{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `task_stale_pr_assign` has cognitive complexity 11 (SonarSource scale). Co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `task_stale_pr_assign` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and re"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 44 more): Same pattern found in 44 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 44 more): Same pattern found in 44 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro (and 27 more): Same pattern found in 27 additional files. Review if needed.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 170 more): Same pattern found in 170 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 170 more): Same pattern found in 170 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at ", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.__evaluate_encoded` used but never assigned in __init__: Method `recv_output` of class `SerialPort` rea", "shortDescription": {"text": "[MINED108] `self.__evaluate_encoded` used but never assigned in __init__: Method `recv_output` of class `SerialPort` reads `self.__evaluate_encoded`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attr"}, "fullDescription": {"text": "Initialize `self.__evaluate_encoded = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_deleting_with: Test function `test_deleting_with` runs code but contains no asser", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_deleting_with: Test function `test_deleting_with` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. T", "shortDescription": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import enum` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1404"}, "properties": {"repository": "tock/tock", "repoUrl": "https://github.com/tock/tock", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143816, "scanner": "repobility-ast-engine", "fingerprint": "052802b05fa78ac846cee7076444ed0f35e20b909a234833d2b03f81ecc737df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|052802b05fa78ac846cee7076444ed0f35e20b909a234833d2b03f81ecc737df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/ambiq/ambiq_bin2board.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143814, "scanner": "repobility-ast-engine", "fingerprint": "4f1fa2d13f75979da0cde830381331cd92ad682d6693e2eb165f69637adb9fe9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f1fa2d13f75979da0cde830381331cd92ad682d6693e2eb165f69637adb9fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/find_panics.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143813, "scanner": "repobility-ast-engine", "fingerprint": "e623254e9bd02a1978df14f86f03f6f89ec8089872a72cd5f0ff1bebed934286", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e623254e9bd02a1978df14f86f03f6f89ec8089872a72cd5f0ff1bebed934286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/find_panics.py"}, "region": {"startLine": 394}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 143796, "scanner": "repobility-agent-runtime", "fingerprint": "95ad904ee67bd59e65729d486e1172f8ba99e6f2bf60dd4219821e1291ef53a4", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|95ad904ee67bd59e65729d486e1172f8ba99e6f2bf60dd4219821e1291ef53a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/netlify-build.sh"}, "region": {"startLine": 20}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 143795, "scanner": "repobility-agent-runtime", "fingerprint": "b6ad479eb6a8ea27ee15209ff31bfef4fd5854f169038f4d07df0e1aab3bb46d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b6ad479eb6a8ea27ee15209ff31bfef4fd5854f169038f4d07df0e1aab3bb46d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/Getting_Started.md"}, "region": {"startLine": 38}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 143794, "scanner": "repobility-agent-runtime", "fingerprint": "10cfdf6bb4d68a7e6cec11f24f37a662b759a6a741ae4ade2a470f08174205f8", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|10cfdf6bb4d68a7e6cec11f24f37a662b759a6a741ae4ade2a470f08174205f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/microbit_v2/README.md"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 143761, "scanner": "repobility-threat-engine", "fingerprint": "556a7021a1fca8a6dac04c9ebd6d904d86d5e8bfc9aadaef59ed26d5eab9d173", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.popen(", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|52|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/embedded_data_analyzer.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 143754, "scanner": "repobility-threat-engine", "fingerprint": "c7a7c5c934e69ed6d47f605be6d9b1da97b36b57b7e487bb31a3ff9e24e33d39", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|218|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "chips/rp2040/src/pio_gspi.rs"}, "region": {"startLine": 218}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143793, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8be5d88703cf535aff42a2160d24764619ba180de531a903f946229e830c6110", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/configurations/nrf52840dk/nrf52840dk-test-appid-ecdsap256/src/main.rs", "duplicate_line": 3, "correlation_key": "fp|8be5d88703cf535aff42a2160d24764619ba180de531a903f946229e830c6110"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/configurations/nrf52840dk/nrf52840dk-test-appid-sha256/src/main.