{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `rtk` is 4 major version(s) behind (>=0.28.0 -> 4.2.0)", "shortDescription": {"text": "npm package `rtk` is 4 major version(s) behind (>=0.28.0 -> 4.2.0)"}, "fullDescription": {"text": "`rtk` is pinned/resolved at >=0.28.0 but the latest stable release on the npm registry is 4.2.0 (4 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 597 lines (recommend <300)", "shortDescription": {"text": "Average file size is 597 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_pre_tool_call` has cognitive complexity 11 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_pre_tool_call` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `fedora:latest` unpinned", "shortDescription": {"text": "Workflow container/services image `fedora:latest` unpinned"}, "fullDescription": {"text": "`container/services image: fedora:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`", "shortDescription": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "fullDescription": {"text": "`uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.assertEqual` used but never assigned in __init__", "shortDescription": {"text": "`self.assertEqual` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_rewrite_timeout_warns_and_preserves_original_command` of class `RtkRewritePluginTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "stripe-access-token", "name": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data.", "shortDescription": {"text": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.RTK_DOCS_ANTHROPIC_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.RTK_DOCS_ANTHROPIC_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.RTK_DOCS_ANTHROPIC_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/893"}, "properties": {"repository": "rtk-ai/rtk", "repoUrl": "https://github.com/rtk-ai/rtk", "branch": "develop"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 82634, "scanner": "repobility-threat-engine", "fingerprint": "04caffe75d41e0af9137d77200cc28ffd5549bc170a36a7d76618c92401d1ab9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/cmds/js/npm_cmd.rs|102|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/js/npm_cmd.rs"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 82633, "scanner": "repobility-threat-engine", "fingerprint": "da8845e208f6850b2ff565bed24fa408bdcc67520b57d63375eb6d4e9fcb12e9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|hooks/pi/rtk.ts|32|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/pi/rtk.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82621, "scanner": "repobility-agent-runtime", "fingerprint": "43c77878c94d69ab16f847683fba1e36dae898ac0bf4d5ede221eeea9e10ca58", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|43c77878c94d69ab16f847683fba1e36dae898ac0bf4d5ede221eeea9e10ca58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw/README.md"}, "region": {"startLine": 22}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82620, "scanner": "repobility-agent-runtime", "fingerprint": "5c11715d0245c678b703ce6bc7c3bb82449652fc61848639715cc3a4477b9114", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5c11715d0245c678b703ce6bc7c3bb82449652fc61848639715cc3a4477b9114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_zh.md"}, "region": {"startLine": 61}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82619, "scanner": "repobility-agent-runtime", "fingerprint": "b4962219042b5cf61ba6f9475149a6ea528a35dba6915578e87254994db4a77e", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b4962219042b5cf61ba6f9475149a6ea528a35dba6915578e87254994db4a77e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_pt.md"}, "region": {"startLine": 61}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82618, "scanner": "repobility-agent-runtime", "fingerprint": "5c4e11424be744f63df5f643410abde9e4515caca021914a8c8a4397a5b108d3", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5c4e11424be744f63df5f643410abde9e4515caca021914a8c8a4397a5b108d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_ko.md"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82617, "scanner": "repobility-agent-runtime", "fingerprint": "7ab62f305d5c0c184ac739b99d2787a5b2bbb3c07377a291e7c7812ca01bbd10", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7ab62f305d5c0c184ac739b99d2787a5b2bbb3c07377a291e7c7812ca01bbd10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_ja.md"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 82616, "scanner": "repobility-agent-runtime", "fingerprint": "f2acf54d1067684a7f768046d1dfb158c8b97bfb5d9ca3485a95fd8eface35be", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f2acf54d1067684a7f768046d1dfb158c8b97bfb5d9ca3485a95fd8eface35be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README_es.md"}, "region": {"startLine": 60}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `rtk` is 4 major version(s) behind (>=0.28.0 -> 4.2.0)"}, "properties": {"repobilityId": 82615, "scanner": "repobility-dependency-currency", "fingerprint": "5d46f50046ef6860d645eab11fa42047c63a2089978366daca692eb27028d199", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "rtk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.2.0", "correlation_key": "fp|5d46f50046ef6860d645eab11fa42047c63a2089978366daca692eb27028d199", "current_version": ">=0.28.