{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-6w46-j5rx-g56g", "name": "pytest: GHSA-6w46-j5rx-g56g", "shortDescription": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "fullDescription": {"text": "pytest has vulnerable tmpdir handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `prune` has cognitive complexity 21 (SonarSource scale). Cognitive complex", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `prune` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all wei"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 21."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `__init__` (dict)", "shortDescription": {"text": "Mutable default argument in `__init__` (dict)"}, "fullDescription": {"text": "`def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-206", "name": "selenium: PYSEC-2023-206", "shortDescription": {"text": "selenium: PYSEC-2023-206"}, "fullDescription": {"text": "NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `alpine:3.14.4` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `alpine:3.14.4` not pinned by digest"}, "fullDescription": {"text": "`FROM alpine:3.14.4` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "Django view `XhrBuild` has destructive methods without auth", "shortDescription": {"text": "Django view `XhrBuild` has destructive methods without auth"}, "fullDescription": {"text": "Class-based view `XhrBuild` implements DELETE but no auth mixin / DRF permission_classes / request.user.is_authenticated check is visible."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.log` used but never assigned in __init__", "shortDescription": {"text": "`self.log` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_bitbake` of class `EnvTest` reads `self.log`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_run_arm_buster_example_module", "shortDescription": {"text": "Phantom test coverage: test_run_arm_buster_example_module"}, "fullDescription": {"text": "Test function `test_run_arm_buster_example_module` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `select` used but not imported", "shortDescription": {"text": "Missing import: `select` used but not imported"}, "fullDescription": {"text": "The file uses `select.something(...)` but never imports `select`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1039"}, "properties": {"repository": "ilbers/isar", "repoUrl": "https://github.com/ilbers/isar", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 101882, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 101881, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-6w46-j5rx-g56g", "level": "warning", "message": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "properties": {"repobilityId": 101879, "scanner": "osv-scanner", "fingerprint": "850196ca1fda6f6cd880e9b3042026aebed938d6f35cfda1e974e1362f6c0a82", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-71176"], "package": "pytest", "rule_id": "GHSA-6w46-j5rx-g56g", "scanner": "osv-scanner", "correlation_key": "vuln|pytest|CVE-2025-71176|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/toaster-tests-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 101876, "scanner": "repobility-docker", "fingerprint": "0830afd1a47184c338c74940853feef969cf448687dab4658ef33ba1104b7b2b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/siemens/kas/kas-isar:${KAS_VERSION}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0830afd1a47184c338c74940853feef969cf448687dab4658ef33ba1104b7b2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/dockerdata/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 101874, "scanner": "repobility-docker", "fingerprint": "9b8617276d911e9450d914df4574e6ca528d507ba952d1d273d60d99611f6bb8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.14.4", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9b8617276d911e9450d914df4574e6ca528d507ba952d1d273d60d99611f6bb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/prserv/Dockerfile"}, "region": {"startLine": 31}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 101873, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 101872, "scanner": "repobility-docker", "fingerprint": "57a5a595c01a141fb15c7be367a52b70fdf717cf07f8ecfefdb6efc9cb5ed8e5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.13.1", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|57a5a595c01a141fb15c7be367a52b70fdf717cf07f8ecfefdb6efc9cb5ed8e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/hashserv/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 101871, "scanner": "repobility-threat-engine", "fingerprint": "95bf8b1879bc3ef39488c754578156fd5a350e351e29d52bbd65a766fde3915b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n            tar = tarfile.open(filename)\n            return tar.getnames()\n        except Excep", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|95bf8b1879bc3ef39488c754578156fd5a350e351e29d52bbd65a766fde3915b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/utils.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 101869, "scanner": "repobility-threat-engine", "fingerprint": "bbe1ac14ce584bd6359c9430351a24254073da12098352a0a5d8a31e86cb4924", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|36|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/unittests/bitbake.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 101865, "scanner": "repobility-threat-engine", "fingerprint": "6d5bfa57be8391035fd3e76572c3576e1c67452155099bf307d9e6c719c71b45", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|testsuite/cleanup.py|16|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/cleanup.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `prune` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=2, for=1, if=3, nested_bonus=10, recursion=2, while=1."}, "properties": {"repobilityId": 101862, "scanner": "repobility-threat-engine", "fingerprint": "6edc4f27450991609df9504421841f15896e55d5634e4f7c5fd33c7619762032", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "prune", "breakdown": {"if": 3, "for": 1, "elif": 1, "else": 2, "while": 1, "continue": 1, "recursion": 2, "nested_bonus": 10}, "complexity": 21, "correlation_key": "fp|6edc4f27450991609df9504421841f15896e55d5634e4f7c5fd33c7619762032"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pybootchartgui/pybootchartgui/process_tree.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 101858, "scanner": "repobility-threat-engine", "fingerprint": "92b1e99c3ff30ac2ec1ca67692d1ec3ada10e9e1155bdc97e5d58a3052043541", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(cmd, check=True, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|scripts/lockrun.py|42|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lockrun.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 101851, "scanner": "repobility-agent-runtime", "fingerprint": "182b989f0b1c5c81e91d32136883831b1dd3f2eddcb355505bbdc3f274220c05", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|182b989f0b1c5c81e91d32136883831b1dd3f2eddcb355505bbdc3f274220c05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/static/js/qunit-1.18.0.js"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 101827, "scanner": "repobility-ast-engine", "fingerprint": "9f0306341527989fb93787e61fc972f476c71c1c5ab92e733481a7e3d7d49fbc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f0306341527989fb93787e61fc972f476c71c1c5ab92e733481a7e3d7d49fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/asyncrpc/client.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `start` (dict)"}, "properties": {"repobilityId": 101824, "scanner": "repobility-ast-engine", "fingerprint": "4d76fb3a25ee7764a5ffeefdd3c35208078399ccf722e5c37c5510188cecf180", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d76fb3a25ee7764a5ffeefdd3c35208078399ccf722e5c37c5510188cecf180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/builder/_lxml.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `report_unihash_equiv` (dict)"}, "properties": {"repobilityId": 101823, "scanner": "repobility-ast-engine", "fingerprint": "c38800ecde36b6c95bf34c548bcd5cc83815d5b2955c0cb7ad6077d9e1ab61a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c38800ecde36b6c95bf34c548bcd5cc83815d5b2955c0cb7ad6077d9e1ab61a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/hashserv/client.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `report_unihash` (dict)"}, "properties": {"repobilityId": 101822, "scanner": "repobility-ast-engine", "fingerprint": "5c641c4ecad74de8903b4cc324aa6f27029fda426b341dca73ca60f227b5dd72", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c641c4ecad74de8903b4cc324aa6f27029fda426b341dca73ca60f227b5dd72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/hashserv/client.