{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Database exports and local database files can contain production data, credentials, or large binary payloads that slow Docker builds and can be copied into images by broad COPY instructions."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 24 more): Same pattern found in 24 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 35 more): Same pattern found in 35 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 85 more): Same pattern found in 85 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 85 more): Same pattern found in 85 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5030", "name": "golang.org/x/net: GO-2026-5030", "shortDescription": {"text": "golang.org/x/net: GO-2026-5030"}, "fullDescription": {"text": "Invoking duplicate attributes can cause XSS in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5029", "name": "golang.org/x/net: GO-2026-5029", "shortDescription": {"text": "golang.org/x/net: GO-2026-5029"}, "fullDescription": {"text": "Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5028", "name": "golang.org/x/net: GO-2026-5028", "shortDescription": {"text": "golang.org/x/net: GO-2026-5028"}, "fullDescription": {"text": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5027", "name": "golang.org/x/net: GO-2026-5027", "shortDescription": {"text": "golang.org/x/net: GO-2026-5027"}, "fullDescription": {"text": "Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5026", "name": "golang.org/x/net: GO-2026-5026", "shortDescription": {"text": "golang.org/x/net: GO-2026-5026"}, "fullDescription": {"text": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5025", "name": "golang.org/x/net: GO-2026-5025", "shortDescription": {"text": "golang.org/x/net: GO-2026-5025"}, "fullDescription": {"text": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5032", "name": "golang.org/x/image: GO-2026-5032", "shortDescription": {"text": "golang.org/x/image: GO-2026-5032"}, "fullDescription": {"text": "Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5031", "name": "golang.org/x/image: GO-2026-5031", "shortDescription": {"text": "golang.org/x/image: GO-2026-5031"}, "fullDescription": {"text": "Panic when reading out of bound palette index in golang.org/x/image/bmp"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC090", "name": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/k", "shortDescription": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "fullDescription": {"text": "import `crypto/rand` and use `rand.Read(buf)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:24.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:24.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `(` \u2014 points to a LOCAL path", "shortDescription": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "fullDescription": {"text": "`replace ( => ../../api` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED125", "name": "GHA script injection via github.event.pull_request.head.ref in run-step", "shortDescription": {"text": "GHA script injection via github.event.pull_request.head.ref in run-step"}, "fullDescription": {"text": "Multi-line `run: |` block interpolates ${{ github.event.pull_request.head.ref }} into shell. PR title/body/branch/comment fields are attacker-controllable."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/943"}, "properties": {"repository": "etcd-io/etcd", "repoUrl": "https://github.com/etcd-io/etcd", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 88550, "scanner": "repobility-docker", "fingerprint": "a50f24d651bf25168304bbbe633c4567d0b3ddcbfa78a0446e9e3fb5df39b22b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/devcontainers/go:dev-1.25-bookworm@sha256:c9a8c52ad9c962655ef43c9e333954b2a4d22c18b184479cefec2833ae02b92e", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a50f24d651bf25168304bbbe633c4567d0b3ddcbfa78a0446e9e3fb5df39b22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/container-images/devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 88549, "scanner": "repobility-docker", "fingerprint": "ae2a324b6106796f46b68ebc7d3b277c2ab862ee43dbb67b2fa7f9b49ed7111b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ae2a324b6106796f46b68ebc7d3b277c2ab862ee43dbb67b2fa7f9b49ed7111b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/test-template/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 88546, "scanner": "repobility-docker", "fingerprint": "78a12569669b1033c37f9bf3e1ef565a0f16aff774c3bc7aa9f25a2d4640395f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|78a12569669b1033c37f9bf3e1ef565a0f16aff774c3bc7aa9f25a2d4640395f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/server/Dockerfile"}, "region": {"startLine": 68}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 88543, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 88542, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "tests/integration/snapshot/testdata/corrupted_backup.db", "size_mb": 0.1}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 88535, "scanner": "repobility-threat-engine", "fingerprint": "d9d8066503aa8586f6e7b865dc1f5fa7d5d30c34b95c455a2c0b2aebc517340a", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(w, string(b))\n}\n\nfunc printJSON(v