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 82561, "scanner": "repobility-ast-engine", "fingerprint": "7acd746ec27eb4b7a06d3421d8d15cc24ffd934ef025a4612b795e432c2da05b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7acd746ec27eb4b7a06d3421d8d15cc24ffd934ef025a4612b795e432c2da05b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/rtk-rewrite/__init__.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 597 lines (recommend <300)"}, "properties": {"repobilityId": 82558, "scanner": "repobility-core", "fingerprint": "10e59d1bce300253afff9c824f5d49f59cd896e43921905b09966279dfef92d7", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|10e59d1bce300253afff9c824f5d49f59cd896e43921905b09966279dfef92d7"}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_pre_tool_call` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=2, if=6, nested_bonus=3."}, "properties": {"repobilityId": 82628, "scanner": "repobility-threat-engine", "fingerprint": "8e96b2fc2a03ffc01bb198469882ed3ff73e96e84772c7ad58eb82e47bf4f35e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_pre_tool_call", "breakdown": {"if": 6, "except": 2, "nested_bonus": 3}, "complexity": 11, "correlation_key": "fp|8e96b2fc2a03ffc01bb198469882ed3ff73e96e84772c7ad58eb82e47bf4f35e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/rtk-rewrite/__init__.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c338231fe8968903bffb4669046d60a4d5ea337c33b73ce5dcfdd0dc25440e77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmds/python/ruff_cmd.rs", "duplicate_line": 243, "correlation_key": "fp|c338231fe8968903bffb4669046d60a4d5ea337c33b73ce5dcfdd0dc25440e77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/system/format_cmd.rs"}, "region": {"startLine": 188}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 82559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "22452441e30d0d5bee5a21bf87ee52ee3cd459bca555d204f28592f5bdfc75fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmds/js/tsc_cmd.rs", "duplicate_line": 143, "correlation_key": "fp|22452441e30d0d5bee5a21bf87ee52ee3cd459bca555d204f28592f5bdfc75fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/python/mypy_cmd.rs"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 82642, "scanner": "repobility-threat-engine", "fingerprint": "d405723804089dca65d8f1eab1b4d5ddc974fbca2dfa1ca2efcf2395026353d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d405723804089dca65d8f1eab1b4d5ddc974fbca2dfa1ca2efcf2395026353d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/wget_cmd.rs"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 82640, "scanner": "repobility-threat-engine", "fingerprint": "1f2fc65d39310bdb943b9d7192adfaaf356cfc924d7dfd10683d4e26ec678f3e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1f2fc65d39310bdb943b9d7192adfaaf356cfc924d7dfd10683d4e26ec678f3e", "aggregated_count": 10}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 82635, "scanner": "repobility-threat-engine", "fingerprint": "0830096f8712aab333bc5cbf3ea3787301ec87070f7b92357f4f93a8c9510efd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0830096f8712aab333bc5cbf3ea3787301ec87070f7b92357f4f93a8c9510efd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw/index.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 82632, "scanner": "repobility-threat-engine", "fingerprint": "f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "aggregated_count": 2}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 82631, "scanner": "repobility-threat-engine", "fingerprint": "e2468e829990be5ee329eeec25a26eaf9be99182216dd5ccacd0e2705e937ec2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2468e829990be5ee329eeec25a26eaf9be99182216dd5ccacd0e2705e937ec2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw/index.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 82630, "scanner": "repobility-threat-engine", "fingerprint": "f08b9923e1f31eb5457ff0dae3ff3cb8a83457a88060d711e2fa3797b2dbe2fd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f08b9923e1f31eb5457ff0dae3ff3cb8a83457a88060d711e2fa3797b2dbe2fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/pi/rtk.