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `load_cache` (list)"}, "properties": {"repobilityId": 101821, "scanner": "repobility-ast-engine", "fingerprint": "5994b3603deccbda8e15c1d2ae8ce53cff4ea2d30fd522d3802151e586e2154f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5994b3603deccbda8e15c1d2ae8ce53cff4ea2d30fd522d3802151e586e2154f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/layerindexlib/restapi.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `load_layerindex` (list)"}, "properties": {"repobilityId": 101819, "scanner": "repobility-ast-engine", "fingerprint": "4505891a92f4fbaf004b70868922314f14a868dfe375844b6eac1511aaef36de", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4505891a92f4fbaf004b70868922314f14a868dfe375844b6eac1511aaef36de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/layerindexlib/__init__.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 101818, "scanner": "repobility-ast-engine", "fingerprint": "6b24fda65aa04ab9b0f4d9fc4eb4c232de6149b6203d909c45079c51f23f879c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b24fda65aa04ab9b0f4d9fc4eb4c232de6149b6203d909c45079c51f23f879c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/dammit.py"}, "region": {"startLine": 335}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `search_tag` (dict)"}, "properties": {"repobilityId": 101817, "scanner": "repobility-ast-engine", "fingerprint": "e664c9b4e1ae893dc1a27878ae5d07b69557593bb5426e0ffb2cfa97f00902e9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e664c9b4e1ae893dc1a27878ae5d07b69557593bb5426e0ffb2cfa97f00902e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 1597}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 101816, "scanner": "repobility-ast-engine", "fingerprint": "060c87e951b00dabf75210b256efe42dd1790ad2e030961576ad08df21374e0b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|060c87e951b00dabf75210b256efe42dd1790ad2e030961576ad08df21374e0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 1534}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_all` (dict)"}, "properties": {"repobilityId": 101815, "scanner": "repobility-ast-engine", "fingerprint": "3843f8ba980821e42dcffe2aa81c772c4da4a3f4ef691ddcb79fb1d0ff5e1eb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3843f8ba980821e42dcffe2aa81c772c4da4a3f4ef691ddcb79fb1d0ff5e1eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 1243}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find` (dict)"}, "properties": {"repobilityId": 101814, "scanner": "repobility-ast-engine", "fingerprint": "db357a31b9ad917f55394943fd865cb891469cc521028d6cf5d577e8901ca907", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db357a31b9ad917f55394943fd865cb891469cc521028d6cf5d577e8901ca907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 1232}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_parents` (dict)"}, "properties": {"repobilityId": 101813, "scanner": "repobility-ast-engine", "fingerprint": "07e9a2ca657b9b79274abc7e45e3c5a346683c0c5958261b5ea19167db883ad9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07e9a2ca657b9b79274abc7e45e3c5a346683c0c5958261b5ea19167db883ad9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 479}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_parent` (dict)"}, "properties": {"repobilityId": 101812, "scanner": "repobility-ast-engine", "fingerprint": "277b82e15801865aa1ba0adf6f940f2ee59e6f4d0a9763f981b890991da8f127", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|277b82e15801865aa1ba0adf6f940f2ee59e6f4d0a9763f981b890991da8f127"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 467}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_previous_siblings` (dict)"}, "properties": {"repobilityId": 101811, "scanner": "repobility-ast-engine", "fingerprint": "7b810e7dea7a75905ddf93e43a2219fa80a529246d4336eb4be8dfabf005a8cf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b810e7dea7a75905ddf93e43a2219fa80a529246d4336eb4be8dfabf005a8cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 458}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_previous_sibling` (dict)"}, "properties": {"repobilityId": 101810, "scanner": "repobility-ast-engine", "fingerprint": "d8859b5567fd41ea9ffcb2b0667f2d3b87b54071e7bc763c16e3ecb07d1ada5b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8859b5567fd41ea9ffcb2b0667f2d3b87b54071e7bc763c16e3ecb07d1ada5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 451}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_all_previous` (dict)"}, "properties": {"repobilityId": 101809, "scanner": "repobility-ast-engine", "fingerprint": "8424520fef62b5ba4e10e3fceae595ddb7ac416d104c97d39dc6c837d4ce166d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8424520fef62b5ba4e10e3fceae595ddb7ac416d104c97d39dc6c837d4ce166d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 442}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_previous` (dict)"}, "properties": {"repobilityId": 101808, "scanner": "repobility-ast-engine", "fingerprint": "c9f04721027a59dcf88c2e9d6f3ef86566bf2aeb5e445705afc341347c6955aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9f04721027a59dcf88c2e9d6f3ef86566bf2aeb5e445705afc341347c6955aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_next_siblings` (dict)"}, "properties": {"repobilityId": 101807, "scanner": "repobility-ast-engine", "fingerprint": "aee69b42abd3ebe30a651fd7dc7034af4f27759a2f1c16aa88fd3045a0d17b69", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aee69b42abd3ebe30a651fd7dc7034af4f27759a2f1c16aa88fd3045a0d17b69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_next_sibling` (dict)"}, "properties": {"repobilityId": 101806, "scanner": "repobility-ast-engine", "fingerprint": "980a5fe0b3022c40f8ab8c2814d717fc52a9ed219ceb3d20a0e4cb17192af530", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|980a5fe0b3022c40f8ab8c2814d717fc52a9ed219ceb3d20a0e4cb17192af530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 419}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_all_next` (dict)"}, "properties": {"repobilityId": 101805, "scanner": "repobility-ast-engine", "fingerprint": "f68aed6d544cc5cdfd41fda4c3c86f8b3557502032b98f3b1f85ed95f773ed76", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f68aed6d544cc5cdfd41fda4c3c86f8b3557502032b98f3b1f85ed95f773ed76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 411}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `find_next` (dict)"}, "properties": {"repobilityId": 101804, "scanner": "repobility-ast-engine", "fingerprint": "b2d8f562557d5cbd034569338c5ed3551a2003bc08d87308dfb4448117443d83", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2d8f562557d5cbd034569338c5ed3551a2003bc08d87308dfb4448117443d83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 405}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `get_file_layer` (dict)"}, "properties": {"repobilityId": 101802, "scanner": "repobility-ast-engine", "fingerprint": "1238e5571a269247823ff442de8ce91722ce7251b0cbbec19349f41380be029d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1238e5571a269247823ff442de8ce91722ce7251b0cbbec19349f41380be029d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/utils.py"}, "region": {"startLine": 1552}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101800, "scanner": "repobility-ast-engine", "fingerprint": "1e2b3c8f365861d42a78600996a974801f463be508db43c827c295d61fcf6c97", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e2b3c8f365861d42a78600996a974801f463be508db43c827c295d61fcf6c97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/build.py"}, "region": {"startLine": 627}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101799, "scanner": "repobility-ast-engine", "fingerprint": "43ed3e982a0a3250659d6d7d6f8b77f9372ebacc5f8bc7c168d93ea95f671f37", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43ed3e982a0a3250659d6d7d6f8b77f9372ebacc5f8bc7c168d93ea95f671f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/build.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101798, "scanner": "repobility-ast-engine", "fingerprint": "104bd83366813c95c60fa9c1609a83664f29669ea30af1c17336ccf44bafa31e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|104bd83366813c95c60fa9c1609a83664f29669ea30af1c17336ccf44bafa31e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/build.