any) {\n\tprintJSONTo(os.Stdout, v)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d9d8066503aa8586f6e7b865dc1f5fa7d5d30c34b95c455a2c0b2aebc517340a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/ctlv3/command/printer_json.go"}, "region": {"startLine": 96}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 88540, "scanner": "repobility-threat-engine", "fingerprint": "5db4d0181738afab40f68939cbe0930834410d30513ab15a8fa77efebd0c9a6d", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = schema.ReadConsistentIndex(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5db4d0181738afab40f68939cbe0930834410d30513ab15a8fa77efebd0c9a6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/storage/backend.go"}, "region": {"startLine": 105}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 88539, "scanner": "repobility-threat-engine", "fingerprint": "a367bd66622327255c36470180d6ea46e17e5ea991d36c8087a31487facf77c3", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = io.Copy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a367bd66622327255c36470180d6ea46e17e5ea991d36c8087a31487facf77c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/etcdserver/api/v3lock/v3lockpb/gw/v3lock.pb.gw.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 88492, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18ddf75db9d7fbe2c7cafeee61de06aece9cc596aa9564897b7785a879f24b2f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/etcdserver/api/v3election/v3electionpb/gw/v3election.pb.gw.go", "duplicate_line": 8, "correlation_key": "fp|18ddf75db9d7fbe2c7cafeee61de06aece9cc596aa9564897b7785a879f24b2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/etcdserver/api/v3lock/v3lockpb/gw/v3lock.pb.gw.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 88491, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3577f37c4c130d6f4b200822c7febfc08f28fad3a6747f3a5eef2c8d30ec71c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "etcdctl/ctlv3/command/completion_command.go", "duplicate_line": 24, "correlation_key": "fp|a3577f37c4c130d6f4b200822c7febfc08f28fad3a6747f3a5eef2c8d30ec71c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/etcdutl/completion_commmand.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 88490, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6bba08e605c43934f550d9b28b7544244fa65d8dc332fedc959c7b99883baf3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "client/v3/experimental/recipes/priority_queue.go", "duplicate_line": 23, "correlation_key": "fp|a6bba08e605c43934f550d9b28b7544244fa65d8dc332fedc959c7b99883baf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/experimental/recipes/queue.go"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 88547, "scanner": "repobility-docker", "fingerprint": "fe6b1cc1bd21ae6930ff1115cf6a71133918cea74bf99d0a7411524c1583f509", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "golang:$GO_IMAGE_TAG", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fe6b1cc1bd21ae6930ff1115cf6a71133918cea74bf99d0a7411524c1583f509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/test-template/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 88545, "scanner": "repobility-docker", "fingerprint": "b91e7e6837207083640a4b67130932eb61bd380267323cd6983fccbb62c08a8a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "golang:$GO_IMAGE_TAG", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b91e7e6837207083640a4b67130932eb61bd380267323cd6983fccbb62c08a8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/server/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 88544, "scanner": "repobility-docker", "fingerprint": "0e8db19e5e302c76ad69822d50787aa02400f25f106cf12630424c829b7a5fd4", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "golang:$GO_VERSION", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0e8db19e5e302c76ad69822d50787aa02400f25f106cf12630424c829b7a5fd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/config/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 88537, "scanner": "repobility-threat-engine", "fingerprint": "d1b77d943746cd39afa30a5502c589d288e728fbc570d473ee4cd637576b715b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1b77d943746cd39afa30a5502c589d288e728fbc570d473ee4cd637576b715b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/schedule/schedule.go"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 88536, "scanner": "repobility-threat-engine", "fingerprint": "6a4999e9bfdc90865eac5f793f79109b0f47bfd52bf2161a9f96bd99ae31fc0d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a4999e9bfdc90865eac5f793f79109b0f47bfd52bf2161a9f96bd99ae31fc0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/ctlv3/command/snapshot_command.