d6b139b01b4528e8377ec961"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `__init__` has cognitive complexity 37 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=8, for=3, if=6, nested_bonus=19."}, "properties": {"repobilityId": 67859, "scanner": "repobility-threat-engine", "fingerprint": "84de207b28862b4af0f7eda38040a615000d08db8f38bc56753e4ffc7e113b64", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 37 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "__init__", "breakdown": {"if": 6, "for": 3, "else": 1, "except": 8, "nested_bonus": 19}, "complexity": 37, "correlation_key": "fp|84de207b28862b4af0f7eda38040a615000d08db8f38bc56753e4ffc7e113b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/sites.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67855, "scanner": "repobility-supply-chain", "fingerprint": "0eabb6cacd2fd98fb59d60e116aa1859c708f2716f8efa44ae477760a724ff9d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0eabb6cacd2fd98fb59d60e116aa1859c708f2716f8efa44ae477760a724ff9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/regression.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67854, "scanner": "repobility-supply-chain", "fingerprint": "34d4b0e3fbeb24c13ec2accb7a1eab1d55817602df1b5ea5673c83ee979b3138", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34d4b0e3fbeb24c13ec2accb7a1eab1d55817602df1b5ea5673c83ee979b3138"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/regression.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67853, "scanner": "repobility-supply-chain", "fingerprint": "9c95cbedfc2ac9a60e196c6df37d462383b84ea1b56d3cebfab49c4b5109a8d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c95cbedfc2ac9a60e196c6df37d462383b84ea1b56d3cebfab49c4b5109a8d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/regression.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67852, "scanner": "repobility-supply-chain", "fingerprint": "28e1f35f9fb66e551e5a7712aa4ae234af7f0de612fcd1a66d14486c8d2a2187", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28e1f35f9fb66e551e5a7712aa4ae234af7f0de612fcd1a66d14486c8d2a2187"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/regression.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67851, "scanner": "repobility-supply-chain", "fingerprint": "3535171e1a648292bbe1bd6290a219898f6544263a28b78dc4d41bbe3b2b826b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3535171e1a648292bbe1bd6290a219898f6544263a28b78dc4d41bbe3b2b826b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/regression.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `abatilo/actions-poetry` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 67850, "scanner": "repobility-supply-chain", "fingerprint": "9a27541accc6f05c112f2d3ca17c23f070fea28c8388bfd2c58e568813991869", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a27541accc6f05c112f2d3ca17c23f070fea28c8388bfd2c58e568813991869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/exclusions.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67849, "scanner": "repobility-supply-chain", "fingerprint": "052c168e42c65fbac2c56eda0dfa97d9cbab95878030d937636d30d07dba9dc7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|052c168e42c65fbac2c56eda0dfa97d9cbab95878030d937636d30d07dba9dc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/exclusions.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 67848, "scanner": "repobility-supply-chain", "fingerprint": "f328031c70d4ebc193b03d939b86ace6971539199f7e7d1fe8144f37a85e0471", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f328031c70d4ebc193b03d939b86ace6971539199f7e7d1fe8144f37a85e0471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/exclusions.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `sdushantha/github-action-push-to-another-repository` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 67847, "scanner": "repobility-supply-chain", "fingerprint": "5c34938b38768f102a42a1277fa720e836cbfadb62e091f9c3478b52700b6456", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5c34938b38768f102a42a1277fa720e836cbfadb62e091f9c3478b52700b6456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-site-list.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 67846, "scanner": "repobility-supply-chain", "fingerprint": "24518e2b1e3f7176e798f7d14ca68834db40798a70e6160eb2f831cb65fcccca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24518e2b1e3f7176e798f7d14ca68834db40798a70e6160eb2f831cb65fcccca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-site-list.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 67845, "scanner": "repobility-supply-chain", "fingerprint": "3b9982086c7f0625f2241d0cd04e6c2a9715bfbfd3d58fd0f1bb0789e38aead8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b9982086c7f0625f2241d0cd04e6c2a9715bfbfd3d58fd0f1bb0789e38aead8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-site-list.