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101797, "scanner": "repobility-ast-engine", "fingerprint": "f718c6be16629b5a31afbca2aec95236f58cb4a246d6cee23c2bbdd41d292097", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f718c6be16629b5a31afbca2aec95236f58cb4a246d6cee23c2bbdd41d292097"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cache.py"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101796, "scanner": "repobility-ast-engine", "fingerprint": "88f31cba672380002a782c28a379d435e9e946d395b89f8e0ebb796341bbc10f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88f31cba672380002a782c28a379d435e9e946d395b89f8e0ebb796341bbc10f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cache.py"}, "region": {"startLine": 968}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101795, "scanner": "repobility-ast-engine", "fingerprint": "5075c6da4cb805663ed8efe0ac3db179aa7c3b88f57fcf3a87be4dde16370e1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5075c6da4cb805663ed8efe0ac3db179aa7c3b88f57fcf3a87be4dde16370e1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cache.py"}, "region": {"startLine": 854}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101794, "scanner": "repobility-ast-engine", "fingerprint": "1fcc31ca8b98dd74419ea8ffa0f6006fe8ce3905c9c858e2516330ae46076844", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fcc31ca8b98dd74419ea8ffa0f6006fe8ce3905c9c858e2516330ae46076844"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/runqueue.py"}, "region": {"startLine": 1449}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101793, "scanner": "repobility-ast-engine", "fingerprint": "8c9e79983793e79bc20ad8fc7a837f1fd9a631bc3ba3086fa78a04a36f4cbe5e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c9e79983793e79bc20ad8fc7a837f1fd9a631bc3ba3086fa78a04a36f4cbe5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/runqueue.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101792, "scanner": "repobility-ast-engine", "fingerprint": "12e14e730da41c03ff5ef27fa8e5fdb3ad72c9303de99b4d69881212ed16fd1c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12e14e730da41c03ff5ef27fa8e5fdb3ad72c9303de99b4d69881212ed16fd1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/event.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 101791, "scanner": "repobility-ast-engine", "fingerprint": "178617e610a1cc029faf6be77ca7c803a678cd9fdba05d5438b2941f64123020", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|178617e610a1cc029faf6be77ca7c803a678cd9fdba05d5438b2941f64123020"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/event.py"}, "region": {"startLine": 479}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101790, "scanner": "repobility-ast-engine", "fingerprint": "c089d2a08a97b13ae978a83f83003c89185a080b1d3dfea91b09e69cdf6251c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c089d2a08a97b13ae978a83f83003c89185a080b1d3dfea91b09e69cdf6251c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/command.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101789, "scanner": "repobility-ast-engine", "fingerprint": "f6d1c86487037668e4a40d7681b3998b8ced962da67b422cbe02cf459bba7684", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6d1c86487037668e4a40d7681b3998b8ced962da67b422cbe02cf459bba7684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/data_smart.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101788, "scanner": "repobility-ast-engine", "fingerprint": "cdf44d72e56b11ef036c48babf2702951d1a57d03bf67ec4bd96d28d3c7c49e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdf44d72e56b11ef036c48babf2702951d1a57d03bf67ec4bd96d28d3c7c49e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/persist_data.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101787, "scanner": "repobility-ast-engine", "fingerprint": "34e4e3d4f13832e782bbfa557288cfa03c3cafe5351caba37a59807375747407", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34e4e3d4f13832e782bbfa557288cfa03c3cafe5351caba37a59807375747407"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 1570}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101786, "scanner": "repobility-ast-engine", "fingerprint": "bc30177f547fdf098c474dadf22f7f208907447578b57b320440bae3a8ec1550", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc30177f547fdf098c474dadf22f7f208907447578b57b320440bae3a8ec1550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101785, "scanner": "repobility-ast-engine", "fingerprint": "d6b558d5ec48bc3b1dcd9285f2e053fc2cd94a4e5827d43edcb111fc99bcc5bb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6b558d5ec48bc3b1dcd9285f2e053fc2cd94a4e5827d43edcb111fc99bcc5bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 2105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101784, "scanner": "repobility-ast-engine", "fingerprint": "269b4d1be71393a741a0f9632ff0cfaf1046db8717e1fef977e3f3500bf7b944", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|269b4d1be71393a741a0f9632ff0cfaf1046db8717e1fef977e3f3500bf7b944"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 2098}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101783, "scanner": "repobility-ast-engine", "fingerprint": "701a33b2ac4fcad98230886190a926bf35b16f5dfa686648b77085fca3caa8bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|701a33b2ac4fcad98230886190a926bf35b16f5dfa686648b77085fca3caa8bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 2030}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101781, "scanner": "repobility-ast-engine", "fingerprint": "a5da071bc880df0a6cc003d00d65eea6f6304398801466990e938ead0769a8d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5da071bc880df0a6cc003d00d65eea6f6304398801466990e938ead0769a8d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/dump_cache.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101780, "scanner": "repobility-ast-engine", "fingerprint": "0934b6273c217532fa8ae550101997647b29e3f48aa7155afba4d078368a71cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0934b6273c217532fa8ae550101997647b29e3f48aa7155afba4d078368a71cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/dump_cache.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101779, "scanner": "repobility-ast-engine", "fingerprint": "c10c256f51ae45cab451cf38f728e5dcedfefe63f1c78562ae7c2ddfd9993413", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c10c256f51ae45cab451cf38f728e5dcedfefe63f1c78562ae7c2ddfd9993413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/path.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101778, "scanner": "repobility-ast-engine", "fingerprint": "8861a44d73c973008b2be0a7c6367b330cc9161cc08cbb640d6582386500cd78", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8861a44d73c973008b2be0a7c6367b330cc9161cc08cbb640d6582386500cd78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/path.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101776, "scanner": "repobility-ast-engine", "fingerprint": "f521e47d48a583a63183932640605e19fd149df70c68fb9415faf9a239703b48", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f521e47d48a583a63183932640605e19fd149df70c68fb9415faf9a239703b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/utils.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101773, "scanner": "repobility-ast-engine", "fingerprint": "080c355b076800ac12a0fd2b2359b5543f4ff094867e20d0b1fea10e11c4929d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|080c355b076800ac12a0fd2b2359b5543f4ff094867e20d0b1fea10e11c4929d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/terminal.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101772, "scanner": "repobility-ast-engine", "fingerprint": "8f273922fac7b1b09c3e5d61f26eaa53a37ec93662ac6c78bde9767ebf51104f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f273922fac7b1b09c3e5d61f26eaa53a37ec93662ac6c78bde9767ebf51104f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/terminal.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 101766, "scanner": "repobility-ast-engine", "fingerprint": "489384e3a82cdab9460695cc69522af69c4fc1fb3fa32b4ead62aea1d2c2b687", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|489384e3a82cdab9460695cc69522af69c4fc1fb3fa32b4ead62aea1d2c2b687"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/utils.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `bitbake` (list)"}, "properties": {"repobilityId": 101765, "scanner": "repobility-ast-engine", "fingerprint": "5f5b72f744c45601d0190203eb3c341cfbc60a33650845a6b5bc927516b5d8f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f5b72f744c45601d0190203eb3c341cfbc60a33650845a6b5bc927516b5d8f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/cibuilder.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `merge_logger` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=2, if=3, nested_bonus=5, recursion=2."}, "properties": {"repobilityId": 101863, "scanner": "repobility-threat-engine", "fingerprint": "53fe46620f589ac37d85fdfe6edd3f31dd3f8b8c2405b33e229e2f1de2dfb5bf", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "merge_logger", "breakdown": {"if": 3, "for": 2, "else": 1, "continue": 1, "recursion": 2, "nested_bonus": 5}, "complexity": 14, "correlation_key": "fp|53fe46620f589ac37d85fdfe6edd3f31dd3f8b8c2405b33e229e2f1de2dfb5bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pybootchartgui/pybootchartgui/process_tree.