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 88534, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 88533, "scanner": "repobility-threat-engine", "fingerprint": "b88f7c6cfa83a612d26f5c4d0529d1310387253d70e57b9453f95a05de9c2a9b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b88f7c6cfa83a612d26f5c4d0529d1310387253d70e57b9453f95a05de9c2a9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cherrypick.sh"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 88532, "scanner": "repobility-threat-engine", "fingerprint": "7a982c0706c0e96d57b7b01fbcd46b3d35afab45138e3f6ec15f3b21e7befd0c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a982c0706c0e96d57b7b01fbcd46b3d35afab45138e3f6ec15f3b21e7befd0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/ctlv3/command/util.go"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 88531, "scanner": "repobility-threat-engine", "fingerprint": "b7df7f6209c267cfc8ea170cba8c96f6e9c1296d219b8e3b3ee382eb9f0764eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7df7f6209c267cfc8ea170cba8c96f6e9c1296d219b8e3b3ee382eb9f0764eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/ctlv3/command/global.go"}, "region": {"startLine": 398}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 88528, "scanner": "repobility-threat-engine", "fingerprint": "eef628d40a55b32c2a62fbbbe096c5cf6a9fe2b8fa503703cd280c893e1eb721", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|client/v3/leasing/txn.go|53|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/leasing/txn.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 88527, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED033", "level": "none", "message": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 88523, "scanner": "repobility-threat-engine", "fingerprint": "f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "aggregated_count": 2}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "properties": {"repobilityId": 88519, "scanner": "repobility-threat-engine", "fingerprint": "532470d6d64e459e99f7eee62b569cd137bfefa83514f1555cfc2e2d6b9d44f9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|532470d6d64e459e99f7eee62b569cd137bfefa83514f1555cfc2e2d6b9d44f9", "aggregated_count": 24}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 88518, "scanner": "repobility-threat-engine", "fingerprint": "61d821d6e68f829e0e46ca51797a194281519c5bdf7b7591007bd506e982c550", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61d821d6e68f829e0e46ca51797a194281519c5bdf7b7591007bd506e982c550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/experimental/recipes/watch.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 88517, "scanner": "repobility-threat-engine", "fingerprint": "1dfc72f0201e330a5a5a767075c812dc9b7fb53602c4b5574a2704b78588cf5b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1dfc72f0201e330a5a5a767075c812dc9b7fb53602c4b5574a2704b78588cf5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/transport/tls.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 88516, "scanner": "repobility-threat-engine", "fingerprint": "625a0848169fbc241c3e53b5103704275f43d77dadc68a74c45a8dfbed8835f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|625a0848169fbc241c3e53b5103704275f43d77dadc68a74c45a8dfbed8835f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/transport/listener_tls.go"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 88515, "scanner": "repobility-threat-engine", "fingerprint": "29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc"}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 35 more): Same pattern found in 35 additional files. Review if needed."}, "properties": {"repobilityId": 88511, "scanner": "repobility-threat-engine", "fingerprint": "f335f4e9de0ca7bd0013e1568ebf2cf432badced54239f39faaa592e3202b024", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 35 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f335f4e9de0ca7bd0013e1568ebf2cf432badced54239f39faaa592e3202b024", "aggregated_count": 35}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 85 more): Same pattern found in 85 additional files. Review if needed."}, "properties": {"repobilityId": 88507, "scanner": "repobility-threat-engine", "fingerprint": "dad180d491843a933c4a87bded3fdde8ba0b5e75a41bb9487c69cbe4dccf6e2b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 85 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dad180d491843a933c4a87bded3fdde8ba0b5e75a41bb9487c69cbe4dccf6e2b", "aggregated_count": 85}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 88506, "scanner": "repobility-threat-engine", "fingerprint": "8135d1c79a553078b046f6d8ef8ca6d8fee6623f0da646f66d58b2cd366f39cb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8135d1c79a553078b046f6d8ef8ca6d8fee6623f0da646f66d58b2cd366f39cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/logutil/log_level.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 88505, "scanner": "repobility-threat-engine", "fingerprint": "0458d22e3f35ede2126bcf4072e447be595ae276ad4e21c3a515891595f0fea0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0458d22e3f35ede2126bcf4072e447be595ae276ad4e21c3a515891595f0fea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/fileutil/lock_windows.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 88504, "scanner": "repobility-threat-engine", "fingerprint": "1074a3f57dceb3845e04192434107fdbee9e20982d8d683efdf69751a147bde5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1074a3f57dceb3845e04192434107fdbee9e20982d8d683efdf69751a147bde5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/fileutil/filereader.