{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/setup-dotnet@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `mcr.microsoft.com/dotnet/runtime-deps:10.0-alpine` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `mcr.microsoft.com/dotnet/runtime-deps:10.0-alpine` not pinned by digest"}, "fullDescription": {"text": "`FROM mcr.microsoft.com/dotnet/runtime-deps:10.0-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "pkcs12-file", "name": "Found a PKCS #12 file, which commonly contain bundled private keys.", "shortDescription": {"text": "Found a PKCS #12 file, which commonly contain bundled private keys."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1184"}, "properties": {"repository": "zivillian/ism7mqtt", "repoUrl": "https://github.com/zivillian/ism7mqtt", "branch": "master"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 118981, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 118980, "scanner": "repobility-docker", "fingerprint": "1b966533896b1984b87e130e7f1a0e69e13846413e27163287023f015ae8fcd3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/dotnet/runtime-deps:10.0-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1b966533896b1984b87e130e7f1a0e69e13846413e27163287023f015ae8fcd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0035ed1c55173e3ee3c1bd56632ddbf886536eec43395f46c0d46440c9d3c3cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7config/Resources.Designer.cs", "duplicate_line": 5, "correlation_key": "fp|0035ed1c55173e3ee3c1bd56632ddbf886536eec43395f46c0d46440c9d3c3cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7ssl/Resources.Designer.cs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc19ca90f9d0098555e8f3649769a5a7547ca6288daf221158c8e5fc5f5e407b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7proxy/Resources.Designer.cs", "duplicate_line": 3, "correlation_key": "fp|fc19ca90f9d0098555e8f3649769a5a7547ca6288daf221158c8e5fc5f5e407b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7ssl/Resources.Designer.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34a6ed8a834b55d1574c6f541fa460a3cacdd344bd23dbe110fb8340b4c7f6c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7config/Resources.Designer.cs", "duplicate_line": 5, "correlation_key": "fp|34a6ed8a834b55d1574c6f541fa460a3cacdd344bd23dbe110fb8340b4c7f6c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7proxy/Resources.Designer.cs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3743bdb6b0303b5665df34acd15d5129b44d4c4975b373789a66213ab8b7fdc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7config/Resources.Designer.cs", "duplicate_line": 3, "correlation_key": "fp|3743bdb6b0303b5665df34acd15d5129b44d4c4975b373789a66213ab8b7fdc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7mqtt/Resources.Designer.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ccbceac3618683bae8ae3137c61fc99aa0f654c277ae5745678cd382f661a84", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7mqtt/ISM7/Xml/Bit0to3ConverterTemplate.cs", "duplicate_line": 15, "correlation_key": "fp|3ccbceac3618683bae8ae3137c61fc99aa0f654c277ae5745678cd382f661a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7mqtt/ISM7/Xml/Bit4to7ConverterTemplate.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4f9da309693056ff78f9718f42be8e245ede83e997bc8440f105aafe94f3ca6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7mqtt/ISM7/Xml/BM2DateConverterTemplate.cs", "duplicate_line": 22, "correlation_key": "fp|a4f9da309693056ff78f9718f42be8e245ede83e997bc8440f105aafe94f3ca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7mqtt/ISM7/Xml/BM2TimeConverterTemplate.cs"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 118955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b91f2fc715a54ed7e502556dcb8bcd9d9fc58b6819fcc4b4abf7e7b5357ef17", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ism7mqtt/ISM7/Protocol/InfonumberReadResp.cs", "duplicate_line": 7, "correlation_key": "fp|1b91f2fc715a54ed7e502556dcb8bcd9d9fc58b6819fcc4b4abf7e7b5357ef17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7mqtt/ISM7/Protocol/InfonumberWriteResp.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 118979, "scanner": "repobility-supply-chain", "fingerprint": "d0eb20d20f945973590b0534da4bb9972044984eff126d82f2b980adf0d1a631", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0eb20d20f945973590b0534da4bb9972044984eff126d82f2b980adf0d1a631"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118978, "scanner": "repobility-supply-chain", "fingerprint": "2db4d7829f7d162d86e8a9fc5e120f38f9c0ff93fafd58cc62909100f1d007e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2db4d7829f7d162d86e8a9fc5e120f38f9c0ff93fafd58cc62909100f1d007e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118977, "scanner": "repobility-supply-chain", "fingerprint": "f0a9e564472adc466259d2f373b5fc37337798538927e1e2aa6834ebd78aa965", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0a9e564472adc466259d2f373b5fc37337798538927e1e2aa6834ebd78aa965"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118976, "scanner": "repobility-supply-chain", "fingerprint": "400a007a3132744493d9bc08b13d1a18d2f417dc0f90d6242cc03af7873ef8ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|400a007a3132744493d9bc08b13d1a