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 101855, "scanner": "repobility-threat-engine", "fingerprint": "e61ce772a634696371c525439953e4578681fdc0849c40ed7a05f0a0adda4eda", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'user,id=net0,hostfwd=tcp::' + str(ssh_port) + '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e61ce772a634696371c525439953e4578681fdc0849c40ed7a05f0a0adda4eda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/start_vm.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 101854, "scanner": "repobility-threat-engine", "fingerprint": "e4b538c03774db4ac627f71770e16eaf3bb02f18e2e661191e7bee0b8bf788ef", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Compare artifacts image1: \" + image1 + \", image2: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e4b538c03774db4ac627f71770e16eaf3bb02f18e2e661191e7bee0b8bf788ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 101853, "scanner": "repobility-threat-engine", "fingerprint": "a4fd21bff4ac7740e73e733e42d261fe317af65a157b004510533b24148a80ee", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Version ' + release + ' of the project is now considered obsolete, please select and use a more rec", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a4fd21bff4ac7740e73e733e42d261fe317af65a157b004510533b24148a80ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/doc/sphinx-static/switchers.js"}, "region": {"startLine": 221}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101713, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4cc3e87b2f5d5a396a2e2cc822cd754eed6417772207e3fb9f24097e9cb721d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/rootfs-u-boot.py", "duplicate_line": 19, "correlation_key": "fp|a4cc3e87b2f5d5a396a2e2cc822cd754eed6417772207e3fb9f24097e9cb721d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/rootfs.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101712, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8332612b0194ee99568a43357e12c5a411d76a029c3eb4a511d652643ee2c608", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/isoimage-isohybrid-isar.py", "duplicate_line": 14, "correlation_key": "fp|8332612b0194ee99568a43357e12c5a411d76a029c3eb4a511d652643ee2c608"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/isoimage-isohybrid.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101711, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9421771ca3c8c3db70c8e27413188dc93a95be90cdfef6ab300b2e6d5a37890d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/bootimg-pcbios-isar.py", "duplicate_line": 19, "correlation_key": "fp|9421771ca3c8c3db70c8e27413188dc93a95be90cdfef6ab300b2e6d5a37890d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/bootimg-pcbios.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101710, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5362f4fc21cb059caf69e011684bb575177a0e48a146ca16c22ca0e2a2629ccc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/bootimg-efi-isar.py", "duplicate_line": 199, "correlation_key": "fp|5362f4fc21cb059caf69e011684bb575177a0e48a146ca16c22ca0e2a2629ccc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/bootimg-partition.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101709, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83b6f71812782e291b4f3fedbfa9ca75e3268d2f0251633153ce57bd13f81661", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/bootimg-efi-isar.py", "duplicate_line": 23, "correlation_key": "fp|83b6f71812782e291b4f3fedbfa9ca75e3268d2f0251633153ce57bd13f81661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/bootimg-efi.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101708, "scanner": "repobility-ai-code-hygiene", "fingerprint": "133cb4abfe907dfdcd6beed3f0a83c634f08f7e97b51ed4d423ed748fe575c5b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "meta/scripts/lib/wic/plugins/source/bootimg-biosplusefi-isar.py", "duplicate_line": 1, "correlation_key": "fp|133cb4abfe907dfdcd6beed3f0a83c634f08f7e97b51ed4d423ed748fe575c5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/bootimg-biosplusefi.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101707, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d6d82e65324cb08096d24461ead3eba649418dde45658c71fe03d82132b2ec8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bitbake/lib/bb/parse/parse_py/ConfHandler.py", "duplicate_line": 15, "correlation_key": "fp|0d6d82e65324cb08096d24461ead3eba649418dde45658c71fe03d82132b2ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastermain/management/commands/buildimport.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 101706, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9551299eeed3c50f9103b852ad584c956ea75b93fdfafa64070fa9984dc956f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bitbake/lib/bb/server/process.py", "duplicate_line": 628, "correlation_key": "fp|9551299eeed3c50f9103b852ad584c956ea75b93fdfafa64070fa9984dc956f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/ui/uievent.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 101875, "scanner": "repobility-docker", "fingerprint": "1fa1e4509d069fe4c5decbed7e23a8967cb38d55645977051929e406647de553", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ghcr.io/siemens/kas/kas-isar:${KAS_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1fa1e4509d069fe4c5decbed7e23a8967cb38d55645977051929e406647de553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/dockerdata/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 101864, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 8, "for": 2, "elif": 1, "else": 4, "except": 1, "nested_bonus": 12}, "aggregated": true, "complexity": 28, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 101860, "scanner": "repobility-threat-engine", "fingerprint": "34e6ea5fb8892474dd3d0c6ef4e38628940a7be749a4a3686c0c304afc875b2e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34e6ea5fb8892474dd3d0c6ef4e38628940a7be749a4a3686c0c304afc875b2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pybootchartgui/pybootchartgui/main.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 101857, "scanner": "repobility-threat-engine", "fingerprint": "3da2201d74a00a9e23d1e9134d9758017279a8e168095b5b48160dd6b4bf649e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3da2201d74a00a9e23d1e9134d9758017279a8e168095b5b48160dd6b4bf649e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci_build.sh"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 101856, "scanner": "repobility-threat-engine", "fingerprint": "623a657878db5407881eac8e8e494615c8b34f8fc5d51564caebcf76a6d6ef49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|623a657878db5407881eac8e8e494615c8b34f8fc5d51564caebcf76a6d6ef49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/doc/sphinx-static/switchers.js"}, "region": {"startLine": 162}}}]}, {"ruleId": "PYSEC-2023-206", "level": "error", "message": {"text": "selenium: PYSEC-2023-206"}, "properties": {"repobilityId": 101880, "scanner": "osv-scanner", "fingerprint": "a6065139b38e58310a7faa3561a74956203a25930ba1b9af94d65a4a2be9ef97", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-5590"], "package": "selenium", "rule_id": "PYSEC-2023-206", "scanner": "osv-scanner", "correlation_key": "vuln|selenium|CVE-2023-5590|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/toaster-tests-requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 101870, "scanner": "repobility-threat-engine", "fingerprint": "ac767d67bc1a8512c56c5eb6b5b184f8aa738a092421a433650cab4fda265f9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(parse", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac767d67bc1a8512c56c5eb6b5b184f8aa738a092421a433650cab4fda265f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/unittests/bitbake.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=4, except=1, for=2, if=8, nested_bonus=12."}, "properties": {"repobilityId": 101861, "scanner": "repobility-threat-engine", "fingerprint": "50e997f58ae87f552e55293bbb6ca5566b67daa08320e24a14fc48f802b79a97", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 8, "for": 2, "elif": 1, "else": 4, "except": 1, "nested_bonus": 12}, "complexity": 28, "correlation_key": "fp|50e997f58ae87f552e55293bbb6ca5566b67daa08320e24a14fc48f802b79a97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/pybootchartgui/pybootchartgui/main.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 101859, "scanner": "repobility-threat-engine", "fingerprint": "ef16fe93c4a0571160ae66cc610e294617003a2156086401af6f21cb76687e36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef16fe93c4a0571160ae66cc610e294617003a2156086401af6f21cb76687e36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lockrun.