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 67844, "scanner": "repobility-supply-chain", "fingerprint": "ede312db510a8b8690f10c31d4b8c7d1588665dc121453bd3cb3db8bf228e84a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ede312db510a8b8690f10c31d4b8c7d1588665dc121453bd3cb3db8bf228e84a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_modified_targets.yml"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `abatilo/actions-poetry` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 67843, "scanner": "repobility-supply-chain", "fingerprint": "b44ba16629bd26378d4d93052c8e09f75201eb33d106d845349267adec389a9e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b44ba16629bd26378d4d93052c8e09f75201eb33d106d845349267adec389a9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_modified_targets.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 67842, "scanner": "repobility-supply-chain", "fingerprint": "08638ab10605931a2d61df9369b2548bd8af871c63735776df5b57376ff97755", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|08638ab10605931a2d61df9369b2548bd8af871c63735776df5b57376ff97755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_modified_targets.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 67841, "scanner": "repobility-supply-chain", "fingerprint": "0450bb7644eacc45d46e930a7176b0a9450e061facb4d794da85f600bbd71945", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0450bb7644eacc45d46e930a7176b0a9450e061facb4d794da85f600bbd71945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_modified_targets.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `sherlock/sherlock (no tag)` not pinned by digest"}, "properties": {"repobilityId": 67840, "scanner": "repobility-supply-chain", "fingerprint": "b3f0a7a1512905e2dd87fc41f97eecf6623e0d9f51b65f9566b08efe4ac9ea39", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3f0a7a1512905e2dd87fc41f97eecf6623e0d9f51b65f9566b08efe4ac9ea39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12-slim-bullseye` not pinned by digest"}, "properties": {"repobilityId": 67839, "scanner": "repobility-supply-chain", "fingerprint": "f39e607e768e5e27f1ad12f162c5d4705665ed4f95785f9bba10298d1063cda3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f39e607e768e5e27f1ad12f162c5d4705665ed4f95785f9bba10298d1063cda3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12-slim-bullseye` not pinned by digest"}, "properties": {"repobilityId": 67838, "scanner": "repobility-supply-chain", "fingerprint": "1392eb350d619e6bc08413364b070bf3df18c37e7ee3f72544b20fa7238354e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1392eb350d619e6bc08413364b070bf3df18c37e7ee3f72544b20fa7238354e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_usernames_provided"}, "properties": {"repobilityId": 67837, "scanner": "repobility-ast-engine", "fingerprint": "ea805caafd378daa71c7716cac956daf717e7408093f66a7e4b00b46ffb30d1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea805caafd378daa71c7716cac956daf717e7408093f66a7e4b00b46ffb30d1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_ux.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_username_via_message"}, "properties": {"repobilityId": 67836, "scanner": "repobility-ast-engine", "fingerprint": "c61ae5cfff34eae335d3ecb6ec8781ba65f5e91ed6df18ccb80768c991b42797", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c61ae5cfff34eae335d3ecb6ec8781ba65f5e91ed6df18ccb80768c991b42797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/few_test_basic.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_manifest_against_remote_schema"}, "properties": {"repobilityId": 67835, "scanner": "repobility-ast-engine", "fingerprint": "712a7019b2bc245551e23b1cf304464542f6cc8c26c16253fc9e6beaa0042bb7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|712a7019b2bc245551e23b1cf304464542f6cc8c26c16253fc9e6beaa0042bb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_manifest.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validate_manifest_against_local_schema"}, "properties": {"repobilityId": 67834, "scanner": "repobility-ast-engine", "fingerprint": "c95b5abe7eb8388fb605fd8c5ba36925eafcba50372f4b82bb7f0825a2808a04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c95b5abe7eb8388fb605fd8c5ba36925eafcba50372f4b82bb7f0825a2808a04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_manifest.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67829, "scanner": "repobility-ast-engine", "fingerprint": "eef95f7ddb950b2aa8fdc4e28cbc62704451c71f288b9251ae58ed263fb1cfac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eef95f7ddb950b2aa8fdc4e28cbc62704451c71f288b9251ae58ed263fb1cfac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.countResults` used but never assigned in __init__"}, "properties": {"repobilityId": 