{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DEPCUR-GHA", "name": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)", "shortDescription": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "fullDescription": {"text": "`uses: actions/checkout@v4` is 2 major version(s) behind the latest published release v6.0.3. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 518 lines (recommend <300)", "shortDescription": {"text": "Average file size is 518 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`", "shortDescription": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "fullDescription": {"text": "`uses: dtolnay/rust-toolchain@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/857"}, "properties": {"repository": "BurntSushi/ripgrep", "repoUrl": "https://github.com/BurntSushi/ripgrep", "branch": "master"}, "results": [{"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 77264, "scanner": "repobility-dependency-currency", "fingerprint": "12748a1e7a990ea3921509418f0ae7be712aceb1ab51879d412d5282115b27ad", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|12748a1e7a990ea3921509418f0ae7be712aceb1ab51879d412d5282115b27ad", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 77263, "scanner": "repobility-dependency-currency", "fingerprint": "8210ae281095c602a620af8d7389fa5b748839c1cc608ac52e3477d67853aa5f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|8210ae281095c602a620af8d7389fa5b748839c1cc608ac52e3477d67853aa5f", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 120}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 518 lines (recommend <300)"}, "properties": {"repobilityId": 77244, "scanner": "repobility-core", "fingerprint": "0f268869dc7531b3806c8d5a74ef41787c7a87df0b2eac81f3071bc1b119cf5f", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|0f268869dc7531b3806c8d5a74ef41787c7a87df0b2eac81f3071bc1b119cf5f"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 77247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d13880a004e63db7e35da21523553164346f13ed7f7101460f0be3e50ec68974", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/printer/src/macros.rs", "duplicate_line": 2, "correlation_key": "fp|d13880a004e63db7e35da21523553164346f13ed7f7101460f0be3e50ec68974"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/macros.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 77246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "291af9d988423f65da255dab9339a13be244a69ba0b8e0ac6d18e106c97d7bac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/pcre2/src/matcher.rs", "duplicate_line": 172, "correlation_key": "fp|291af9d988423f65da255dab9339a13be244a69ba0b8e0ac6d18e106c97d7bac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/regex/src/matcher.rs"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 77245, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d9eedaee6af1308b2b657e9076b78c263d2bac9c2cd1095cbc2fb3d5fbb5273", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/printer/src/json.rs", "duplicate_line": 269, "correlation_key": "fp|9d9eedaee6af1308b2b657e9076b78c263d2bac9c2cd1095cbc2fb3d5fbb5273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/printer/src/summary.rs"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 77276, "scanner": "repobility-threat-engine", "fingerprint": "da08569eb363c1e2295bfcacf906152f372df3919d8b4808b7a0c0881c3b8f42", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|da08569eb363c1e2295bfcacf906152f372df3919d8b4808b7a0c0881c3b8f42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/searcher/src/macros.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 77275, "scanner": "repobility-threat-engine", "fingerprint": "274edd97efd936e96c7f9f2c1b3b059fe94e9298d642a6a3f2cb10ec62e53b6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|274edd97efd936e96c7f9f2c1b3b059fe94e9298d642a6a3f2cb10ec62e53b6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/printer/src/macros.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 77274, "scanner": "repobility-threat-engine", "fingerprint": "9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9165cfb92f23c82d748ff2e396f6ce1906a33fc59330ee3ce89bc7aac0698e97", "aggregated_count": 1}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 77273, "scanner": "repobility-threat-engine", "fingerprint": "72c78e0f1508fb595b5147be72e28bf020032e7405dfd98d10da11e59ef91495", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72c78e0f1508fb595b5147be72e28bf020032e7405dfd98d10da11e59ef91495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/core/flags/doc/help.rs"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 77272, "scanner": "repobility-threat-engine", "fingerprint": "1978dd63c464a0932aec6856cd651fb98113fd9a670293ccfc07f2e46b1032ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1978dd63c464a0932aec6856cd651fb98113fd9a670293ccfc07f2e46b1032ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/process.rs"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 77271, "scanner": "repobility-threat-engine", "fingerprint": "99a8973fdf3980f2841ce16f9e16fbeedad2eff90947c9e9702a7478300312b1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99a8973fdf3980f2841ce16f9e16fbeedad2eff90947c9e9702a7478300312b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/pattern.rs"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 77270, "scanner": "repobility-threat-engine", "fingerprint": "787fb278a893b0b4961b38dc1e94496974ea4d3b75f1d0c8012fa705730fb66d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|787fb278a893b0b4961b38dc1e94496974ea4d3b75f1d0c8012fa705730fb66d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/searcher/src/searcher/mmap.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 77269, "scanner": "repobility-threat-engine", "fingerprint": "8a1a03c8de0ddfee34118cde5c7d31004e155edc429f7cbe10230a16c1b28842", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a1a03c8de0ddfee34118cde5c7d31004e155edc429f7cbe10230a16c1b28842"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/hostname.