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 101852, "scanner": "repobility-threat-engine", "fingerprint": "662742ca200da990fa3f572d09ad6f5a0ae02cfac2799ff56237d833a5e4f4b2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|662742ca200da990fa3f572d09ad6f5a0ae02cfac2799ff56237d833a5e4f4b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/doc/sphinx-static/switchers.js"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `alpine:3.14.4` not pinned by digest"}, "properties": {"repobilityId": 101850, "scanner": "repobility-supply-chain", "fingerprint": "d452716433235424a85e190459a56876b27aaf347492780ba2a54a6f24ff34d5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d452716433235424a85e190459a56876b27aaf347492780ba2a54a6f24ff34d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/prserv/Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `alpine:3.13.1` not pinned by digest"}, "properties": {"repobilityId": 101849, "scanner": "repobility-supply-chain", "fingerprint": "40c7b78285fb109aef55c958a7eb257b0c2f559a79669877d8c47c09ab51c67d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|40c7b78285fb109aef55c958a7eb257b0c2f559a79669877d8c47c09ab51c67d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/contrib/hashserv/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/siemens/kas/kas-isar (no tag)` not pinned by digest"}, "properties": {"repobilityId": 101848, "scanner": "repobility-supply-chain", "fingerprint": "18d6f13f44c0edc32b80a0f5c35a6e5e8d247538643a9264033696143ca153c9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18d6f13f44c0edc32b80a0f5c35a6e5e8d247538643a9264033696143ca153c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/dockerdata/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrBuild` has destructive methods without auth"}, "properties": {"repobilityId": 101847, "scanner": "repobility-route-auth", "fingerprint": "0fbde36ec4de787487e8f1f5cf08e273eaeab58c61129175df3943fd91336245", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0fbde36ec4de787487e8f1f5cf08e273eaeab58c61129175df3943fd91336245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 1189}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrProject` has destructive methods without auth"}, "properties": {"repobilityId": 101846, "scanner": "repobility-route-auth", "fingerprint": "71ca22f8a4ccb2c2e800e6e4bdbb5c0e9431de95fc9fb300e7c74c995ebcd9be", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|71ca22f8a4ccb2c2e800e6e4bdbb5c0e9431de95fc9fb300e7c74c995ebcd9be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 991}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrCustomRecipePackages` has destructive methods without auth"}, "properties": {"repobilityId": 101845, "scanner": "repobility-route-auth", "fingerprint": "ff2aad41a979b3682629fdfee859767d507cab6634b7782b779e61366a6e0fa3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ff2aad41a979b3682629fdfee859767d507cab6634b7782b779e61366a6e0fa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 743}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrCustomRecipeId` has destructive methods without auth"}, "properties": {"repobilityId": 101844, "scanner": "repobility-route-auth", "fingerprint": "8cadb4a26160b292746d707594f2b47314b5a7f6edcbb04636502fcde9fadf28", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|8cadb4a26160b292746d707594f2b47314b5a7f6edcbb04636502fcde9fadf28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 685}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrCustomRecipe` has destructive methods without auth"}, "properties": {"repobilityId": 101843, "scanner": "repobility-route-auth", "fingerprint": "0a3cd4e80bf248665b31920e56d5e3faf730b9be2e38fc3545f226556c0a09e4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0a3cd4e80bf248665b31920e56d5e3faf730b9be2e38fc3545f226556c0a09e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 511}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrLayer` has destructive methods without auth"}, "properties": {"repobilityId": 101842, "scanner": "repobility-route-auth", "fingerprint": "a07bca5c426e01f95f36ffb5c283bc337cb3498862e49205d909b885200ecb33", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a07bca5c426e01f95f36ffb5c283bc337cb3498862e49205d909b885200ecb33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrSetDefaultImageUrl` has destructive methods without auth"}, "properties": {"repobilityId": 101841, "scanner": "repobility-route-auth", "fingerprint": "90761df45d036fbaedf0375ea2a9ba82cc009a7d9936e87ce9d48195f3c74df1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|90761df45d036fbaedf0375ea2a9ba82cc009a7d9936e87ce9d48195f3c74df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrProjectUpdate` has destructive methods without auth"}, "properties": {"repobilityId": 101840, "scanner": "repobility-route-auth", "fingerprint": "9affd04611ca3e3e81cdb660667e3e07f0c2c18f3bc3f0993873a151691292ef", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9affd04611ca3e3e81cdb660667e3e07f0c2c18f3bc3f0993873a151691292ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `XhrBuildRequest` has destructive methods without auth"}, "properties": {"repobilityId": 101839, "scanner": "repobility-route-auth", "fingerprint": "25c11d8adb194ab3c87f72f103182628fc6a079939eb738f2d51d77683d0796a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|25c11d8adb194ab3c87f72f103182628fc6a079939eb738f2d51d77683d0796a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/api.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "Django view `CommandLineBuilds` has destructive methods without auth"}, "properties": {"repobilityId": 101838, "scanner": "repobility-route-auth", "fingerprint": "e265cf1e734f420a0f0e6b8df94d0e9d39a02f34fbe2ec81d2dfc266efc5f3ba", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e265cf1e734f420a0f0e6b8df94d0e9d39a02f34fbe2ec81d2dfc266efc5f3ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/toastergui/views.py"}, "region": {"startLine": 1961}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log` used but never assigned in __init__"}, "properties": {"repobilityId": 101764, "scanner": "repobility-ast-engine", "fingerprint": "6c57c02671340881292874613830d1cb4f5a4eceb7b49c30392734712d1ea534", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c57c02671340881292874613830d1cb4f5a4eceb7b49c30392734712d1ea534"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.exec_cmd` used but never assigned in __init__"}, "properties": {"repobilityId": 101763, "scanner": "repobility-ast-engine", "fingerprint": "aaf4388aee992f951aa77451e3f7ffc7cfa40f389bd1120e9522963f22f42e69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaf4388aee992f951aa77451e3f7ffc7cfa40f389bd1120e9522963f22f42e69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.init` used but never assigned in __init__"}, "properties": {"repobilityId": 101762, "scanner": "repobility-ast-engine", "fingerprint": "cbaeb09ffdd12ba298c65a41ec140b11c6ff04672f102f822fe8f9d3061ee353", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbaeb09ffdd12ba298c65a41ec140b11c6ff04672f102f822fe8f9d3061ee353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log` used but never assigned in __init__"}, "properties": {"repobilityId": 101761, "scanner": "repobility-ast-engine", "fingerprint": "cad7a336bac2799cc8040b3c198733aca0f08ca7b10e06de08961a477b67611e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cad7a336bac2799cc8040b3c198733aca0f08ca7b10e06de08961a477b67611e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_buster_example_module"}, "properties": {"repobilityId": 101759, "scanner": "repobility-ast-engine", "fingerprint": "6be06f948fcdd4fb891c109fa5ca4e09c623e45fcd6c9b6c6e4cad44bb4fe28e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6be06f948fcdd4fb891c109fa5ca4e09c623e45fcd6c9b6c6e4cad44bb4fe28e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_buster_getty_target"}, "properties": {"repobilityId": 101758, "scanner": "repobility-ast-engine", "fingerprint": "649ca51d6f2b1b9839522b926ff9e55883208c82b90033dba8a7b9c5ec78719d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|649ca51d6f2b1b9839522b926ff9e55883208c82b90033dba8a7b9c5ec78719d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_buster_base"}, "properties": {"repobilityId": 101757, "scanner": "repobility-ast-engine", "fingerprint": "944e8d493527b250c36ef533186cefdecb048c8e7a191be41b8dc29bed178ce1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|944e8d493527b250c36ef533186cefdecb048c8e7a191be41b8dc29bed178ce1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 300}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_bullseye_getty_target"}, "properties": {"repobilityId": 101756, "scanner": "repobility-ast-engine", "fingerprint": "f278b5b69fb490c064ac0ef2244ac7e11e15d47740b375b0c18f6932c821b118", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f278b5b69fb490c064ac0ef2244ac7e11e15d47740b375b0c18f6932c821b118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_bullseye_example_module"}, "properties": {"repobilityId": 