{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED115", "name": "Action `ruby/setup-ruby` pinned to mutable ref `@v1`", "shortDescription": {"text": "Action `ruby/setup-ruby` pinned to mutable ref `@v1`"}, "fullDescription": {"text": "`uses: ruby/setup-ruby@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/955"}, "properties": {"repository": "dkhamsing/open-source-ios-apps", "repoUrl": "https://github.com/dkhamsing/open-source-ios-apps", "branch": "master"}, "results": [{"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ruby/setup-ruby` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 89686, "scanner": "repobility-supply-chain", "fingerprint": "39294763d459e778df8f961d9803cbc2c4c395dd7931b459cb13749b8379e841", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39294763d459e778df8f961d9803cbc2c4c395dd7931b459cb13749b8379e841"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ruby.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 89685, "scanner": "repobility-supply-chain", "fingerprint": "3131cdcfa0ca115bc9a26e619a8d99408baa86923f2f6a805f43ce5869804b71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3131cdcfa0ca115bc9a26e619a8d99408baa86923f2f6a805f43ce5869804b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ruby.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 89684, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 89688, "scanner": "gitleaks", "fingerprint": "3c1056f2d6110a607b0e04efe30875393c754425f45bcc4e78a70e187db35a56", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "consumer_secret\" =<redacted> \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|.github/osia_tweet_clean.rb|1|consumer_secret redacted redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/osia_tweet_clean.rb"}, "region": {"startLine": 5}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 89687, "scanner": "gitleaks", "fingerprint": "96cac63579df4d393da8c7ad85a19cfc6de189fa1ad376c2c1f5aabeb4d07746", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "consumer_key\" => \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|.github/osia_tweet_clean.rb|1|consumer_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/osia_tweet_clean.rb"}, "region": {"startLine": 4}}}]}]}]}