{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /Up"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 6.7% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 6.7% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `whoami` image has no explicit tag", "shortDescription": {"text": "Compose service `whoami` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC107", "name": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (R", "shortDescription": {"text": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (RFC 8996). Most browsers no longer support them. Code requesting these protocols is talking to an attacker-controllable d"}, "fullDescription": {"text": "Use TLSv1.2 minimum, TLSv1.3 preferred. Java: `SSLContext.getInstance(\"TLSv1.2\")`. Python: `ssl.PROTOCOL_TLS_CLIENT` + `MinimumVersion = TLSVersion.TLSv1_2`. Go: `MinVersion: tls.VersionTLS12`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `node:24-alpine3.22` not pinned by digest: `FROM node:24-alpine3.22` resolves the tag at buil", "shortDescription": {"text": "[MINED118] Dockerfile FROM `node:24-alpine3.22` not pinned by digest: `FROM node:24-alpine3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production"}, "fullDescription": {"text": "Replace with: `FROM node:24-alpine3.22@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `(` \u2014 redirects to fork `github.com/containous/go-http-auth`: `replace ( => github.com/contai", "shortDescription": {"text": "[MINED128] go.mod replaces `(` \u2014 redirects to fork `github.com/containous/go-http-auth`: `replace ( => github.com/containous/go-http-auth` overrides the canonical dependency with a different source (redirects to fork `github.com/containous/"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC088", "name": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM r", "shortDescription": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "fullDescription": {"text": "Remove the option. If self-signed certs are required, pin via RootCAs."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC032", "name": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without valida", "shortDescription": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served direc"}, "fullDescription": {"text": "Validate THREE things server-side:\n  1. Extension allowlist:\n       ALLOWED = {'.png', '.jpg', '.pdf'}\n       ext = Path(file.filename).suffix.lower()\n       if ext not in ALLOWED: abort(400)\n  2. Magic-byte check (don't trust the extension):\n       import magic\n       mime = magic.from_buffer(file.read(2048), mime=True)\n  3. Save with a random/UUID filename to a non-executable directory.\nSanitize with `werkzeug.secure_filename`. Never reuse the user's name."}, "properties": {"scanner": "repobility-threat-engine", "category": "file_upload", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.", "shortDescription": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC008", "name": "Compose service mounts the Docker socket", "shortDescription": {"text": "Compose service mounts the Docker socket"}, "fullDescription": {"text": "Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/863"}, "properties": {"repository": "traefik/traefik", "repoUrl": "https://github.com/traefik/traefik", "branch": "master"}, "results": [{"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /Upgrade."}, "properties": {"repobilityId": 78096, "scanner": "repobility-access-control", "fingerprint": "7b79563f9f21451fcd5d425f10713a7497c9cf62b22970c0d12e426ca29bc4ab", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Upgrade", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|pkg/proxy/fast/upgrade.go|98|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/proxy/fast/upgrade.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /Upgrade."}, "properties": {"repobilityId": 78095, "scanner": "repobility-access-control", "fingerprint": "51d2b323ac212619c25d637127490d65429031297fd2de9e0908f309d7ad20d6", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/Upgrade", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|pkg/proxy/httputil/proxy.go|164|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/proxy/httputil/proxy.go"}, "region": {"startLine": 164}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 6.7% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 78094, "scanner": "repobility-access-control", "fingerprint": "525df9dedee18c57e42166e57d7b502ddb2028ae340df59a319b9837f9d6f43e", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 30, "correlation_key": "fp|525df9dedee18c57e42166e57d7b502ddb2028ae340df59a319b9837f9d6f43e", "auth_visible_percent": 6.7}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 78093, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Gin"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `whoami` image has no explicit tag"}, "properties": {"repobilityId": 78092, "scanner": "repobility-docker", "fingerprint": "60d527830eb42bb9e7270f1a1baa57564996ececc0ded08206abe9fc2a1b3174", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "traefik/whoami", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|60d527830eb42bb9e7270f1a1baa57564996ececc0ded08206abe9fc2a1b3174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/basic-example/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `whoami` image has no explicit tag"}, "properties": {"repobilityId": 78090, "scanner": "repobility-docker", "fingerprint": "04c69a046febfb071ef201b978b8ca88260e16d4919e56731d81fce6676f905f", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "traefik/whoami", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|04c69a046febfb071ef201b978b8ca88260e16d4919e56731d81fce6676f905f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `whoami` image has no explicit tag"}, "properties": {"repobilityId": 78088, "scanner": "repobility-docker", "fingerprint": "28d23f5a3a089413949e7b1305f7be3529b312e178b74f570285015105504690", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "traefik/whoami", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|28d23f5a3a089413949e7b1305f7be3529b312e178b74f570285015105504690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-http/docker-compose.