101755, "scanner": "repobility-ast-engine", "fingerprint": "3ce52f63170123bef9594943f417ad74c245b1a86dbb71b179ddb58cee54e01c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ce52f63170123bef9594943f417ad74c245b1a86dbb71b179ddb58cee54e01c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_arm_bullseye_base"}, "properties": {"repobilityId": 101754, "scanner": "repobility-ast-engine", "fingerprint": "6bd427f6c7d7a61c2f93e01ea41881dc637162ed91952d99e58b6e082700e44e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bd427f6c7d7a61c2f93e01ea41881dc637162ed91952d99e58b6e082700e44e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_cross"}, "properties": {"repobilityId": 101753, "scanner": "repobility-ast-engine", "fingerprint": "56228522dcdd501bf6bcca01c0aa7b2641b2f60cf407fd7cc9615de1978603d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56228522dcdd501bf6bcca01c0aa7b2641b2f60cf407fd7cc9615de1978603d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_installer_root_partition"}, "properties": {"repobilityId": 101752, "scanner": "repobility-ast-engine", "fingerprint": "fbee574726279614153b4248dc6364a147836d5a54a3910dc2b8ae171ccd3a6a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbee574726279614153b4248dc6364a147836d5a54a3910dc2b8ae171ccd3a6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_installer_run"}, "properties": {"repobilityId": 101751, "scanner": "repobility-ast-engine", "fingerprint": "193e446b298a83ec01535170b465033c3b945471ad17f68d230b7543353b03db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|193e446b298a83ec01535170b465033c3b945471ad17f68d230b7543353b03db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_installer_build"}, "properties": {"repobilityId": 101750, "scanner": "repobility-ast-engine", "fingerprint": "656b4e024dc1c08ff811579281bd20819376b85d783d9708b941baa1d7df7b48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|656b4e024dc1c08ff811579281bd20819376b85d783d9708b941baa1d7df7b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ccache_rebuild"}, "properties": {"repobilityId": 101749, "scanner": "repobility-ast-engine", "fingerprint": "9468d4184cf248224e702eb124283f76293f2c3b3f1c06f5a9b29fd6bdeac624", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9468d4184cf248224e702eb124283f76293f2c3b3f1c06f5a9b29fd6bdeac624"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_repro_unsigned"}, "properties": {"repobilityId": 101748, "scanner": "repobility-ast-engine", "fingerprint": "92922991f4443730682cc27a66e018af08a9d51494dce5915621a90679670061", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92922991f4443730682cc27a66e018af08a9d51494dce5915621a90679670061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_repro_signed"}, "properties": {"repobilityId": 101747, "scanner": "repobility-ast-engine", "fingerprint": "3d6972038193f9ecdf746d3fdbffca5d632942c2786534360cc4d04586bd1aec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d6972038193f9ecdf746d3fdbffca5d632942c2786534360cc4d04586bd1aec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_sbuild_flavor"}, "properties": {"repobilityId": 101746, "scanner": "repobility-ast-engine", "fingerprint": "d1e6a9782c04ee9b09fa08588c42884f627952834d090a173baf610fa550225c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1e6a9782c04ee9b09fa08588c42884f627952834d090a173baf610fa550225c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_repository_nopriority"}, "properties": {"repobilityId": 101745, "scanner": "repobility-ast-engine", "fingerprint": "1173df7518284c093852f05182f804146de76dc09eab2fd2421f133c033eee13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1173df7518284c093852f05182f804146de76dc09eab2fd2421f133c033eee13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_compat_recipe"}, "properties": {"repobilityId": 101744, "scanner": "repobility-ast-engine", "fingerprint": "7aabb4240a457fc2e91f70287a8dcf15adbc1825ce64b1e9f7311d55491c5950", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7aabb4240a457fc2e91f70287a8dcf15adbc1825ce64b1e9f7311d55491c5950"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev_run_arm_bookworm"}, "properties": {"repobilityId": 101743, "scanner": "repobility-ast-engine", "fingerprint": "443c815b1ba7b908698c64b3fdab4e23a790df4c2dcf36833afc6516f3654373", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|443c815b1ba7b908698c64b3fdab4e23a790df4c2dcf36833afc6516f3654373"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev_run_arm64_bookworm"}, "properties": {"repobilityId": 101742, "scanner": "repobility-ast-engine", "fingerprint": "1f3ee88f32d49485eeb5463a14e2706de85ea40f6e4b4cd39ae7a169bcd17e42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f3ee88f32d49485eeb5463a14e2706de85ea40f6e4b4cd39ae7a169bcd17e42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev_run_amd64_bookworm"}, "properties": {"repobilityId": 101741, "scanner": "repobility-ast-engine", "fingerprint": "97e619b9592272add18f6438b4081cf6b612b2b8f5fa1825153b1b8518649fa2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97e619b9592272add18f6438b4081cf6b612b2b8f5fa1825153b1b8518649fa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev_rebuild"}, "properties": {"repobilityId": 101740, "scanner": "repobility-ast-engine", "fingerprint": "d4697749bbc8e008342476f8db10469ddea29d7cedaee713bdc2cd77bdae9ae6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4697749bbc8e008342476f8db10469ddea29d7cedaee713bdc2cd77bdae9ae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev_apps"}, "properties": {"repobilityId": 101739, "scanner": "repobility-ast-engine", "fingerprint": "59065e3bb89d83d8b183041e9b5f2e67940fcd4f8c0d60e6c3c8dfae0fe9059e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59065e3bb89d83d8b183041e9b5f2e67940fcd4f8c0d60e6c3c8dfae0fe9059e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_dev"}, "properties": {"repobilityId": 101738, "scanner": "repobility-ast-engine", "fingerprint": "cfe52be6dfe155a95f4920b6c42ef86d5c4f19a6533f488f234c86b2cd1a6741", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfe52be6dfe155a95f4920b6c42ef86d5c4f19a6533f488f234c86b2cd1a6741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_build"}, "properties": {"repobilityId": 101737, "scanner": "repobility-ast-engine", "fingerprint": "e0e68592e772348ce913accf8098895727fe8bf337afffaf0c8d954bc6186f7e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0e68592e772348ce913accf8098895727fe8bf337afffaf0c8d954bc6186f7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nop"}, "properties": {"repobilityId": 101736, "scanner": "repobility-ast-engine", "fingerprint": "14dd5e5a10250eaedf91d2463942c8c87307355ac17842c285e6a4d512e832c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14dd5e5a10250eaedf91d2463942c8c87307355ac17842c285e6a4d512e832c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 101735, "scanner": "repobility-ast-engine", "fingerprint": "d1f1caf3eed2a7352e9ea4b69383c4c210dc615f38566e566c883bac5211fc9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1f1caf3eed2a7352e9ea4b69383c4c210dc615f38566e566c883bac5211fc9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 101734, "scanner": "repobility-ast-engine", "fingerprint": "585a3e9acd8183cc14b81060a22719a3e5f085c0206a332906d5e1571c4e04b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|585a3e9acd8183cc14b81060a22719a3e5f085c0206a332906d5e1571c4e04b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fail` used but never assigned in __init__"}, "properties": {"repobilityId": 101733, "scanner": "repobility-ast-engine", "fingerprint": "9a402180c1180608318ee7d9620fd3aeffca3f784c30bee53fd8d6db3ff6efde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a402180c1180608318ee7d9620fd3aeffca3f784c30bee53fd8d6db3ff6efde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log` used but never assigned in __init__"}, "properties": {"repobilityId": 101732, "scanner": "repobility-ast-engine", "fingerprint": "fa83ac255ba22dc21c523bbc1833a9fc5c7f37c5fad4a6510cbdfc890f7cab5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa83ac255ba22dc21c523bbc1833a9fc5c7f37c5fad4a6510cbdfc890f7cab5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.delete_from_build_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 101731, "scanner": "repobility-ast-engine", "fingerprint": "10e934737acf1b9cabebfec369f37b9ba47d38b57a2c0d67bf832b917ccf703b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10e934737acf1b9cabebfec369f37b9ba47d38b57a2c0d67bf832b917ccf703b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.delete_from_build_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 101730, "scanner": "repobility-ast-engine", "fingerprint": "f6f8c11eadc6314c28e7cfccd0f8b8e3b2e3ab954ecb46132ccc54809722c3e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6f8c11eadc6314c28e7cfccd0f8b8e3b2e3ab954ecb46132ccc54809722c3e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log` used