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88622, "scanner": "osv-scanner", "fingerprint": "6c97053189b8f08474f43465cba9cb0ddbf653c9735820341e7115a4420cbaf5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88621, "scanner": "osv-scanner", "fingerprint": "eec1c83e758ae364edb92c5455b7a72cd10423f9fd912380c51847065a23a613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88620, "scanner": "osv-scanner", "fingerprint": "a0c46f45f6a158c27fa16e988d07a9eabbb2b7fbc46af3fb7b7149d93017569f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88619, "scanner": "osv-scanner", "fingerprint": "608edc152c1f87312d3627df1b1fde0c437592ebe8cde3ffb699570d48ab60ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88618, "scanner": "osv-scanner", "fingerprint": "5d2f0751fd00eeab57683f384eda753994a4ca6d7f20d1ae5aea673414ad4c87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88617, "scanner": "osv-scanner", "fingerprint": "47126b7ebe253df23f13b651e7ae34d0683ea19b3d6614f904af8463933b2482", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/testgrid-analysis/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5032", "level": "error", "message": {"text": "golang.org/x/image: GO-2026-5032"}, "properties": {"repobilityId": 88616, "scanner": "osv-scanner", "fingerprint": "6c0c54107a9018e8424c55075cbc120fd84bd06c7f83d4e1bb02415f3eb50039", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46599"], "package": "golang.org/x/image", "rule_id": "GO-2026-5032", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/image|CVE-2026-46599|tools/rw-heatmaps/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/rw-heatmaps/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5031", "level": "error", "message": {"text": "golang.org/x/image: GO-2026-5031"}, "properties": {"repobilityId": 88615, "scanner": "osv-scanner", "fingerprint": "b0470002b8a30444db123f8cd1eb1609f85bd0d18ccaec8ad5c18514a31ee463", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42500"], "package": "golang.org/x/image", "rule_id": "GO-2026-5031", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/image|CVE-2026-42500|tools/rw-heatmaps/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/rw-heatmaps/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88614, "scanner": "osv-scanner", "fingerprint": "1570b469e6ae565580b5313e0339de4a4873c2f04fbc2b7d4195788863a4ed6b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88613, "scanner": "osv-scanner", "fingerprint": "47acb1dbf791ac89bdfd0a6a2116921c5e125ed75cd278126bc4b9f6394c5cbe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88612, "scanner": "osv-scanner", "fingerprint": "3868bfce2a871a0789fffb38b623a27ecc54224f471f5dec59bd66e920c29140", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88611, "scanner": "osv-scanner", "fingerprint": "b81e24720b8f2db62aeaf35812248b207bd5d6d6e6024ab4d88bf5dd04159afc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88610, "scanner": "osv-scanner", "fingerprint": "fcc445cd9d481c328226394738cbf3f4781f9b00475fa561bd03b0c857c70923", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88609, "scanner": "osv-scanner", "fingerprint": "63b00f0937e626219587c930b2de47f9e6ec79a0ed73f4a55bfcae06eb57cb21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|tools/mod/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/mod/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88608, "scanner": "osv-scanner", "fingerprint": "e6caddf1e24532eaf14479e57736e37404265c1f5935ca0e4c44651d7d6752dd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88607, "scanner": "osv-scanner", "fingerprint": "7d0de6f4e8156636ec5de00aef3aa3aa211010332ef0f3d317a519df1bd5a12a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88606, "scanner": "osv-scanner", "fingerprint": "0cf89501c57565a0f4955caa0df156adf89d3836e405e6ecc5c6bdd6b030d62d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88605, "scanner": "osv-scanner", "fingerprint": "8e3c7b7302d4cfc8fb6e502e63212f339f2dd1529acec724fc6c6d2f80417219", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88604, "scanner": "osv-scanner", "fingerprint": "5f725729a7992ae337c2115ebdc6ee67bd736b82ccdb88fdb93af880aec22999", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88603, "scanner": "osv-scanner", "fingerprint": "58ce4b730fc99131c8205d9a1beeb8ff7e8e7e30a9a7aef1db46a847b6a45eb9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|tests/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88602, "scanner": "osv-scanner", "fingerprint": "ba245f8b703a6f2e9dded8adaaa8122224978b4e5bfdb9dd35a88349ccc52a93", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88601, "scanner": "osv-scanner", "fingerprint": "78015d075a6edfecfa27122ab1173a697cf4ec47e2cc6c3e123cb35227734223", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88600, "scanner": "osv-scanner", "fingerprint": "fe58d0acacf8e0484b38320526e41855d519e78b6ca03c4011c02dcb75e8817d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88599, "scanner": "osv-scanner", "fingerprint": "f1218c44d488d59cd77ae196bd8350297e12c22b3669371573231a269c584031", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88598, "scanner": "osv-scanner", "fingerprint": "f88061946033c16c68d842107512e2342fadeafcb29c692272dc8c2be6781a14", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88597, "scanner": "osv-scanner", "fingerprint": "c4ddb9cebb707a29cfdc7befc4e3a3b38e3b2d4370a085a11a730fc712955c3c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|server/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88596, "scanner": "osv-scanner", "fingerprint": "cdb69