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `whoami` image has no explicit tag"}, "properties": {"repobilityId": 78086, "scanner": "repobility-docker", "fingerprint": "4cabcf046789304e94c573b813f870cb42ac30ae82c0c10047b7b2ccbf9144fc", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "traefik/whoami", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4cabcf046789304e94c573b813f870cb42ac30ae82c0c10047b7b2ccbf9144fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 78082, "scanner": "repobility-docker", "fingerprint": "33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.23", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 78081, "scanner": "repobility-agent-runtime", "fingerprint": "aec589c6445d544d2b5629696de8e63aead9f143e8e28186ccfcea8b66295656", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|aec589c6445d544d2b5629696de8e63aead9f143e8e28186ccfcea8b66295656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate.yaml"}, "region": {"startLine": 52}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 78080, "scanner": "repobility-agent-runtime", "fingerprint": "4791cc1fd6d2954fc068b0dd92ec3343e68abb15446cb4d45cf612bf83e4b957", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4791cc1fd6d2954fc068b0dd92ec3343e68abb15446cb4d45cf612bf83e4b957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/documentation.yaml"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC107", "level": "warning", "message": {"text": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (RFC 8996). Most browsers no longer support them. Code requesting these protocols is talking to an attacker-controllable downgrade target."}, "properties": {"repobilityId": 78037, "scanner": "repobility-threat-engine", "fingerprint": "1c9a40ebcebc328fd7d4509f3fbcd6e4bad975b8870d7862e1d22430a3afb739", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tls.VersionTLS10", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC107", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|pkg/tls/version.go|9|sec107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/tls/version.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC107", "level": "warning", "message": {"text": "[SEC107] Weak TLS version requested (TLSv1.0, TLSv1.1, SSLv3, SSLv2): TLS 1.0 and 1.1 were deprecated by IETF in 2021 (RFC 8996). Most browsers no longer support them. Code requesting these protocols is talking to an attacker-controllable downgrade target."}, "properties": {"repobilityId": 78036, "scanner": "repobility-threat-engine", "fingerprint": "d3a2b25a610f6326766ca14e1f12b4f30ec34732c0deffd58f6f5513b05f732f", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tls.VersionTLS10", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC107", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|pkg/tls/certificate.go|18|sec107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/tls/certificate.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 78018, "scanner": "repobility-threat-engine", "fingerprint": "b2f5f2b204183bfe709ee0dfb2d648545bb1cd95bb0e34053c2e04d2a491d36b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|10|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/ratelimiter/lua.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 78013, "scanner": "repobility-threat-engine", "fingerprint": "105129f815422e8f3ece69f54baa600471fb3705bd6b67c2878613c400cfa27b", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(bw, l)\n\t}\n\tif err := bw.Flush(); err != nil {\n\t\t_ = wf.Close()\n\t\treturn err\n\t}\n\treturn", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|105129f815422e8f3ece69f54baa600471fb3705bd6b67c2878613c400cfa27b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anchors.go"}, "region": {"startLine": 254}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 78097, "scanner": "repobility-web-presence", "fingerprint": "8ec093f1e318218088c801ff9b4f931311de495f40b50bb807b92a70822f3ea9", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|8ec093f1e318218088c801ff9b4f931311de495f40b50bb807b92a70822f3ea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/expose/docker/basic.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 78083, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78079, "scanner": "repobility-ai-code-hygiene", "fingerprint": "166bbb0d94fdbee41de2ce2167f187a894b0f8485966ba2423dfff975f6d305f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/ingress-nginx/client.go", "duplicate_line": 2, "correlation_key": "fp|166bbb0d94fdbee41de2ce2167f187a894b0f8485966ba2423dfff975f6d305f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/ingress/client.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78078, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9518d344be95e61d21169ec035fe2d19806228dae48ebc64ff73494ffad3b8e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/crd/client.go", "duplicate_line": 86, "correlation_key": "fp|9518d344be95e61d21169ec035fe2d19806228dae48ebc64ff73494ffad3b8e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/ingress-nginx/client.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78077, "scanner": "repobility-ai-code-hygiene", "fingerprint": "532c1d4ccb20a5bebc87e4e00b02694d7c8ce4ede227a9e48df26336573d2738", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/gateway/tcproute.go", "duplicate_line": 83, "correlation_key": "fp|532c1d4ccb20a5bebc87e4e00b02694d7c8ce4ede227a9e48df26336573d2738"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/gateway/tlsroute.go"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78076, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78639ce305a554acfaebd8fec8e7252182950f29b643b8d23a89c8c1f09d23ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/gateway/grpcroute.go", "duplicate_line": 31, "correlation_key": "fp|78639ce305a554acfaebd8fec8e7252182950f29b643b8d23a89c8c1f09d23ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/gateway/tlsroute.