but never assigned in __init__"}, "properties": {"repobilityId": 101729, "scanner": "repobility-ast-engine", "fingerprint": "36316316c764a7dd1523cb9a4619ffeeee5ea7cb4bcd6503ea8007b7455444c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36316316c764a7dd1523cb9a4619ffeeee5ea7cb4bcd6503ea8007b7455444c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log` used but never assigned in __init__"}, "properties": {"repobilityId": 101728, "scanner": "repobility-ast-engine", "fingerprint": "422e4afea3e2fe62f89354b95b24b8024a890d94769cd2fc72ca58a45e0516a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|422e4afea3e2fe62f89354b95b24b8024a890d94769cd2fc72ca58a45e0516a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.error` used but never assigned in __init__"}, "properties": {"repobilityId": 101727, "scanner": "repobility-ast-engine", "fingerprint": "a5dac35a7997dbb37d67f3c0a759321e50ea0b1975fb1bb0f7e4e0285f67a79b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5dac35a7997dbb37d67f3c0a759321e50ea0b1975fb1bb0f7e4e0285f67a79b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.move_in_build_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 101726, "scanner": "repobility-ast-engine", "fingerprint": "695778bcec0de0b326a5213af9eaba24c3a7207f243c479c0131167895062bac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|695778bcec0de0b326a5213af9eaba24c3a7207f243c479c0131167895062bac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_image_path` used but never assigned in __init__"}, "properties": {"repobilityId": 101725, "scanner": "repobility-ast-engine", "fingerprint": "f96c2a64c4917b25c299ebce9ecf00309436c454be0b3b7aa097a9b870f196d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f96c2a64c4917b25c299ebce9ecf00309436c454be0b3b7aa097a9b870f196d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.bitbake` used but never assigned in __init__"}, "properties": {"repobilityId": 101724, "scanner": "repobility-ast-engine", "fingerprint": "131407767c73d773866907333ac98f0244ea5a72640eaab7209e65870ab8ecf8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|131407767c73d773866907333ac98f0244ea5a72640eaab7209e65870ab8ecf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.configure` used but never assigned in __init__"}, "properties": {"repobilityId": 101723, "scanner": "repobility-ast-engine", "fingerprint": "9d61334b91b32e54491a3180d39efe94b212dcf0038eabf23d3fdecb7c2c09e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d61334b91b32e54491a3180d39efe94b212dcf0038eabf23d3fdecb7c2c09e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.clean` used but never assigned in __init__"}, "properties": {"repobilityId": 101722, "scanner": "repobility-ast-engine", "fingerprint": "62e04a0094e6556aa21ae429c837d94b9574421c61967e6f2f336c530d7ea5f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62e04a0094e6556aa21ae429c837d94b9574421c61967e6f2f336c530d7ea5f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.git_last_commit_timestamp` used but never assigned in __init__"}, "properties": {"repobilityId": 101721, "scanner": "repobility-ast-engine", "fingerprint": "35d1d5e77597ade3e4cadcddb099a01ab170afcda6fc51443d753170c1f87e04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35d1d5e77597ade3e4cadcddb099a01ab170afcda6fc51443d753170c1f87e04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.params` used but never assigned in __init__"}, "properties": {"repobilityId": 101720, "scanner": "repobility-ast-engine", "fingerprint": "59f7bc21def14f3cf51f8f13e731f16764a0179de169ee02b43688925cbb4beb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59f7bc21def14f3cf51f8f13e731f16764a0179de169ee02b43688925cbb4beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.params` used but never assigned in __init__"}, "properties": {"repobilityId": 101719, "scanner": "repobility-ast-engine", "fingerprint": "e7faef5e96552ffe6e0bf72d10432a1d3897cbf6642897d2e5690b06a3bc1d70", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7faef5e96552ffe6e0bf72d10432a1d3897cbf6642897d2e5690b06a3bc1d70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compare_repro_image` used but never assigned in __init__"}, "properties": {"repobilityId": 101718, "scanner": "repobility-ast-engine", "fingerprint": "9098a9ae5b5687f58c6482d8dfd4e28d4890096a4c8af4991c6c587919b86b63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9098a9ae5b5687f58c6482d8dfd4e28d4890096a4c8af4991c6c587919b86b63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_repro_image` used but never assigned in __init__"}, "properties": {"repobilityId": 101717, "scanner": "repobility-ast-engine", "fingerprint": "9bd168d50334e67ce5040b7e35d76ee4668d6e918682ae26d0b5e126b734d04c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9bd168d50334e67ce5040b7e35d76ee4668d6e918682ae26d0b5e126b734d04c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_repro_image` used but never assigned in __init__"}, "properties": {"repobilityId": 101716, "scanner": "repobility-ast-engine", "fingerprint": "f8e21433f05b84c605735a4fe8beb8ff50d21a5cc0934725edf1eeee7f312cc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8e21433f05b84c605735a4fe8beb8ff50d21a5cc0934725edf1eeee7f312cc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.init` used but never assigned in __init__"}, "properties": {"repobilityId": 101715, "scanner": "repobility-ast-engine", "fingerprint": "45b2485e2d48e62cf033cf72fe0ec0e6553561bd04ac7abcc24b42fbba402165", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45b2485e2d48e62cf033cf72fe0ec0e6553561bd04ac7abcc24b42fbba402165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_repro_build"}, "properties": {"repobilityId": 101714, "scanner": "repobility-ast-engine", "fingerprint": "7e3c60972af47d9067cc9448944a1c7f644d9d9a8f88c046c6fd6c5ac1528e2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e3c60972af47d9067cc9448944a1c7f644d9d9a8f88c046c6fd6c5ac1528e2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/repro-build-test.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 101878, "scanner": "gitleaks", "fingerprint": "2e5142d0b0efe37b79a3b26581f9c4af56ed5152bcb622125305cd3580f51fc8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/keys/base-apt/test_priv.key"}, "region": {"startLine": 1}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 101877, "scanner": "gitleaks", "fingerprint": "5d58eb755bffcff139844230f308e671436bf1b4498cf4a01b02b5e855269e77", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|testsuite/keys/ssh/id_rsa|1|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/keys/ssh/id_rsa"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 101868, "scanner": "repobility-threat-engine", "fingerprint": "c240e90412ebe6b696c5aecc1b113c002479dec772c9c111660a83dcf13ff0ef", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c240e90412ebe6b696c5aecc1b113c002479dec772c9c111660a83dcf13ff0ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/cleanup.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 101867, "scanner": "repobility-threat-engine", "fingerprint": "00408e6c069c60ab4f24477e56a645f4437603cba7642d6d2961cfbb974dfa55", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00408e6c069c60ab4f24477e56a645f4437603cba7642d6d2961cfbb974dfa55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/cleanup.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 101866, "scanner": "repobility-threat-engine", "fingerprint": "b024fd06b05e415b70c49c06fd3d5084acfb75062eaafae8713f9db57f5be167", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b024fd06b05e415b70c49c06fd3d5084acfb75062eaafae8713f9db57f5be167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/cleanup.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `select` used but not imported"}, "properties": {"repobilityId": 101837, "scanner": "repobility-ast-engine", "fingerprint": "bc2101f1236995a5e7537a3f693a260faf4490f57abcf84833a0d5cd1e1b50db", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc2101f1236995a5e7537a3f693a260faf4490f57abcf84833a0d5cd1e1b50db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/functional/test_create_new_project.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `select` used but not imported"}, "properties": {"repobilityId": 101836, "scanner": "repobility-ast-engine", "fingerprint": "fb1cb4dfeff2774a99c2187efef85668af0e812431f7384eb16d7c3e87bea12d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb1cb4dfeff2774a99c2187efef85668af0e812431f7384eb16d7c3e87bea12d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/functional/test_project_config.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `select` used but not imported"}, "properties": {"repobilityId": 101835, "scanner": "repobility-ast-engine", "fingerprint": "864e1d484265b3e9961e6f1a84e2799f1469a5701127eb7b1eb76554ccd4e20e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|864e1d484265b3e9961e6f1a84e2799f1469a5701127eb7b1eb76554ccd4e20e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/functional/test_project_page.