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 82629, "scanner": "repobility-threat-engine", "fingerprint": "cf23196958b73affeb118a07bb791625a242b3c9085cd40676073604fa9b6b90", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cf23196958b73affeb118a07bb791625a242b3c9085cd40676073604fa9b6b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/opencode/rtk.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 82627, "scanner": "repobility-threat-engine", "fingerprint": "44a8128f4272a88166d668bb98870ef44288e5a4216a87656d2c5fa0052a8701", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44a8128f4272a88166d668bb98870ef44288e5a4216a87656d2c5fa0052a8701"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parser/mod.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 82626, "scanner": "repobility-threat-engine", "fingerprint": "ea48553a19a6a0bd8e664f019c151f6d1ecc5b2fe001bffa984a3a3cda4e0f78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea48553a19a6a0bd8e664f019c151f6d1ecc5b2fe001bffa984a3a3cda4e0f78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.rs"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 82625, "scanner": "repobility-threat-engine", "fingerprint": "de1cf28d4be567d72467a52ca8f61ae74a513a6bf554777cbd3163722b68f760", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|de1cf28d4be567d72467a52ca8f61ae74a513a6bf554777cbd3163722b68f760", "aggregated_count": 3}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 82624, "scanner": "repobility-threat-engine", "fingerprint": "15e5b6c6beabe80252056e9f1e5dbf8db80b7282658b89715cbcc6cc03f2977d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15e5b6c6beabe80252056e9f1e5dbf8db80b7282658b89715cbcc6cc03f2977d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/config.rs"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 82623, "scanner": "repobility-threat-engine", "fingerprint": "584e7a848d0f884070c5ead2cc0906297dee2be52df624286697b014185ff81d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|584e7a848d0f884070c5ead2cc0906297dee2be52df624286697b014185ff81d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/system/read.rs"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 82622, "scanner": "repobility-threat-engine", "fingerprint": "ed80acfd84a8e54b4ed1474b4806fa33776ada970bb32fc17408287e0f56ccdb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed80acfd84a8e54b4ed1474b4806fa33776ada970bb32fc17408287e0f56ccdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 82643, "scanner": "repobility-threat-engine", "fingerprint": "c018b4009427534e61b30b0d260d6bd22c08129745261e1d9796fe5c34c14b49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c018b4009427534e61b30b0d260d6bd22c08129745261e1d9796fe5c34c14b49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/js/npm_cmd.rs"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 82641, "scanner": "repobility-threat-engine", "fingerprint": "c39e2ce8e44a867da9d91e55ec03c406117e21cd0b47cb5cc92c62ad163cdd6e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c39e2ce8e44a867da9d91e55ec03c406117e21cd0b47cb5cc92c62ad163cdd6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/wget_cmd.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 82639, "scanner": "repobility-threat-engine", "fingerprint": "8d37d2c3d6b03eb49b6e097165d3936624b29c958272315b7a4149d499f4deb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d37d2c3d6b03eb49b6e097165d3936624b29c958272315b7a4149d499f4deb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/js/tsc_cmd.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 82638, "scanner": "repobility-threat-engine", "fingerprint": "8fb4dc83640498f3c52e40d20b197de1c14513367932cc538aeb6bff33c097c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8fb4dc83640498f3c52e40d20b197de1c14513367932cc538aeb6bff33c097c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/js/next_cmd.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 82637, "scanner": "repobility-threat-engine", "fingerprint": "5af80f0b5553e39bdeba73025762f7e1d75828d60496753768fb206f05236435", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5af80f0b5553e39bdeba73025762f7e1d75828d60496753768fb206f05236435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analytics/ccusage.rs"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 82636, "scanner": "repobility-threat-engine", "fingerprint": "33bfe816d67e37854bd5c74d7eed564001ee4008de1653604e7da5f83cdf88af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33bfe816d67e37854bd5c74d7eed564001ee4008de1653604e7da5f83cdf88af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check-installation.sh"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `fedora:latest` unpinned"}, "properties": {"repobilityId": 