885d82b2e353c281e784db0dcfc996019d90d0f23e9e592b135d5c1d99b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88595, "scanner": "osv-scanner", "fingerprint": "144ab53f1fd2d4c2fac2c0eb73debfd1c0ecc67d94ff61afe90ddb47a85d1f06", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88594, "scanner": "osv-scanner", "fingerprint": "f71ee420e463540277eedf3b3e44fe45e99a6c6b671a741a86c6885b550fa201", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88593, "scanner": "osv-scanner", "fingerprint": "5cdcf69c15b06820f4e9a1ddf12d215fe48ac2f9725e139e398d8ab2a3a59f09", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88592, "scanner": "osv-scanner", "fingerprint": "000e56acf3e1b1c8322ea7509559bba9bf47373abe4bbf1d14cdc876c06b472e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88591, "scanner": "osv-scanner", "fingerprint": "b381fe14289d06964e5121a78a608aaca8a4ac2983df5a561d753e568c69010c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|pkg/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88590, "scanner": "osv-scanner", "fingerprint": "f56f13f5fd0d02e616781fb4e263264064c55d496b56f34e2e697db0a1750dd6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88589, "scanner": "osv-scanner", "fingerprint": "346c97831be09b89603f8819967a1caf39f8f572a2d5dc5925a9ae0a6b98856e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88588, "scanner": "osv-scanner", "fingerprint": "796445bee725d6616761216b224cb420e85017321d01a56e43bf03efe210c5f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88587, "scanner": "osv-scanner", "fingerprint": "acf4f4ae909e3489f7be9bc36808d846c836956d4a36bc26ba43890f213b1436", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88586, "scanner": "osv-scanner", "fingerprint": "2a9be343e7c5c43785f4d36c5506f23f8b055fb0d461a84395ad634441be541a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88585, "scanner": "osv-scanner", "fingerprint": "be62fe7df92442560f1a21cceb16f1ca23f3e9cbe2e00b9699b8ae286a0012ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88584, "scanner": "osv-scanner", "fingerprint": "58330e0c120919b84e1f7e6ad6eafb9f5e9303a6274110887f5da5343514677c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88583, "scanner": "osv-scanner", "fingerprint": "4e3018f9813675c6d8df57c0535eaf8dbc74ebcf2e81327658174f735cdc3282", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88582, "scanner": "osv-scanner", "fingerprint": "f68ff6f31cb3766d2d0c45e30f027cc0aba020bc0699e8c5eed5539a0ef93700", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88581, "scanner": "osv-scanner", "fingerprint": "4e732bf2416f4bf6e82c38214fe91731babcc3348d99677f1a6ce4f199aa5ce2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88580, "scanner": "osv-scanner", "fingerprint": "6ae7e135e8fd3adaf573244b8393540ec159c15a4705a0d6b90762ad017d34b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88579, "scanner": "osv-scanner", "fingerprint": "d9354d6f98cb65c999d2130296e2d9d4cba43dac6ef063e84460e9fdfb45a956", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|etcdutl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88578, "scanner": "osv-scanner", "fingerprint": "937bf37823cab52069cdc93f8c199d227f846c05b24d7e23558278df984621aa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88577, "scanner": "osv-scanner", "fingerprint": "08ad3fa4ca8124329d7f62f2b36f458372470d4f42a39952afde604bda139d70", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88576, "scanner": "osv-scanner", "fingerprint": "db2102409b0266df9dd9229c53e444977a0d7adb1e50f918a5a0885a9e3e3523", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88575, "scanner": "osv-scanner", "fingerprint": "b24063db1be73f81248b7cdc5bac0c8aa27a6b7ab43d893c083ff23141454beb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88574, "scanner": "osv-scanner", "fingerprint": "eed849bcad83c9f7e2072ab676e6ea85cac32612f2a380b852958f1705160dc5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88573, "scanner": "osv-scanner", "fingerprint": "b49a37febe2267f5ed4dfd8f30b8a4570081c9188e25c00abb7709e1a8ffc98c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|etcdctl/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88572, "scanner": "osv-scanner", "fingerprint": "b331c3372ad0a69d10571ac451ab946475d7408b5ab642f296473f70375b1776", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88571, "scanner": "osv-scanner", "fingerprint": "05a2e2cb1a508f68f82a8f28c7a7962802ac8ac4eb648a871cbb11331825c757", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88570, "scanner": "osv-scanner", "fingerprint": "7f4c0dd40a178cafa02e89abd4271833afa05527c706cd7e11694797d9d117b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88569, "scanner": "osv-scanner", "fingerprint": "005fc4393b4b0d1577ffbdaa0ce4fc9489b30f0b1d731acf26a7ca8c7400fa81", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88568, "scanner": "osv-scanner", "fingerprint": "a5173f3091f00099bfac48dc5a48f424206f0c30fbcffab39cf6e29fcabee9a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88567, "scanner": "osv-scanner", "fingerprint": "531614ba4636d02f91b9761ce2d37ae4a2128fdde7f993d1ed033d1d09678c5d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|client/v3/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88566, "scanner": "osv-scanner", "fingerprint": "a283e5995cc6567964fe22da886633fd98840