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78075, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c144bfc4d89e24c07226bdf662213cfa742fcd8e51727059ffb91af2af2e2a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/gateway/grpcroute.go", "duplicate_line": 38, "correlation_key": "fp|3c144bfc4d89e24c07226bdf662213cfa742fcd8e51727059ffb91af2af2e2a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/gateway/tcproute.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78074, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7148f766a414216eecf1180e4af6710700b0374b276f030e024b2d890a6d813c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/gateway/grpcroute.go", "duplicate_line": 29, "correlation_key": "fp|7148f766a414216eecf1180e4af6710700b0374b276f030e024b2d890a6d813c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/gateway/httproute.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78073, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de6efb488f104feb898b05efc82dc9d1772a082c000b7152b8abc43096a3ea79", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/crd/client.go", "duplicate_line": 83, "correlation_key": "fp|de6efb488f104feb898b05efc82dc9d1772a082c000b7152b8abc43096a3ea79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/gateway/client.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78072, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b28d8f85abc9b283b5c0fe3850e990979a1dad33c33a021f959bcb997a79067b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/crd/kubernetes_http.go", "duplicate_line": 486, "correlation_key": "fp|b28d8f85abc9b283b5c0fe3850e990979a1dad33c33a021f959bcb997a79067b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/crd/kubernetes_udp.go"}, "region": {"startLine": 145}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78071, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a4e8eee5bdfab23dbda6a06c4b2401d960f5ffb0e5ba2adf4fbbce97c34f1b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/crd/kubernetes_tcp.go", "duplicate_line": 155, "correlation_key": "fp|6a4e8eee5bdfab23dbda6a06c4b2401d960f5ffb0e5ba2adf4fbbce97c34f1b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/crd/kubernetes_udp.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78070, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39d4c8f11655a6ddc0c3b27274d4b0a9065ed3170dffab556753305999729f17", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/kubernetes/crd/kubernetes_http.go", "duplicate_line": 486, "correlation_key": "fp|39d4c8f11655a6ddc0c3b27274d4b0a9065ed3170dffab556753305999729f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/kubernetes/crd/kubernetes_tcp.go"}, "region": {"startLine": 214}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78069, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ea68d8a9bb5165eeb1d153e5549e4d476b5f1791bcdd287fb9298e3fcc61bc9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/docker/pdocker.go", "duplicate_line": 29, "correlation_key": "fp|7ea68d8a9bb5165eeb1d153e5549e4d476b5f1791bcdd287fb9298e3fcc61bc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/ecs/ecs.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78068, "scanner": "repobility-ai-code-hygiene", "fingerprint": "857f601ea0943deedfae75a7b60697f3dfad76bb2a074d70dc339b1178dcba1b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/docker/config.go", "duplicate_line": 221, "correlation_key": "fp|857f601ea0943deedfae75a7b60697f3dfad76bb2a074d70dc339b1178dcba1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/ecs/config.go"}, "region": {"startLine": 201}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78067, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5db0c8ccb93b4393df39a590370bff2b66627cffde787db760cb69d4d525b68e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/provider/docker/pdocker.go", "duplicate_line": 111, "correlation_key": "fp|5db0c8ccb93b4393df39a590370bff2b66627cffde787db760cb69d4d525b68e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/docker/pswarm.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78066, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e4b5b220508b3b60b51460575d1b26481c8047224571c11d4d1d89577b3dd15", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/middlewares/observability/observability.go", "duplicate_line": 61, "correlation_key": "fp|6e4b5b220508b3b60b51460575d1b26481c8047224571c11d4d1d89577b3dd15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/observability/tracing/tracing.go"}, "region": {"startLine": 222}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78065, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60c36ec6107b27affe180cada2f9d17b1084523d17e26e5c577c5d914b9cc3fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/middlewares/stripprefix/strip_prefix.go", "duplicate_line": 68, "correlation_key": "fp|60c36ec6107b27affe180cada2f9d17b1084523d17e26e5c577c5d914b9cc3fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/stripprefixregex/strip_prefix_regex.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78064, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e429459d5ca3b6c96c484249c32dabfdbf36dd81329b8fb75de09e2f51946d33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/middlewares/redirect/redirect_regex.go", "duplicate_line": 20, "correlation_key": "fp|e429459d5ca3b6c96c484249c32dabfdbf36dd81329b8fb75de09e2f51946d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/redirect/redirect_scheme.go"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78063, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2818af72524763511ff2d1d9b23b5662509e21b892c7c37a4dd693a375f88579", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/middlewares/ipallowlist/ip_allowlist.go", "duplicate_line": 2, "correlation_key": "fp|2818af72524763511ff2d1d9b23b5662509e21b892c7c37a4dd693a375f88579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/ipwhitelist/ip_whitelist.