82614, "scanner": "repobility-supply-chain", "fingerprint": "66e49d3353ba42a0c679f8f1adc27286b41d94f549a6cb5dc53c5f7a05dbbb80", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66e49d3353ba42a0c679f8f1adc27286b41d94f549a6cb5dc53c5f7a05dbbb80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82613, "scanner": "repobility-supply-chain", "fingerprint": "785682c2a0716a84c77ee1d45cf0abaf49d8bb4b4624e556b5566a63ac8d94c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|785682c2a0716a84c77ee1d45cf0abaf49d8bb4b4624e556b5566a63ac8d94c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82612, "scanner": "repobility-supply-chain", "fingerprint": "d67cfc26130d37a8180145c48e51896eaa1c099a08a124006e520d817b12ce82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d67cfc26130d37a8180145c48e51896eaa1c099a08a124006e520d817b12ce82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `semgrep/semgrep` unpinned"}, "properties": {"repobilityId": 82611, "scanner": "repobility-supply-chain", "fingerprint": "5af0f3c5620808dbd5b37c202e448bb7d105034e2f9e354c7002e507a63930df", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5af0f3c5620808dbd5b37c202e448bb7d105034e2f9e354c7002e507a63930df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82609, "scanner": "repobility-supply-chain", "fingerprint": "7a7cffa0c298a5ace4e6f33f6049b28295d1461122f2864e470a4e5fe7152caf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a7cffa0c298a5ace4e6f33f6049b28295d1461122f2864e470a4e5fe7152caf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 82608, "scanner": "repobility-supply-chain", "fingerprint": "edd0c8adaa71ae9a2655414aa9a7ecf4acf741ac1edef78df7aab0707901f191", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edd0c8adaa71ae9a2655414aa9a7ecf4acf741ac1edef78df7aab0707901f191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 82607, "scanner": "repobility-supply-chain", "fingerprint": "0ce4d33652ea45df2fa4e357cc24eaac922fb2de21450f78d5ebbc7dd53db334", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ce4d33652ea45df2fa4e357cc24eaac922fb2de21450f78d5ebbc7dd53db334"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82606, "scanner": "repobility-supply-chain", "fingerprint": "3fe4d6bb3ef6493d5e8e87dd41134afb634ccf74af68a634b28bb7450a3b64e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3fe4d6bb3ef6493d5e8e87dd41134afb634ccf74af68a634b28bb7450a3b64e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82605, "scanner": "repobility-supply-chain", "fingerprint": "29a8a96ad207608b52c43cd59372d457d54f50b0c4c4c777dc9cb0fec7a95d9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|29a8a96ad207608b52c43cd59372d457d54f50b0c4c4c777dc9cb0fec7a95d9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82604, "scanner": "repobility-supply-chain", "fingerprint": "adb9e7ef4024390a611e37e1e015939d693132c9d380f1f7bb3abec74a750aa4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|adb9e7ef4024390a611e37e1e015939d693132c9d380f1f7bb3abec74a750aa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 82603, "scanner": "repobility-supply-chain", "fingerprint": "950dc835b46713135f15753e44601e42763922697dde076bfde524b5d670b2b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|950dc835b46713135f15753e44601e42763922697dde076bfde524b5d670b2b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82602, "scanner": "repobility-supply-chain", "fingerprint": "06859761bfc92448fba5d28802c7cff3934a5c72c2a0f131cd2da486460c0e0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|06859761bfc92448fba5d28802c7cff3934a5c72c2a0f131cd2da486460c0e0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82601, "scanner": "repobility-supply-chain", "fingerprint": "c9610b7695cf201ccbefc7c89782437748763335afa31c601f38dc87ad5efaec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9610b7695cf201ccbefc7c89782437748763335afa31c601f38dc87ad5efaec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 82600, "scanner": "repobility-supply-chain", "fingerprint": "34fcf308a5fe1ba1e272fd025fc009f5a051d3c5b27d6e4f7d27404cbdda2709", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34fcf308a5fe1ba1e272fd025fc009f5a051d3c5b27d6e4f7d27404cbdda2709"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82599, "scanner": "repobility-supply-chain", "fingerprint": "1bc3b5a20f5463afb19ee4a456b4d383f39ab03c343ab339bc150b86a6422307", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1bc3b5a20f5463afb19ee4a456b4d383f39ab03c343ab339bc150b86a6422307"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82598, "scanner": "repobility-supply-chain", "fingerprint": "4b8115214454137a1efee89242d119586686fc50891b7a5ac40a7d6dad254c6d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b8115214454137a1efee89242d119586686fc50891b7a5ac40a7d6dad254c6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 