67828, "scanner": "repobility-ast-engine", "fingerprint": "94ae553d76dd66800fe0633603cde9838bf2c7ae5bc9c830c347b9d64e994a8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94ae553d76dd66800fe0633603cde9838bf2c7ae5bc9c830c347b9d64e994a8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67827, "scanner": "repobility-ast-engine", "fingerprint": "0050c266345a489272278978deae17fa490ae8b51023c9e3e31e0fc1fcdebdc5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0050c266345a489272278978deae17fa490ae8b51023c9e3e31e0fc1fcdebdc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67826, "scanner": "repobility-ast-engine", "fingerprint": "efe1502ce0f1c75b33a4b28a442ca17f251a842199388aba770d642524c7257b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efe1502ce0f1c75b33a4b28a442ca17f251a842199388aba770d642524c7257b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67825, "scanner": "repobility-ast-engine", "fingerprint": "7f5a961e2f68366ddb0101cbb2a2ebf9bf3a24c87f94bd6699f9fb8528a3e27e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f5a961e2f68366ddb0101cbb2a2ebf9bf3a24c87f94bd6699f9fb8528a3e27e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67824, "scanner": "repobility-ast-engine", "fingerprint": "a52249e718c2fc4cacb8fa921f4b7ecee0f783e3bc1e0a88ae1975b79bb32cf1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a52249e718c2fc4cacb8fa921f4b7ecee0f783e3bc1e0a88ae1975b79bb32cf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67823, "scanner": "repobility-ast-engine", "fingerprint": "2488a9fbf940f8437ebfaa57e5ba6ce46167df316ffe57b1c3012f5c9b022f32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2488a9fbf940f8437ebfaa57e5ba6ce46167df316ffe57b1c3012f5c9b022f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67822, "scanner": "repobility-ast-engine", "fingerprint": "5d919757f0b005d6865f6ac62900c4ff4bcefa1125bd1488f260fc0a3d6ea09c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d919757f0b005d6865f6ac62900c4ff4bcefa1125bd1488f260fc0a3d6ea09c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67821, "scanner": "repobility-ast-engine", "fingerprint": "892925ff6a2a55fc5a0ac85a86e78b96f6fa66a095a09ffee86752d5ce45eb6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|892925ff6a2a55fc5a0ac85a86e78b96f6fa66a095a09ffee86752d5ce45eb6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67820, "scanner": "repobility-ast-engine", "fingerprint": "1011e185971684fcf01bc93bba96c3f9d91efab7105aa0c8890a7cc0fe0056f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1011e185971684fcf01bc93bba96c3f9d91efab7105aa0c8890a7cc0fe0056f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67819, "scanner": "repobility-ast-engine", "fingerprint": "ec76e5663e188306419c929a518344c78e24cbbab7e1fa04faeed30506bdc750", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec76e5663e188306419c929a518344c78e24cbbab7e1fa04faeed30506bdc750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67818, "scanner": "repobility-ast-engine", "fingerprint": "f74a2d581480c2d4c4c9a2693c4c1f7db85e9a84554ee5c6379a858f8f03c64c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f74a2d581480c2d4c4c9a2693c4c1f7db85e9a84554ee5c6379a858f8f03c64c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67817, "scanner": "repobility-ast-engine", "fingerprint": "e885fffe5e0ea21fafacf37c73d4208a682152449c8762b81cab6a8f1221bd64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e885fffe5e0ea21fafacf37c73d4208a682152449c8762b81cab6a8f1221bd64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.countResults` used but never assigned in __init__"}, "properties": {"repobilityId": 67816, "scanner": "repobility-ast-engine", "fingerprint": "2b0436ae29e17fd279dd0ba015da26c6fd391cc62a4e9e69deaa0e17dfdfaca1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b0436ae29e17fd279dd0ba015da26c6fd391cc62a4e9e69deaa0e17dfdfaca1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.result` used but never assigned in __init__"}, "properties": {"repobilityId": 67815, "scanner": "repobility-ast-engine", "fingerprint": "7768960a64fad1c1f6b691a72642f35ea966163a11ad07b61c99726793021f55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7768960a64fad1c1f6b691a72642f35ea966163a11ad07b61c99726793021f55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/notify.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 67814, "scanner": "repobility-ast-engine", "fingerprint": "cf335699a31783c97980687d0f2b37af4116f5cc9755823251b5a1a50480c945", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf335699a31783c97980687d0f2b37af4116f5cc9755823251b5a1a50480c945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sherlock_project/result.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 67875, "scanner": "gitleaks", "fingerprint": "2cfa6784ce70e37e1598909d5f892f20f528a9cd9f44c868d519ec01ec3b4254", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl --request POST \\\n  --url \"https://api.apify.com/v2/acts/YOUR_USERNAME~sherlock/run\" \\\n  --header 'Content-Type: application/json' \\\n  --header 'Authorization: Bearer <redacted>'", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|.actor/readme.md|3|curl --request post --url token sherlock/run --header content-type: application/json --header authorization: bearer reda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".actor/README.md"}, "region": {"startLine": 31}}}]}]}]}