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78062, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a7748b56dd2bf1be0e9d00daaf3702221bedcebe71db95f6a4970c585146dfa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/middlewares/auth/connectionheader.go", "duplicate_line": 12, "correlation_key": "fp|1a7748b56dd2bf1be0e9d00daaf3702221bedcebe71db95f6a4970c585146dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/ingressnginx/snippet/connectionheader.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78061, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1c62f80a7718d73f4b5dd4ccd4c16a6609506978e8e63e7b67e7b3023b055a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/healthcheck/healthcheck.go", "duplicate_line": 54, "correlation_key": "fp|f1c62f80a7718d73f4b5dd4ccd4c16a6609506978e8e63e7b67e7b3023b055a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/healthcheck/healthcheck_tcp.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78060, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c0693ed20bd85dd98d82d9f0ca489ef3f144e3396d1344ee902d0d2f4e7c012", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/config/runtime/runtime_http.go", "duplicate_line": 63, "correlation_key": "fp|5c0693ed20bd85dd98d82d9f0ca489ef3f144e3396d1344ee902d0d2f4e7c012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/runtime/runtime_udp.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78059, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e9cb5c4560c128af8ef4e5ed50aa626a75688b8875eb10986d2e140d9cc40ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/config/runtime/runtime_http.go", "duplicate_line": 63, "correlation_key": "fp|5e9cb5c4560c128af8ef4e5ed50aa626a75688b8875eb10986d2e140d9cc40ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/runtime/runtime_tcp.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78058, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28cc0423ed99f1adeca96a48122134dda51cca99f6c2246b55d4c4bf1e8ff203", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/config/dynamic/http_config.go", "duplicate_line": 246, "correlation_key": "fp|28cc0423ed99f1adeca96a48122134dda51cca99f6c2246b55d4c4bf1e8ff203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/dynamic/udp_config.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78057, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9dad55934c4e607ca72775159cb6146217b3f63c8e3e31ba879d90ed53e4f0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/config/dynamic/tcp_config.go", "duplicate_line": 64, "correlation_key": "fp|f9dad55934c4e607ca72775159cb6146217b3f63c8e3e31ba879d90ed53e4f0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/dynamic/udp_config.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78056, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0367075d3a907159f7ca0c55e52a52c6ef172fcea26f36634006c3af9b9303b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/config/dynamic/http_config.go", "duplicate_line": 246, "correlation_key": "fp|b0367075d3a907159f7ca0c55e52a52c6ef172fcea26f36634006c3af9b9303b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/dynamic/tcp_config.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78055, "scanner": "repobility-ai-code-hygiene", "fingerprint": "580a29ca7ce010bdd90701cb398dd678749d5ad0b46fd00affc4b5ce2f747381", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_entrypoint.go", "duplicate_line": 27, "correlation_key": "fp|580a29ca7ce010bdd90701cb398dd678749d5ad0b46fd00affc4b5ce2f747381"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_udp.go"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78054, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9ae2ac0bbd181f067877ed27f0d90b3568ddf172d18627d89da9a742962fdbb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_http.go", "duplicate_line": 65, "correlation_key": "fp|f9ae2ac0bbd181f067877ed27f0d90b3568ddf172d18627d89da9a742962fdbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_udp.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78053, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85cdcbf7d846cc5db030d90fddad31ec670c7ca02b8ad387bbd28ff853b2f5d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_tcp.go", "duplicate_line": 1, "correlation_key": "fp|85cdcbf7d846cc5db030d90fddad31ec670c7ca02b8ad387bbd28ff853b2f5d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_udp.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78052, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5134ffef3f12363246bb9af51b4a4d54ad691d44ed980a3594b08fd7f920d11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_entrypoint.go", "duplicate_line": 27, "correlation_key": "fp|d5134ffef3f12363246bb9af51b4a4d54ad691d44ed980a3594b08fd7f920d11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_tcp.go"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78051, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5493a56204f04572022d8f676a9d068807b6246673cf179322a74aaff47328ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_http.go", "duplicate_line": 65, "correlation_key": "fp|5493a56204f04572022d8f676a9d068807b6246673cf179322a74aaff47328ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_tcp.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 78050, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94324271ebe4c3a9bd48de5b66d48363cf2567660cc6bc4cc030a4c6bbcef813", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/api/handler_entrypoint.go", "duplicate_line": 27, "correlation_key": "fp|94324271ebe4c3a9bd48de5b66d48363cf2567660cc6bc4cc030a4c6bbcef813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/api/handler_http.