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `select` used but not imported"}, "properties": {"repobilityId": 101834, "scanner": "repobility-ast-engine", "fingerprint": "ec5b77740060f624f174b05f195f956f7aa3842b1433665e6ac1a13de19496b0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec5b77740060f624f174b05f195f956f7aa3842b1433665e6ac1a13de19496b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/browser/test_delete_project.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101833, "scanner": "repobility-ast-engine", "fingerprint": "d319aa4f1322f0d17c62b921284cf87a2933c5d15b88509ddd7abaea3c1027b2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d319aa4f1322f0d17c62b921284cf87a2933c5d15b88509ddd7abaea3c1027b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/browser/test_new_custom_image_page.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `select` used but not imported"}, "properties": {"repobilityId": 101832, "scanner": "repobility-ast-engine", "fingerprint": "e3d86af1dc1e5ef89ccd0e4c74093c8d377c3caac4bacca9693ee523fae8339a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3d86af1dc1e5ef89ccd0e4c74093c8d377c3caac4bacca9693ee523fae8339a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/toaster/tests/browser/test_new_project_page.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101831, "scanner": "repobility-ast-engine", "fingerprint": "19f07475244e6c9b93e6cc4522a07e891647a27a69e5908ad4bfcf79ebac474d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19f07475244e6c9b93e6cc4522a07e891647a27a69e5908ad4bfcf79ebac474d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/ui/taskexp_ncurses.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101830, "scanner": "repobility-ast-engine", "fingerprint": "6d1000f72bc110843cc3273f183d9a8fa1cac387ba4e566296ad1fc5a773274f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d1000f72bc110843cc3273f183d9a8fa1cac387ba4e566296ad1fc5a773274f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/ui/taskexp.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 101829, "scanner": "repobility-ast-engine", "fingerprint": "788948547d19e77361cc8b6469e61f8b9bb2c3a955aac99597c2588d0c2e67b2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|788948547d19e77361cc8b6469e61f8b9bb2c3a955aac99597c2588d0c2e67b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/fetch2/__init__.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 101828, "scanner": "repobility-ast-engine", "fingerprint": "a675c94ae4c2fcd23b3f633723096928e2534fc90f5b292fee3d5800ddb2a43d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a675c94ae4c2fcd23b3f633723096928e2534fc90f5b292fee3d5800ddb2a43d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/asyncrpc/serv.py"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 101826, "scanner": "repobility-ast-engine", "fingerprint": "bf93d2992da847befccd172981b63c071e9f8cc1cd687118f3bbfd1a35ad10ad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf93d2992da847befccd172981b63c071e9f8cc1cd687118f3bbfd1a35ad10ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/tests/test_tree.py"}, "region": {"startLine": 935}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 101825, "scanner": "repobility-ast-engine", "fingerprint": "82bab4f22e00efb2ea3ba9e6d224181719744dae9f703e49d3c01735a2220865", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82bab4f22e00efb2ea3ba9e6d224181719744dae9f703e49d3c01735a2220865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/tests/test_tree.py"}, "region": {"startLine": 567}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `collections` used but not imported"}, "properties": {"repobilityId": 101820, "scanner": "repobility-ast-engine", "fingerprint": "3121daf24ee4b018c91f0b324f5d20baf322e2e7531d05f946c8affdbad080c8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3121daf24ee4b018c91f0b324f5d20baf322e2e7531d05f946c8affdbad080c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/layerindexlib/cooker.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 101803, "scanner": "repobility-ast-engine", "fingerprint": "9842aea29e995e3dd7b68fefc14bf85f742abad8580a9eeba3bffba27ea40476", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9842aea29e995e3dd7b68fefc14bf85f742abad8580a9eeba3bffba27ea40476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bs4/element.py"}, "region": {"startLine": 868}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 101801, "scanner": "repobility-ast-engine", "fingerprint": "591344f5c1cbe6d0241cef36649390996c26d8e354e8a758001e78e15c0bc340", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|591344f5c1cbe6d0241cef36649390996c26d8e354e8a758001e78e15c0bc340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/utils.py"}, "region": {"startLine": 1124}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `collections` used but not imported"}, "properties": {"repobilityId": 101782, "scanner": "repobility-ast-engine", "fingerprint": "8a48299cc9249fd7f730f89dd8289c7444dd2053ec9033ecb889189cb9683654", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a48299cc9249fd7f730f89dd8289c7444dd2053ec9033ecb889189cb9683654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bitbake/lib/bb/cooker.py"}, "region": {"startLine": 1129}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101777, "scanner": "repobility-ast-engine", "fingerprint": "1734a44f139c74da21440bdff84dec90bbc46c4e5ece4f82c3eb3791034a6219", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1734a44f139c74da21440bdff84dec90bbc46c4e5ece4f82c3eb3791034a6219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/sstatesig.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 101775, "scanner": "repobility-ast-engine", "fingerprint": "6c5a88be2b02631a60e66b7e4ce86c0b8106fcba0f61a30efa42a185edd807c4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c5a88be2b02631a60e66b7e4ce86c0b8106fcba0f61a30efa42a185edd807c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/utils.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101774, "scanner": "repobility-ast-engine", "fingerprint": "dffbf11fe9d405a90d8a22ad88e279382c841c87dc1df486d0ed77360ab6b1bd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dffbf11fe9d405a90d8a22ad88e279382c841c87dc1df486d0ed77360ab6b1bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/utils.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101771, "scanner": "repobility-ast-engine", "fingerprint": "4399f1be694081cec081d2292c39a549efe6be0fb81cb9fc082481165e84a9ab", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4399f1be694081cec081d2292c39a549efe6be0fb81cb9fc082481165e84a9ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/oe/terminal.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101770, "scanner": "repobility-ast-engine", "fingerprint": "be4ac8a17790af0ce488f7cea575a5e4db1913ff4c58ca242009b3e07c1ad7d2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be4ac8a17790af0ce488f7cea575a5e4db1913ff4c58ca242009b3e07c1ad7d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/scripts/lib/wic/plugins/source/bootimg-biosplusefi-isar.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101769, "scanner": "repobility-ast-engine", "fingerprint": "a6f78d0d254a466930d0bd442b2f8c4ce58b5361160d2ff27aa19f82f5844ffc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6f78d0d254a466930d0bd442b2f8c4ce58b5361160d2ff27aa19f82f5844ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "meta/lib/buildstats.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101768, "scanner": "repobility-ast-engine", "fingerprint": "e8374fd36413b8baa4b4841841d812a9a43b380278ff7dd818aeaa1bd1565df3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8374fd36413b8baa4b4841841d812a9a43b380278ff7dd818aeaa1bd1565df3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/plugins/source/bootimg-biosplusefi.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 101767, "scanner": "repobility-ast-engine", "fingerprint": "83299334147ecb0d2ce14c1923cc4c01a36f8dba4345479c98c41a63110effbc", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83299334147ecb0d2ce14c1923cc4c01a36f8dba4345479c98c41a63110effbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/wic/filemap.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `os` used but not imported"}, "properties": {"repobilityId": 101760, "scanner": "repobility-ast-engine", "fingerprint": "03bece766f945b95617ca173330c558b66c851d43d9c766dc2b6a674419629b4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03bece766f945b95617ca173330c558b66c851d43d9c766dc2b6a674419629b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "testsuite/citest.py"}, "region": {"startLine": 522}}}]}]}]}