82597, "scanner": "repobility-supply-chain", "fingerprint": "4a6b55c479f502c1199de701a70b40db2a4c995f42ef8b45933d38d82dffd2fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a6b55c479f502c1199de701a70b40db2a4c995f42ef8b45933d38d82dffd2fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82596, "scanner": "repobility-supply-chain", "fingerprint": "54c7eb906dde3e5a2245207b068343ecc548c86ada793024669c9ca53f2f2e9d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54c7eb906dde3e5a2245207b068343ecc548c86ada793024669c9ca53f2f2e9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82595, "scanner": "repobility-supply-chain", "fingerprint": "3a8c51ecefa109628636b1c52657f0b12c7ae61eab6cad9924ce96111f2a6144", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a8c51ecefa109628636b1c52657f0b12c7ae61eab6cad9924ce96111f2a6144"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 82594, "scanner": "repobility-supply-chain", "fingerprint": "0dd5771cc401f080fead4c332353501c280fb01c7ae3a8b47553510c3ba11e68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0dd5771cc401f080fead4c332353501c280fb01c7ae3a8b47553510c3ba11e68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82593, "scanner": "repobility-supply-chain", "fingerprint": "d93bde8ad12bad9d981b013734d5d9f25a1dd27e86496e89e07c69823766d02d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d93bde8ad12bad9d981b013734d5d9f25a1dd27e86496e89e07c69823766d02d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82592, "scanner": "repobility-supply-chain", "fingerprint": "799b4919542952114511e4a984ceafeb6034d4f990a16d26b93eb19c7e79f6c2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|799b4919542952114511e4a984ceafeb6034d4f990a16d26b93eb19c7e79f6c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82591, "scanner": "repobility-supply-chain", "fingerprint": "43cb1885e847f0095eda10b121b96bcfe44d70a6158fbbc59e2b2b7ad7069b82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43cb1885e847f0095eda10b121b96bcfe44d70a6158fbbc59e2b2b7ad7069b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cd.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/create-github-app-token` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 82590, "scanner": "repobility-supply-chain", "fingerprint": "4d2e4135fa6402ab776f0c70d4d4f3a7378befc05b9b2c487130f4bf8fb048de", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d2e4135fa6402ab776f0c70d4d4f3a7378befc05b9b2c487130f4bf8fb048de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cd.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `googleapis/release-please-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82589, "scanner": "repobility-supply-chain", "fingerprint": "114c46899e0794869effafeb143fac00300642f26d0aec5a5a745c892cb3f15b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|114c46899e0794869effafeb143fac00300642f26d0aec5a5a745c892cb3f15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cd.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/create-github-app-token` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 82588, "scanner": "repobility-supply-chain", "fingerprint": "beece3d0439c7f023ce2c82bb59a8ab75240ca3dcc329b3d3b4e18b74659beb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|beece3d0439c7f023ce2c82bb59a8ab75240ca3dcc329b3d3b4e18b74659beb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cd.yml"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 82587, "scanner": "repobility-supply-chain", "fingerprint": "16475a92d6236b2bf594d0ac99417be098272b06283a6cac285fe9551b572c5f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16475a92d6236b2bf594d0ac99417be098272b06283a6cac285fe9551b572c5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cd.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82586, "scanner": "repobility-ast-engine", "fingerprint": "8aaf4360416f53da7cd91332babb5b097f12048d0e7c58239f5c1ece61331a20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aaf4360416f53da7cd91332babb5b097f12048d0e7c58239f5c1ece61331a20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82585, "scanner": "repobility-ast-engine", "fingerprint": "c861e9844deecea1cc90a0929071dcb8af1436a69ef4794389d0ca880c518e95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c861e9844deecea1cc90a0929071dcb8af1436a69ef4794389d0ca880c518e95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82584, "scanner": "repobility-ast-engine", "fingerprint": "c971058b12d0aa5960485ad88b8f81ad88cf3f4364e9118d31d0e357f7b51ba8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c971058b12d0aa5960485ad88b8f81ad88cf3f4364e9118d31d0e357f7b51ba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82583, "scanner": "repobility-ast-engine", "fingerprint": "a71c575cbf2763232f725c1600925da85140b09b0dc329896c0e226188743cfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a71c575cbf2763232f725c1600925da85140b09b0dc329896c0e226188743cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82582, "scanner": "repobility-ast-engine", "fingerprint": "fed0e511540b358ea72ae80e01f2f2d6ccc5dcae75316419c4c284b823205601", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fed0e511540b358ea72ae80e01f2f2d6ccc5dcae75316419c4c284b823205601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82581, "scanner": "repobility-ast-engine", "fingerprint": "75939ac02a9061baf834169c83ed5e13950542f639342afc48dc9694e4a6c895", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75939ac02a9061baf834169c83ed5e13950542f639342afc48dc9694e4a6c895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82580, "scanner": "repobility-ast-engine", "fingerprint": "b954a2b1b09473eb467fb9253235f63688be5298cb6e1648e2edcc2c7047f20a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b954a2b1b09473eb467fb9253235f63688be5298cb6e1648e2edcc2c7047f20a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82579, "scanner": "repobility-ast-engine", "fingerprint": "b130e821ff37986e7c59f7b4c1f8afb1fc625087e6ab4c6c001bdc2a3c52b561", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b130e821ff37986e7c59f7b4c1f8afb1fc625087e6ab4c6c001bdc2a3c52b561"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.subTest` used but never assigned in __init__"}, "properties": {"repobilityId": 82578, "scanner": "repobility-ast-engine", "fingerprint": "9a1755b25654a416cfb7ea40eea5801407d2143135345e30b9d9c73469caddf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a1755b25654a416cfb7ea40eea5801407d2143135345e30b9d9c73469caddf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82577, "scanner": "repobility-ast-engine", "fingerprint": "5933ed14464c8b42d1c8c143eae7eab4a6ff715eea1c078684b850ca151a0c7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5933ed14464c8b42d1c8c143eae7eab4a6ff715eea1c078684b850ca151a0c7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82576, "scanner": "repobility-ast-engine", "fingerprint": "c1f81ac0447c2304b64b3b54e7380e621ba8e25730bd82508e4731c6a34eda6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1f81ac0447c2304b64b3b54e7380e621ba8e25730bd82508e4731c6a34eda6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82575, "scanner": "repobility-ast-engine", "fingerprint": "67229f197159cece6b9e173c370999cf13876f8ed20a9e4ebb3050a7379e32ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67229f197159cece6b9e173c370999cf13876f8ed20a9e4ebb3050a7379e32ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82574, "scanner": "repobility-ast-engine", "fingerprint": "c8252ec2fe0ceb89f0eb8a81762a078092abd6132746ad3c251abdd8cba3ab40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8252ec2fe0ceb89f0eb8a81762a078092abd6132746ad3c251abdd8cba3ab40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82573, "scanner": "repobility-ast-engine", "fingerprint": "6e038e8441dc72ba4109bbb51c4838db9d4dc38bf790843212241dc838313cb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e038e8441dc72ba4109bbb51c4838db9d4dc38bf790843212241dc838313cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.load_callback` used but never assigned in __init__"}, "properties": {"repobilityId": 82572, "scanner": "repobility-ast-engine", "fingerprint": "0c44be6faefec5a0d2a43339b1fd3649ae3698706ace685302a6a314d91801b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c44be6faefec5a0d2a43339b1fd3649ae3698706ace685302a6a314d91801b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 82571, "scanner": "repobility-ast-engine", "fingerprint": "39fc4a7a164db37aedf788ef748bcc9cd98b7b382035d7dba20ab5ec523baaf5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39fc4a7a164db37aedf788ef748bcc9cd98b7b382035d7dba20ab5ec523baaf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 82570, "scanner": "repobility-ast-engine", "fingerprint": "b13238a8736c94d505c9d2406391ba96616ef6957316f6691cf9c58096a65740", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b13238a8736c94d505c9d2406391ba96616ef6957316f6691cf9c58096a65740"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 82569, "scanner": "repobility-ast-engine", "fingerprint": "3be20e3672217acd77b4e51b15c9a292bacf5bd9cad6e42ce7032dc658854349", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3be20e3672217acd77b4e51b15c9a292bacf5bd9cad6e42ce7032dc658854349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82568, "scanner": "repobility-ast-engine", "fingerprint": "8d79832d537811a77d18a4ec4ceb6fe0b18d406a11591ad20efa4af8d2f648ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d79832d537811a77d18a4ec4ceb6fe0b18d406a11591ad20efa4af8d2f648ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 82567, "scanner": "repobility-ast-engine", "fingerprint": "a6637591ead0fef0c011c98e7d251b0bca901cdd5c643bf3ac64fb7cfbe19817", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6637591ead0fef0c011c98e7d251b0bca901cdd5c643bf3ac64fb7cfbe19817"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 