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 78049, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51bb8742b7e958c6f6eeebbda155543a7d894f2abd8243af7b03d8e89fd234aa", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|51bb8742b7e958c6f6eeebbda155543a7d894f2abd8243af7b03d8e89fd234aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/gatewayapi/urlrewrite/url_rewrite.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 77999, "scanner": "repobility-threat-engine", "fingerprint": "74644bcb0a96df8ddd534dbccaef61d40e174990f2f5c50f6d5e7321b8e5f587", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = cmd.PrintHelp(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|74644bcb0a96df8ddd534dbccaef61d40e174990f2f5c50f6d5e7321b8e5f587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cli/loader_file.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 77998, "scanner": "repobility-threat-engine", "fingerprint": "1afc46377b7d0c2e4561285c86f13b04246ad093acc7eb6a2cf6e40da380b9ac", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = f.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1afc46377b7d0c2e4561285c86f13b04246ad093acc7eb6a2cf6e40da380b9ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/anchors.go"}, "region": {"startLine": 192}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 77997, "scanner": "repobility-threat-engine", "fingerprint": "9502e913a1a194e300ca9a4208e0bd8a8493a058134ca096f4729bac529492f1", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.OpenFile(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9502e913a1a194e300ca9a4208e0bd8a8493a058134ca096f4729bac529492f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/traefik/logger.go"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 78048, "scanner": "repobility-threat-engine", "fingerprint": "e3388b234273f4a2e74e16f8adc875a3f1486e18f190fcdf1616eb27c8e71c32", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e3388b234273f4a2e74e16f8adc875a3f1486e18f190fcdf1616eb27c8e71c32", "aggregated_count": 1}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 78047, "scanner": "repobility-threat-engine", "fingerprint": "1d0ebc35bfb02f78e1279a3097479118388b26a7b88bdcd64648680cfaed68c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d0ebc35bfb02f78e1279a3097479118388b26a7b88bdcd64648680cfaed68c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/resources/GenericTable.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 78046, "scanner": "repobility-threat-engine", "fingerprint": "e79e9d1326c74df9cb2da436bba67686b826ae02adf77adb8cb374a2b8993c20", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e79e9d1326c74df9cb2da436bba67686b826ae02adf77adb8cb374a2b8993c20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/resources/DetailsCard.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 78045, "scanner": "repobility-threat-engine", "fingerprint": "841f31ac5f1fee7b986d4597c5983801edb0f216d1c6e96c7952c5e5d902b641", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|841f31ac5f1fee7b986d4597c5983801edb0f216d1c6e96c7952c5e5d902b641"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/resources/DetailItemComponents.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 78044, "scanner": "repobility-threat-engine", "fingerprint": "f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "aggregated_count": 2}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 78043, "scanner": "repobility-threat-engine", "fingerprint": "ec443e27783041c7aa3b181121a6fee082777b726bf3a8983cfff4f80fcfedca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec443e27783041c7aa3b181121a6fee082777b726bf3a8983cfff4f80fcfedca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/pages/hub-demo/use-hub-demo.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 78042, "scanner": "repobility-threat-engine", "fingerprint": "c2c3683d9c2eea05a2629ee8fc49741f85f42caca7bf123db363417ac6273bf0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2c3683d9c2eea05a2629ee8fc49741f85f42caca7bf123db363417ac6273bf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/contexts/version.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 78041, "scanner": "repobility-threat-engine", "fingerprint": "1bde81dfa66b88775dea19620c3785806e30c17bc786ebbeb5dacb9b3a6c6b9a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1bde81dfa66b88775dea19620c3785806e30c17bc786ebbeb5dacb9b3a6c6b9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/middlewares/RenderUnknownProp.tsx"}, "region": {"startLine": 72}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 78038, "scanner": "repobility-threat-engine", "fingerprint": "65ed0c02e742d8f6f34cbb59e94a3164ec6b414ec4fd3193b937f47cebf6b4b9", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|119|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/public/mockServiceWorker.js"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 78029, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 78020, "scanner": "repobility-threat-engine", "fingerprint": "473411a172b8668ee2f891f9acbd6b85204fe759725e870e30fd53a6a66633e4", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".Eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|pkg/plugins/providers.go|91|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/plugins/providers.go"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 78019, "scanner": "repobility-threat-engine", "fingerprint": "9f2bb6e3292cfb7c8a84e991974a3465083d22361de9ee81185a2dbc841831f6", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".Eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|33|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/plugins/middlewareyaegi.