e633a5210fc936031849a87196f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88565, "scanner": "osv-scanner", "fingerprint": "ddbaa97bc878e33609d643505ed40ef7e652f43971a24a55fe6feac06330d4a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88564, "scanner": "osv-scanner", "fingerprint": "4ed1f168d06a6943c5de994c82f85b4ace71258ccffc3b6a20b8a6ba30e1579d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88563, "scanner": "osv-scanner", "fingerprint": "8d3fbb7dd295fd7a1ef3912ffef8cd143a30e5aec30de8da0a0f0d4314713c95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88562, "scanner": "osv-scanner", "fingerprint": "537f871f0ad27eef2f76b62a7aa9e7682d43077d38c374b380a483a4431fe91d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88561, "scanner": "osv-scanner", "fingerprint": "0f8258d39e8003a70926ed9b70866a0ad927f50ebf63e832c01ced9ce79a3ace", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|cache/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 88560, "scanner": "osv-scanner", "fingerprint": "365fa9810a332496779470eeca028e4626d0739c4dc6d8afa59279d593db06e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 88559, "scanner": "osv-scanner", "fingerprint": "08547e07d405b9555ca68ef5a730424665f40274ecfc4f50d3b9ac1c1bdd77a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 88558, "scanner": "osv-scanner", "fingerprint": "e8182c82f30583609700d742113b446b80c243d8a32cd675e3b425ec13e4e39f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 88557, "scanner": "osv-scanner", "fingerprint": "72cecfea591cf9033f0d7ae615f283142ec3187fd6a3179df5c64bd5eb573ef7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 88556, "scanner": "osv-scanner", "fingerprint": "b6d10d2d58943095910af4e46ea09fa95ab454de6e70f2255c030f1baea83ca6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 88555, "scanner": "osv-scanner", "fingerprint": "81b14c6d35f8b6307f528fc3f0c127cb8f0ef6de7a50db3df4b9a9129f3a7335", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|api/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 88548, "scanner": "repobility-docker", "fingerprint": "a59e4d278e130569a81536880d085e03ed0a27a084e8a2930fe8595ca3376d5b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a59e4d278e130569a81536880d085e03ed0a27a084e8a2930fe8595ca3376d5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/test-template/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 88541, "scanner": "repobility-threat-engine", "fingerprint": "1d443f63117b27599a07d111306b32dc796257183f6854198eedd4d57b857d10", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|68|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/rw-heatmaps/pkg/dataset/dataset.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 88538, "scanner": "repobility-threat-engine", "fingerprint": "ce849abb73c713262fccab9a5cd3e2ccc9a084c4efca71609e08c12882d933d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce849abb73c713262fccab9a5cd3e2ccc9a084c4efca71609e08c12882d933d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/etcdserver/api/membership/member.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 88530, "scanner": "repobility-threat-engine", "fingerprint": "05383daabf3f2313c764b7f4aa57fad4a1c4ddda55b85946e5aab16d1c9abeee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"net\"\n\t\"sync\"\n\t\"time\"\n\n\t\"go.uber.org/zap\"\n)\n\ntype remote struct {\n\tmu       sync.Mutex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|05383daabf3f2313c764b7f4aa57fad4a1c4ddda55b85946e5aab16d1c9abeee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proxy/tcpproxy/userspace.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 88529, "scanner": "repobility-threat-engine", "fingerprint": "18d5066ddb24a68761053839d5caae64abd80d1c44accfaa15efe21c4fe3d2aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"time\"\n)\n\n// jitterUp adds random jitter to the duration.\n//\n// This adds or subtracts t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|18d5066ddb24a68761053839d5caae64abd80d1c44accfaa15efe21c4fe3d2aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/utils.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 88526, "scanner": "repobility-threat-engine", "fingerprint": "c2166f68b930c6e41db7ddcf0d7934306e6e6c52ea6605d0e45c4b7e14854aba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "c.cachedRanges.Delete(ivl)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c2166f68b930c6e41db7ddcf0d7934306e6e6c52ea6605d0e45c4b7e14854aba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/proxy/grpcproxy/cache/store.go"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 88525, "scanner": "repobility-threat-engine", "fingerprint": "e321223223550525172e56fede65cf3c35bdb5e566e5a1081912c11962df3ca5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "p.picker.update(urls)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e321223223550525172e56fede65cf3c35bdb5e566e5a1081912c11962df3ca5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/etcdserver/api/rafthttp/peer.go"}, "region": {"startLine": 273}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 