18d2f417dc0f90d6242cc03af7873ef8ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118975, "scanner": "repobility-supply-chain", "fingerprint": "31b844980c2a7291ad90f92c6a1073f1a3b66bbf9f8f31f939b5bfdc29e12eb6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31b844980c2a7291ad90f92c6a1073f1a3b66bbf9f8f31f939b5bfdc29e12eb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118974, "scanner": "repobility-supply-chain", "fingerprint": "c516702d0dd103a12ac9842551d41c214025ce89e22aa0779b78dca79f4a2b15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c516702d0dd103a12ac9842551d41c214025ce89e22aa0779b78dca79f4a2b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118973, "scanner": "repobility-supply-chain", "fingerprint": "ab2a91d35eb594f5437bce8fb95db226fd05fdcfaee8122b75f8d0cb74c4aac1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab2a91d35eb594f5437bce8fb95db226fd05fdcfaee8122b75f8d0cb74c4aac1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118972, "scanner": "repobility-supply-chain", "fingerprint": "8318088af536100b376ec3a5d9082a3630413c5e47e2bf15f0e3b8c820b55c9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8318088af536100b376ec3a5d9082a3630413c5e47e2bf15f0e3b8c820b55c9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118971, "scanner": "repobility-supply-chain", "fingerprint": "0ec1c971d25be93ba9acf38ffbe9789c5cb72b340497c00e86cd151b67962c4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ec1c971d25be93ba9acf38ffbe9789c5cb72b340497c00e86cd151b67962c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118970, "scanner": "repobility-supply-chain", "fingerprint": "b5e52d6160972325cafeabba9991464ba91ca72ab13d995554e9c813c02066ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5e52d6160972325cafeabba9991464ba91ca72ab13d995554e9c813c02066ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118969, "scanner": "repobility-supply-chain", "fingerprint": "78a93d31c3e66681c66d17d802996bf3bf3fb1c2463abcad8dc3764d2cfb333f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|78a93d31c3e66681c66d17d802996bf3bf3fb1c2463abcad8dc3764d2cfb333f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118968, "scanner": "repobility-supply-chain", "fingerprint": "7b3d2733482627a4c253c3567c43be071cb058840c28ac291a9d276d630f02cf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b3d2733482627a4c253c3567c43be071cb058840c28ac291a9d276d630f02cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118967, "scanner": "repobility-supply-chain", "fingerprint": "83f27ed56993140ba2f737e78e0f9a2fc3ad788fbdc07bcc653b58809a2db591", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|83f27ed56993140ba2f737e78e0f9a2fc3ad788fbdc07bcc653b58809a2db591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118966, "scanner": "repobility-supply-chain", "fingerprint": "563944f63a721a346022938971ed8759c27726f407f32b6272c8e9c2a5e66e76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|563944f63a721a346022938971ed8759c27726f407f32b6272c8e9c2a5e66e76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 118965, "scanner": "repobility-supply-chain", "fingerprint": "d1adc54cfa94846af291c4e0bfa77834f2e52493f50ac2c675d551a5b83f6d41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1adc54cfa94846af291c4e0bfa77834f2e52493f50ac2c675d551a5b83f6d41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118964, "scanner": "repobility-supply-chain", "fingerprint": "07704f6793a532c0df7657b7517aa191a5d7a6b2ecb51f6bd95b9a1ccd84a71a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|07704f6793a532c0df7657b7517aa191a5d7a6b2ecb51f6bd95b9a1ccd84a71a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118963, "scanner": "repobility-supply-chain", "fingerprint": "71bd937b2505f8f7ea19db15163fedcaa43da7491d388edd3d47a0971911cb4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71bd937b2505f8f7ea19db15163fedcaa43da7491d388edd3d47a0971911cb4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `mcr.microsoft.com/dotnet/runtime-deps:10.0-alpine` not pinned by digest"}, "properties": {"repobilityId": 118962, "scanner": "repobility-supply-chain", "fingerprint": "d03bfd0abce5dc8344652a5174658e77d9921ca1e0f4aa82b4b98e7ec6ff0d74", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d03bfd0abce5dc8344652a5174658e77d9921ca1e0f4aa82b4b98e7ec6ff0d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 118954, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "pkcs12-file", "level": "error", "message": {"text": "Found a PKCS #12 file, which commonly contain bundled private keys."}, "properties": {"repobilityId": 118982, "scanner": "gitleaks", "fingerprint": "613335447dda4a58a573b09e5f81d2056d9c51190541a8031f9ba204874c24c4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTEDfREDACTEDiREDACTEDlREDACTEDeREDACTED REDACTEDdREDACTEDeREDACTEDtREDACTEDeREDACTEDcREDACTEDtREDACTEDeREDACTEDdREDACTED:REDACTED REDACTED/REDACTEDtREDACTEDmREDACTEDpREDACTED/REDACTEDrREDACTEDeREDACTEDpREDACTEDoREDACTEDbREDACTEDiREDACTEDlREDACTEDiREDACTEDtREDACTEDyREDACTED-REDACTEDaREDACTEDnRED", "rule_id": "pkcs12-file", "scanner": "gitleaks", "detector": "pkcs12-file", "correlation_key": "secret|token||token token token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ism7ssl/Resources/client.pfx"}, "region": {"startLine": 1}}}]}]}]}