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 78017, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 78016, "scanner": "repobility-threat-engine", "fingerprint": "9f0d0300ba548a0b9e3f8bce9471535c2d58d6bdd1d352986e54b56cc480f922", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f0d0300ba548a0b9e3f8bce9471535c2d58d6bdd1d352986e54b56cc480f922"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/icons/SortIcon.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 78015, "scanner": "repobility-threat-engine", "fingerprint": "48e962a246de56f1da85fa2cce2c04f7969b04437a2a7b8f44758c6a1394d536", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|48e962a246de56f1da85fa2cce2c04f7969b04437a2a7b8f44758c6a1394d536"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/icons/PluginsIcon.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 78014, "scanner": "repobility-threat-engine", "fingerprint": "9982cd107ba35a5ca5e1e3d1440fd9758b0e755701fc5adb3a4536800e6e6b71", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9982cd107ba35a5ca5e1e3d1440fd9758b0e755701fc5adb3a4536800e6e6b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/customerrors/custom_errors.go"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 78012, "scanner": "repobility-threat-engine", "fingerprint": "9b3140f1a544f1ef1e4ee1c8fe4f37d0e07d4cf440fa514118050d9d52cbc42e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9b3140f1a544f1ef1e4ee1c8fe4f37d0e07d4cf440fa514118050d9d52cbc42e", "aggregated_count": 4}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 78011, "scanner": "repobility-threat-engine", "fingerprint": "48d4a7fb739eba88d436c8ae1e5ba3663fe207ba65983468536e72fe591b58d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|48d4a7fb739eba88d436c8ae1e5ba3663fe207ba65983468536e72fe591b58d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/recovery/recovery.go"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 78010, "scanner": "repobility-threat-engine", "fingerprint": "0c74827e7d0292f77e4529ab56a2a1e9b2817fdfa649fa5e3564934d274d6160", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c74827e7d0292f77e4529ab56a2a1e9b2817fdfa649fa5e3564934d274d6160"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/config/dynamic/plugins.go"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 78009, "scanner": "repobility-threat-engine", "fingerprint": "7a9329290ba7c142a801776adf1c0f4cc28f1d4c99635036c3f448fc15a2b8d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a9329290ba7c142a801776adf1c0f4cc28f1d4c99635036c3f448fc15a2b8d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/try/try.go"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 78008, "scanner": "repobility-threat-engine", "fingerprint": "0932b128668cfa71813e5e0027689a545161f67e115adde8f517d6b1ab877df8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0932b128668cfa71813e5e0027689a545161f67e115adde8f517d6b1ab877df8", "aggregated_count": 22}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 78007, "scanner": "repobility-threat-engine", "fingerprint": "fafdcbd64cbc550a22ae6299c4d2a38260596c6b6e6bbc2ceb1e504d00f38921", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fafdcbd64cbc550a22ae6299c4d2a38260596c6b6e6bbc2ceb1e504d00f38921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/replacepathregex/replace_path_regex.go"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 78006, "scanner": "repobility-threat-engine", "fingerprint": "370075bb8e725958714738d57550d3d35a2d5c9d3ddf34a15e352c3f195149e2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|370075bb8e725958714738d57550d3d35a2d5c9d3ddf34a15e352c3f195149e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/replacepath/replace_path.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 78005, "scanner": "repobility-threat-engine", "fingerprint": "5b606e675beee840592cb0748f1e97d140cb0293536e43ae133b85eeb9d7e56d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b606e675beee840592cb0748f1e97d140cb0293536e43ae133b85eeb9d7e56d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/try/condition.go"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 78004, "scanner": "repobility-threat-engine", "fingerprint": "5b1cabf7a791b77c7fc5bfa05795b9ee2924995a8203f26cdbafaf54eee5cd0b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5b1cabf7a791b77c7fc5bfa05795b9ee2924995a8203f26cdbafaf54eee5cd0b", "aggregated_count": 6}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 78000, "scanner": "repobility-threat-engine", "fingerprint": "a4ec8d1f070617d303fae0e938ced99f0d7ca2873961e2016c3420c96d0864a0", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a4ec8d1f070617d303fae0e938ced99f0d7ca2873961e2016c3420c96d0864a0"}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:24-alpine3.22` not pinned by digest: `FROM node:24-alpine3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 78103, "scanner": "repobility-supply-chain", "fingerprint": "c0d14767559a1e0800bf60e3f647a6b8f950b89c086099afa47b16c997937e10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c0d14767559a1e0800bf60e3f647a6b8f950b89c086099afa47b16c997937e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/buildx.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.23` not pinned by digest: `FROM alpine:3.23` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 78102, "scanner": "repobility-supply-chain", "fingerprint": "9a5ee34364424a06d0b2947104c36861462feec62d923c3cc1ee4e8cbfee2abb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a5ee34364424a06d0b2947104c36861462feec62d923c3cc1ee4e8cbfee2abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/check.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.23` not pinned by digest: `FROM alpine:3.23` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 78101, "scanner": "repobility-supply-chain", "fingerprint": "a0887310c57a73e7608fb7bcd5604f8c05c85b58c9c1e0a61471692581663103", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0887310c57a73e7608fb7bcd5604f8c05c85b58c9c1e0a61471692581663103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/docs.