82566, "scanner": "repobility-ast-engine", "fingerprint": "9b3961277e37eed24bd88783333cd3da62a90a201950585fb3e0cb482f2a45c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b3961277e37eed24bd88783333cd3da62a90a201950585fb3e0cb482f2a45c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82565, "scanner": "repobility-ast-engine", "fingerprint": "72715ac34c2af0255caa2eccd259b6d4363d12b27ab0fcd291f7b9cbf1bdb8cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72715ac34c2af0255caa2eccd259b6d4363d12b27ab0fcd291f7b9cbf1bdb8cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 82564, "scanner": "repobility-ast-engine", "fingerprint": "550c8335f124303a32f7321daa0a9c2354c3233132530933831f9d84c44b5b51", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|550c8335f124303a32f7321daa0a9c2354c3233132530933831f9d84c44b5b51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertNotIn` used but never assigned in __init__"}, "properties": {"repobilityId": 82563, "scanner": "repobility-ast-engine", "fingerprint": "dd70be55f01192302e42bff11be6a3176e952fca4220ca2a1f7aa2c0e4c74177", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd70be55f01192302e42bff11be6a3176e952fca4220ca2a1f7aa2c0e4c74177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 82562, "scanner": "repobility-ast-engine", "fingerprint": "7c0118029baad77bb176e34f5c6647a25351823aa1bd4ee54c65f4cee3612f92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c0118029baad77bb176e34f5c6647a25351823aa1bd4ee54c65f4cee3612f92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hooks/hermes/tests/test_rtk_rewrite_plugin.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 82649, "scanner": "gitleaks", "fingerprint": "c3fa092947ee9198ebbb58328c24c5b8db1e5e213de5d2149733c35e4ef9b32e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API_KEY\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/cmds/cloud/aws_cmd.rs|202|api_key : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/aws_cmd.rs"}, "region": {"startLine": 2027}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 82648, "scanner": "gitleaks", "fingerprint": "665faf4538b147899318f574b0143038d18a0c909c4f030d814999a535bb72bf", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "nextForwardToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/cmds/cloud/aws_cmd.rs|191|nextforwardtoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/aws_cmd.rs"}, "region": {"startLine": 1915}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 82647, "scanner": "gitleaks", "fingerprint": "01dba0ce5d57e76a790cd9dac14dddae7858062f05d14fa7c1ca7f79ab37acf3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "nextBackwardToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/cmds/cloud/aws_cmd.rs|187|nextbackwardtoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/aws_cmd.rs"}, "region": {"startLine": 1871}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 82646, "scanner": "gitleaks", "fingerprint": "4dd6eadbe7d4018a130b5fc43c6b31b38a7c7460caca4fd162afd8a642f08df4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "nextForwardToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|src/cmds/cloud/aws_cmd.rs|186|nextforwardtoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmds/cloud/aws_cmd.rs"}, "region": {"startLine": 1870}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 82645, "scanner": "gitleaks", "fingerprint": "61447e189416070fd09436cccfd3b119b9cbc46a06602dc12869c29d274f43c1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "nAPI_KEY=<redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|28|napi_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/benchmark/cloud-init.yaml"}, "region": {"startLine": 282}}}]}, {"ruleId": "stripe-access-token", "level": "error", "message": {"text": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."}, "properties": {"repobilityId": 82644, "scanner": "gitleaks", "fingerprint": "f953714637e7f442f30d7a9cf4385e6d49fb7b3f0f360c98ecd876e40caf9688", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED\"", "rule_id": "stripe-access-token", "scanner": "gitleaks", "detector": "stripe-access-token", "correlation_key": "secret|security.md|15|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "SECURITY.md"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.RTK_DOCS_ANTHROPIC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 82610, "scanner": "repobility-supply-chain", "fingerprint": "0f66fbe1abac6ba91b3f7146fd274574858f8d38e33ee2a18cd8e960f88c9d11", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f66fbe1abac6ba91b3f7146fd274574858f8d38e33ee2a18cd8e960f88c9d11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 284}}}]}]}]}