88524, "scanner": "repobility-threat-engine", "fingerprint": "23c4e29bcc26920e976ae6140d8da82fc95755a9f101b501b70f074ae7ff7ac9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "lc.delete(key, hdr)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|23c4e29bcc26920e976ae6140d8da82fc95755a9f101b501b70f074ae7ff7ac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/leasing/cache.go"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 88522, "scanner": "repobility-threat-engine", "fingerprint": "96be01207dfe571d2581f5646881963bee756130e3b35d13bdea90f322477f4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96be01207dfe571d2581f5646881963bee756130e3b35d13bdea90f322477f4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/schedule/schedule.go"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 88521, "scanner": "repobility-threat-engine", "fingerprint": "14d8db23a9fab3de00722fb2d4a57784a0050678f6577986faad5019ed1b9467", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14d8db23a9fab3de00722fb2d4a57784a0050678f6577986faad5019ed1b9467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/internal/resolver/resolver.go"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 88520, "scanner": "repobility-threat-engine", "fingerprint": "6947a5f4145230adf668a448d0eaca49a58112d224007742008d511b5528f51d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6947a5f4145230adf668a448d0eaca49a58112d224007742008d511b5528f51d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/concurrency/stm.go"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 88514, "scanner": "repobility-threat-engine", "fingerprint": "df223134e31203a645526534a498e353c4c29aac83888b91be2673202bf3bdea", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df223134e31203a645526534a498e353c4c29aac83888b91be2673202bf3bdea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/netutil/netutil.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 88513, "scanner": "repobility-threat-engine", "fingerprint": "569f8b2cfa2a43609714641256c9e8b53c3d5608c27438a290ee23a07d2cabbd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Get(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|569f8b2cfa2a43609714641256c9e8b53c3d5608c27438a290ee23a07d2cabbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/ctlv3/command/util.go"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 88512, "scanner": "repobility-threat-engine", "fingerprint": "ce35836a168bfa23bffb184a66119a72806819b2a5e89a10fd9d68a2f1b7bb2e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ce35836a168bfa23bffb184a66119a72806819b2a5e89a10fd9d68a2f1b7bb2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/testutil/testutil.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 88510, "scanner": "repobility-threat-engine", "fingerprint": "de0a42cd24251d1452143d70f9ffb88ef0b3f3e6516ad0152e7e40d8ab6e392c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de0a42cd24251d1452143d70f9ffb88ef0b3f3e6516ad0152e7e40d8ab6e392c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/concurrency/session.go"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 88509, "scanner": "repobility-threat-engine", "fingerprint": "ed17eb2701268319dad9b4989f4a0af6dc1c3d1cad1cf13fdff6dd323118b04c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed17eb2701268319dad9b4989f4a0af6dc1c3d1cad1cf13fdff6dd323118b04c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/fileutil/sync_darwin.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 88508, "scanner": "repobility-threat-engine", "fingerprint": "ef16642e3d86f7774a4f5a9a9b901f371bf48bb14a6ada590a02d3d419c0bfee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef16642e3d86f7774a4f5a9a9b901f371bf48bb14a6ada590a02d3d419c0bfee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/pkg/fileutil/fileutil.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:24.04` not pinned by digest"}, "properties": {"repobilityId": 88502, "scanner": "repobility-supply-chain", "fingerprint": "cb510a64e565bd1a5ff81093d5db617182f2a74a798e0829257f16069768438f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb510a64e565bd1a5ff81093d5db617182f2a74a798e0829257f16069768438f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/test-template/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:24.04` not pinned by digest"}, "properties": {"repobilityId": 88501, "scanner": "repobility-supply-chain", "fingerprint": "1a9bc79fbb044f269307d2482d9a1a9c71467e641ad6763b39684ded306dbf36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a9bc79fbb044f269307d2482d9a1a9c71467e641ad6763b39684ded306dbf36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/antithesis/server/Dockerfile"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88500, "scanner": "repobility-supply-chain", "fingerprint": "93dc41270789d6f549478aa1b244870e86847b539978f9ae7266a6337f95d7ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|93dc41270789d6f549478aa1b244870e86847b539978f9ae7266a6337f95d7ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "client/v3/go.mod"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88499, "scanner": "repobility-supply-chain", "fingerprint": "372daf8bb3d572f600973f2e765bb1c9da17546a8f9cf86c04986da4953febda", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|372daf8bb3d572f600973f2e765bb1c9da17546a8f9cf86c04986da4953febda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88498, "scanner": "repobility-supply-chain", "fingerprint": "7b1c431287adb9dff90c4bf09