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `(` \u2014 redirects to fork `github.com/containous/go-http-auth`: `replace ( => github.com/containous/go-http-auth` overrides the canonical dependency with a different source (redirects to fork `github.com/containous/go-http-auth`). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 78100, "scanner": "repobility-supply-chain", "fingerprint": "cb86998d3f17ff1343a9f0b37ed8fd64258768a53def943010c49daf87f4b5b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb86998d3f17ff1343a9f0b37ed8fd64258768a53def943010c49daf87f4b5b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/traefik/traefik/dynamic/ext` \u2014 points to a LOCAL path: `replace github.com/traefik/traefik/dynamic/ext => ./pkg/config/dynamic/ext` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 78099, "scanner": "repobility-supply-chain", "fingerprint": "a93777de1ac9666c4d9ce289d29a58dc41750a08f83243360c4a66e497d4a85f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a93777de1ac9666c4d9ce289d29a58dc41750a08f83243360c4a66e497d4a85f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.23` not pinned by digest: `FROM alpine:3.23` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 78098, "scanner": "repobility-supply-chain", "fingerprint": "e09e52df020fa4addd23f741052879c88297b583b8c96a919e7c3cf8d1c3842c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e09e52df020fa4addd23f741052879c88297b583b8c96a919e7c3cf8d1c3842c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 78040, "scanner": "repobility-threat-engine", "fingerprint": "8b955b0c22e47ae9fa0fae80261fd6bb6526778720a2c9dad96eb7eb2a67515f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((r) => `${basePath}${r}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b955b0c22e47ae9fa0fae80261fd6bb6526778720a2c9dad96eb7eb2a67515f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/pages/hub-demo/use-hub-demo.tsx"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 78039, "scanner": "repobility-threat-engine", "fingerprint": "0b7fbff5d8c2165103f8499df1205e8be04ee722036784673294c1c136e0c78b", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((x) => `${x[0]} \u2192 ${x[1]}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b7fbff5d8c2165103f8499df1205e8be04ee722036784673294c1c136e0c78b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/src/components/middlewares/RenderUnknownProp.tsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 78035, "scanner": "repobility-threat-engine", "fingerprint": "44edd2fab6d4882bfb56160987a213a1ca83161a772e9802ab26d734c3f61f08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44edd2fab6d4882bfb56160987a213a1ca83161a772e9802ab26d734c3f61f08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/consulcatalog/connect_tls.go"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC088", "level": "error", "message": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "properties": {"repobilityId": 78034, "scanner": "repobility-threat-engine", "fingerprint": "ff4edcac638e5bbe28c3afeb70fd9e6842ef178c651242a227bfd5708699b6b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "InsecureSkipVerify: true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC088", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff4edcac638e5bbe28c3afeb70fd9e6842ef178c651242a227bfd5708699b6b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/consulcatalog/connect_tls.go"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 78033, "scanner": "repobility-threat-engine", "fingerprint": "0ce15a0b9f7ca471efbbbb3586965e2c187961ee073ea9734bbf8e29605a8f63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "activeClientIds.delete(clientId)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ce15a0b9f7ca471efbbbb3586965e2c187961ee073ea9734bbf8e29605a8f63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/public/mockServiceWorker.js"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 78032, "scanner": "repobility-threat-engine", "fingerprint": "00c82c5be22f0ae3de875d2f53689dfe75a6043fad7e64c5e1c967db42a4daa8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "b.fastProxyBuilder.Update(newConfigs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|00c82c5be22f0ae3de875d2f53689dfe75a6043fad7e64c5e1c967db42a4daa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/proxy/smart_builder.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 78031, "scanner": "repobility-threat-engine", "fingerprint": "cbc3356e3083dd02293f0ece349ed391668838476efcdbd685beea0f98961046", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "s.save(resolverName, storedData)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cbc3356e3083dd02293f0ece349ed391668838476efcdbd685beea0f98961046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/acme/local_store.go"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC032", "level": "error", "message": {"text": "[SEC032] Unrestricted File Upload \u2014 no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs."}, "properties": {"repobilityId": 78030, "scanner": "repobility-threat-engine", "fingerprint": "c8019056e441834b855d5e2a78487576211700d840b8652742844a664db4d0ff", "category": "file_upload", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Open(s.filename)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC032", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c8019056e441834b855d5e2a78487576211700d840b8652742844a664db4d0ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/provider/acme/local_store.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 78028, "scanner": "repobility-threat-engine", "fingerprint": "a4857b695b9744ea78d0c66ab020657211cb9cc9777b3b69b90b50df113b021c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a4857b695b9744ea78d0c66ab020657211cb9cc9777b3b69b90b50df113b021c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/redirect/redirect_scheme.