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 77268, "scanner": "repobility-threat-engine", "fingerprint": "01ea48ccde960d826736e10dc92ff9485d342976b2b1cfee4f616935d660f870", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|01ea48ccde960d826736e10dc92ff9485d342976b2b1cfee4f616935d660f870", "aggregated_count": 15}}}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 77267, "scanner": "repobility-threat-engine", "fingerprint": "b7cef939e180a7426158e72511c8e1f0ad69833b9f486e6d6625c9937ab2469e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7cef939e180a7426158e72511c8e1f0ad69833b9f486e6d6625c9937ab2469e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/process.rs"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 77266, "scanner": "repobility-threat-engine", "fingerprint": "803fdadb18f29fb039f3879a7f7096fc617212bab97b1bf3ed385bd523bd885a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|803fdadb18f29fb039f3879a7f7096fc617212bab97b1bf3ed385bd523bd885a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/human.rs"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 77265, "scanner": "repobility-threat-engine", "fingerprint": "793f1a5cb87b0bef6f6dc079952bb75b7f24a5e40f04a7a50e175373828e60cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|793f1a5cb87b0bef6f6dc079952bb75b7f24a5e40f04a7a50e175373828e60cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/hostname.rs"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77262, "scanner": "repobility-supply-chain", "fingerprint": "8e1234a4a656104d71ff1d73d583885a715b96cff7f31c0a7c0c46bcccbe602a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e1234a4a656104d71ff1d73d583885a715b96cff7f31c0a7c0c46bcccbe602a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77261, "scanner": "repobility-supply-chain", "fingerprint": "b65ba7d00619fa0d253939fbda447c73254a9c09470632c8b7654410569d0754", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b65ba7d00619fa0d253939fbda447c73254a9c09470632c8b7654410569d0754"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77260, "scanner": "repobility-supply-chain", "fingerprint": "f34042bb442ba8586a922cee8d9e8151d85d0d5d6832800497fe27b4ea7f0837", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f34042bb442ba8586a922cee8d9e8151d85d0d5d6832800497fe27b4ea7f0837"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77259, "scanner": "repobility-supply-chain", "fingerprint": "da3ccfc0b625c051a6d770c2a16f9c7fb1b16ca7503cd649f26a916f8adb19e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da3ccfc0b625c051a6d770c2a16f9c7fb1b16ca7503cd649f26a916f8adb19e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77258, "scanner": "repobility-supply-chain", "fingerprint": "8d1e9dacb04336fa12e5e77d62af5f39fcf62f153ce6f579e8351d777dbeb801", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d1e9dacb04336fa12e5e77d62af5f39fcf62f153ce6f579e8351d777dbeb801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77257, "scanner": "repobility-supply-chain", "fingerprint": "177d1c300bfca59f22d22b67536967a0e53dc0153b3fc0a8b1c2fb2aabfe681a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|177d1c300bfca59f22d22b67536967a0e53dc0153b3fc0a8b1c2fb2aabfe681a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77256, "scanner": "repobility-supply-chain", "fingerprint": "77549d8fd12271544873a7f6c5ad272ba738762e7a23d36e7082de0e43bc7bef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77549d8fd12271544873a7f6c5ad272ba738762e7a23d36e7082de0e43bc7bef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77255, "scanner": "repobility-supply-chain", "fingerprint": "b45b70f18d5787c5dc7de5da0a0f23fdd6764d4a7a57695ac84dc699f8650475", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b45b70f18d5787c5dc7de5da0a0f23fdd6764d4a7a57695ac84dc699f8650475"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77254, "scanner": "repobility-supply-chain", "fingerprint": "0e14d335bab335d8ed45527894b3915163fc6f8795a71ca1eeddf0bfd9dc2dbf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e14d335bab335d8ed45527894b3915163fc6f8795a71ca1eeddf0bfd9dc2dbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77253, "scanner": "repobility-supply-chain", "fingerprint": "d51ee384ea5d34998da5a3a4545d1a4733b4b9b9749378768e8147a9509092be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d51ee384ea5d34998da5a3a4545d1a4733b4b9b9749378768e8147a9509092be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77252, "scanner": "repobility-supply-chain", "fingerprint": "377a5275f032fb4f95a6438ef3c8ac1cb98c931dbb998c241e40a28e1bd08234", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|377a5275f032fb4f95a6438ef3c8ac1cb98c931dbb998c241e40a28e1bd08234"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77251, "scanner": "repobility-supply-chain", "fingerprint": "b003b81fad5e47bdca81380a216ff9c78e3163b5e4a0c17293f863a84de1e4e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b003b81fad5e47bdca81380a216ff9c78e3163b5e4a0c17293f863a84de1e4e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77250, "scanner": "repobility-supply-chain", "fingerprint": "988f453acf7df68fda8fae5883e9cc5d4e46c4838806ff0426bba3fece6894ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|988f453acf7df68fda8fae5883e9cc5d4e46c4838806ff0426bba3fece6894ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 77249, "scanner": "repobility-supply-chain", "fingerprint": "bed3ef67da0bb331f1746840c8cb26acef11265259f2ce588ce469e128539c5f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bed3ef67da0bb331f1746840c8cb26acef11265259f2ce588ce469e128539c5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 77248, "scanner": "repobility-supply-chain", "fingerprint": "a59c31b445d03737075a29e9fff4913ffa9e3121fe96340e73445eef16d40a15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a59c31b445d03737075a29e9fff4913ffa9e3121fe96340e73445eef16d40a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 120}}}]}]}]}