e1e731416b14baf8d50146f10e019f5873b3e50", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b1c431287adb9dff90c4bf09e1e731416b14baf8d50146f10e019f5873b3e50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdctl/go.mod"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88497, "scanner": "repobility-supply-chain", "fingerprint": "d3270d16887d1053ff6a7c4669fde97295ad5e35b9fda3fc6e63eda84e85d231", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3270d16887d1053ff6a7c4669fde97295ad5e35b9fda3fc6e63eda84e85d231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cache/go.mod"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88496, "scanner": "repobility-supply-chain", "fingerprint": "e38aa6b9ee627ac693a3c16a21c714ebcee681a1b3a7103a21e932befc16dc01", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e38aa6b9ee627ac693a3c16a21c714ebcee681a1b3a7103a21e932befc16dc01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "etcdutl/go.mod"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88495, "scanner": "repobility-supply-chain", "fingerprint": "af2d6996c0eb2c3286c7f36c974ae9713eac2e438ff06673561fe593176e2187", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af2d6996c0eb2c3286c7f36c974ae9713eac2e438ff06673561fe593176e2187"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/go.mod"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `go.etcd.io/etcd/client/pkg/v3` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88494, "scanner": "repobility-supply-chain", "fingerprint": "680b2a9f2d0247ab864a17428c6b42a9f12c0637f74039389ac693a14248947b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|680b2a9f2d0247ab864a17428c6b42a9f12c0637f74039389ac693a14248947b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/go.mod"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `(` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 88493, "scanner": "repobility-supply-chain", "fingerprint": "746d227752a0eae37ea9b0696f99a1dda4fe569a36426559212e9b626e34416f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|746d227752a0eae37ea9b0696f99a1dda4fe569a36426559212e9b626e34416f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 6}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 88554, "scanner": "gitleaks", "fingerprint": "5ca501fd8bf397819bf7e254947ff23d33e0a8ecc96ef6b45ce83632d141339f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "discoveryToken :<redacted> \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|6|discoverytoken : redacted redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/discovery_v3_test.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 88553, "scanner": "gitleaks", "fingerprint": "e0ee770a6ddc9923be1415f55cf34deaa44eaaa4e085015e45dc7c6b541caa5d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "googleapi_commit=REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|scripts/genproto.sh|9|googleapi_commit redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/genproto.sh"}, "region": {"startLine": 96}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 88552, "scanner": "gitleaks", "fingerprint": "ff20a49358870accb230597715394a3c9b2b14814afe6cdad2f1bb92c06f9fba", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 15 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted", "duplicate_count": 15, "duplicate_rule_ids": ["private-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0b38023e594667b02b1a09f081ac63fd4d64fe9c4b62db55c4a733a8984dcdce", "0dce4b0299ec88850427514c8cb767ce2f067b9d76041ef3d02c332dbd4e6094", "2f6cb4025693f59ce97bad2c09d67481ffe2062b0491c4193e060cac2a4f7285", "4bd60a9e9aba214f9b4a2ac1cb4e74cd42d23d0fc025777a494a26bc36faa3bf", "4e36dc6af1f7b21394185f5039fcca950ce0c7157eab92628c6da2b9d99aa149", "7953532ff109b435362b80d09c771e6143d017c725a87fc435fb3489b798e98c", "9d640f8339af61bb7c365c3c67547f858b09de77c9f22e64ab0e9f950b7f21cd", "9d7859decebc8b46efe46af7237b6716671e34589d29b6a43def7214baa4314b", "a912da1c65daf9d26914c2ecea3bd051a3d556731ef362cefc0c00437fdb574f", "aad24ff090be7bd24b57fb0210000343155138408f7a4b6a8d974fa42c968fff", "bd9c862b7df67b79f1d1a057f1d63885a3c2956def7b4b5595d3eeb5cea25080", "be1d0d45115bb3b9bfb4668d33a99a7293d2796f641fe27a16d9579f31eee0a4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/proxy/fixtures/server.key.insecure"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 88551, "scanner": "gitleaks", "fingerprint": "eee89b024f9dc9f21537f98b757095df39c808858341d95b271932cd3e98dda8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|codecov.yml|1|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "codecov.yml"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED125", "level": "error", "message": {"text": "GHA script injection via github.event.pull_request.head.ref in run-step"}, "properties": {"repobilityId": 88503, "scanner": "repobility-supply-chain", "fingerprint": "76c5a2d8f12d422b5f43670ffb013122b5d3ceab4b911a0911189f20be0b8faa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-script-injection", "owasp": "A03:2021", "cwe_ids": ["CWE-78", "CWE-94"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76c5a2d8f12d422b5f43670ffb013122b5d3ceab4b911a0911189f20be0b8faa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/bump-devcontainer-version.yml"}, "region": {"startLine": 45}}}]}]}]}