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 78027, "scanner": "repobility-threat-engine", "fingerprint": "a00eb6d2176cd19b3b40cec602dea5b30247035a4624ab939f6ba18a85ea4f68", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a00eb6d2176cd19b3b40cec602dea5b30247035a4624ab939f6ba18a85ea4f68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/redirect/redirect_regex.go"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 78026, "scanner": "repobility-threat-engine", "fingerprint": "8b7c6567cd32aef2595c9d7842e80498a8e3081eef5001d84bdb891b3b09f483", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b7c6567cd32aef2595c9d7842e80498a8e3081eef5001d84bdb891b3b09f483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/redirect/redirect.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 78025, "scanner": "repobility-threat-engine", "fingerprint": "311060a04427d567bad180bda20f5b0e5f7f1a5aefac777fd5a4cbf1b032cd79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|311060a04427d567bad180bda20f5b0e5f7f1a5aefac777fd5a4cbf1b032cd79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/safe/routine.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 78024, "scanner": "repobility-threat-engine", "fingerprint": "8a0a7234ead07fbb0ad2bb9f68f246b8d6dc38f55ceae4437a8540314d0cc4ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a0a7234ead07fbb0ad2bb9f68f246b8d6dc38f55ceae4437a8540314d0cc4ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/plugins/providers.go"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 78023, "scanner": "repobility-threat-engine", "fingerprint": "10477d39f8d4d20ed4bb461ec1cd3d2779e14cce293fa0b06a6b00d92738588b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10477d39f8d4d20ed4bb461ec1cd3d2779e14cce293fa0b06a6b00d92738588b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/recovery/recovery.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 78022, "scanner": "repobility-threat-engine", "fingerprint": "2431f8cace367e3727b9abf3c272b337ff8637cb27015f35ee1cea78b31a0717", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2431f8cace367e3727b9abf3c272b337ff8637cb27015f35ee1cea78b31a0717"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/server/cookie/cookie.go"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 78021, "scanner": "repobility-threat-engine", "fingerprint": "df3cd3a1eca1ad6a6f1bab0e2e675ce570e87127e5543d2152680af629a6fc21", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|df3cd3a1eca1ad6a6f1bab0e2e675ce570e87127e5543d2152680af629a6fc21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/ratelimiter/lua.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 78003, "scanner": "repobility-threat-engine", "fingerprint": "97a64e6fb04f9ea801759e7445c067b6411c1da3b69203b3578e8a9d7b03bd61", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97a64e6fb04f9ea801759e7445c067b6411c1da3b69203b3578e8a9d7b03bd61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/plugins/providers.go"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 78002, "scanner": "repobility-threat-engine", "fingerprint": "e380e7096c09b3d8214bcf12d8aeb5673005063e394faf44a5346177ce7181ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e380e7096c09b3d8214bcf12d8aeb5673005063e394faf44a5346177ce7181ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/middlewares/accesslog/logger_formatters.go"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 78001, "scanner": "repobility-threat-engine", "fingerprint": "d9aa244d654ff4df59932160beab0848bdd061949caff84c8b77036b155aa946", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9aa244d654ff4df59932160beab0848bdd061949caff84c8b77036b155aa946"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/try/condition.go"}, "region": {"startLine": 198}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 78091, "scanner": "repobility-docker", "fingerprint": "43884dc824ef7ea681896718de3dee35e8c8fd721f1c51f4c6bf2221194125a1", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "traefik", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|43884dc824ef7ea681896718de3dee35e8c8fd721f1c51f4c6bf2221194125a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/basic-example/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 78089, "scanner": "repobility-docker", "fingerprint": "d784cea881d6e8e4c86472f5041ebf3d98a3697cf8860cd90544b6013f725f12", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "traefik", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d784cea881d6e8e4c86472f5041ebf3d98a3697cf8860cd90544b6013f725f12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 78087, "scanner": "repobility-docker", "fingerprint": "a6a7ad957dde6bd3fe219fa59f62653124ae1fa533d70265f73533f7c1bcf38d", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "traefik", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a6a7ad957dde6bd3fe219fa59f62653124ae1fa533d70265f73533f7c1bcf38d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-http/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 78085, "scanner": "repobility-docker", "fingerprint": "60cd98784259aed91ff052283fa1bff464a33c3e699759886e66757d84ad7a12", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "traefik", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|60cd98784259aed91ff052283fa1bff464a33c3e699759886e66757d84ad7a12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 78084, "scanner": "repobility-docker", "fingerprint": "6fad7af68d017c1c8847e137a4d1dda91c19499fbd0421bd49a810af818c31bc", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "traefik", "variable": "OVH_APPLICATION_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|6fad7af68d017c1c8847e137a4d1dda91c19499fbd0421bd49a810af818c31bc", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml"}, "region": {"startLine": 2}}}]}]}]}