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143792, "scanner": "repobility-ai-code-hygiene", "fingerprint": "841f968859f1d7a86a8a22d75d7889cfe2fbff317ff7ea519f579450fcb72b1e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 274, "correlation_key": "fp|841f968859f1d7a86a8a22d75d7889cfe2fbff317ff7ea519f579450fcb72b1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/configurations/nrf52840dk/nrf52840dk-test-appid-ecdsap256/src/main.rs"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143791, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce663db11ca96294db8f31cab62a82f06da515fe39df2555aa01c9cbfd85002d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/clue_nrf52840/src/main.rs", "duplicate_line": 163, "correlation_key": "fp|ce663db11ca96294db8f31cab62a82f06da515fe39df2555aa01c9cbfd85002d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/configurations/nrf52840dk/nrf52840dk-test-appid-ecdsap256/src/main.rs"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143790, "scanner": "repobility-ai-code-hygiene", "fingerprint": "750a38bc20d530224933ec8d591e3908ac0ee96e699b61008b13ec99691a86b2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 274, "correlation_key": "fp|750a38bc20d530224933ec8d591e3908ac0ee96e699b61008b13ec99691a86b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/configurations/microbit_v2/microbit_v2-test-dynamic-app-load/src/main.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143789, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d0865bba6aff6399c40d291f160011c000a4ee65bacf9b7247067b54af0209b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/clue_nrf52840/src/main.rs", "duplicate_line": 164, "correlation_key": "fp|9d0865bba6aff6399c40d291f160011c000a4ee65bacf9b7247067b54af0209b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/configurations/microbit_v2/microbit_v2-test-dynamic-app-load/src/main.rs"}, "region": {"startLine": 146}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143788, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1d7b4ba97c73248e7ce89e00a221152fa8b7989ca7bb8e1ae1669f419d2cc76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/components/src/thread_network.rs", "duplicate_line": 25, "correlation_key": "fp|b1d7b4ba97c73248e7ce89e00a221152fa8b7989ca7bb8e1ae1669f419d2cc76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/components/src/udp_driver.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143787, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4357d5503ef046f6bb6cd6a2e1ca4823ab318fa5edf7fa8bce809747c86d08b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/redboard_artemis_atp/src/main.rs", "duplicate_line": 312, "correlation_key": "fp|4357d5503ef046f6bb6cd6a2e1ca4823ab318fa5edf7fa8bce809747c86d08b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/clue_nrf52840/src/main.rs"}, "region": {"startLine": 608}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143786, "scanner": "repobility-ai-code-hygiene", "fingerprint": "406e7bc8319f587c8af003cf54b0115bf12741197d1b24afd8e17db99a52ff2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/arty_e21/src/main.rs", "duplicate_line": 214, "correlation_key": "fp|406e7bc8319f587c8af003cf54b0115bf12741197d1b24afd8e17db99a52ff2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/clue_nrf52840/src/main.rs"}, "region": {"startLine": 602}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143785, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af1ff5ec52f92f220ff6ba4ba5418787d7065b5863d08734b2b8973de132d220", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 274, "correlation_key": "fp|af1ff5ec52f92f220ff6ba4ba5418787d7065b5863d08734b2b8973de132d220"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/clue_nrf52840/src/main.rs"}, "region": {"startLine": 165}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143784, "scanner": "repobility-ai-code-hygiene", "fingerprint": "467b88158dbecbc627abc1ccb919b54ddbc2b302e4d449f286c1347995786fbf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/redboard_artemis_atp/src/main.rs", "duplicate_line": 312, "correlation_key": "fp|467b88158dbecbc627abc1ccb919b54ddbc2b302e4d449f286c1347995786fbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/arty_e21/src/main.rs"}, "region": {"startLine": 220}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143783, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9a7ce5142bb124e7bf608b6a3ed48a760d185bb9c955d894fb6d23206d9d2a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 279, "correlation_key": "fp|c9a7ce5142bb124e7bf608b6a3ed48a760d185bb9c955d894fb6d23206d9d2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/arty_e21/src/main.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143782, "scanner": "repobility-ai-code-hygiene", "fingerprint": "347b76a97405f90c3ffbd0bb629ca7ebae96bacd05bf29801901816cbd7bcd8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 77, "correlation_key": "fp|347b76a97405f90c3ffbd0bb629ca7ebae96bacd05bf29801901816cbd7bcd8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_nano/src/main.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143781, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e1be24b95daffa67e87e69438ae0f36f0d82ab28835daaf8e20739499ecd11c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/redboard_artemis_atp/src/main.rs", "duplicate_line": 10, "correlation_key": "fp|e1be24b95daffa67e87e69438ae0f36f0d82ab28835daaf8e20739499ecd11c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_nano/src/main.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143780, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aedf43364ff63d54ece3a10165e3bed9f2e78b3e6533efceab483433c90a4750", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/redboard_artemis_atp/src/io.rs", "duplicate_line": 16, "correlation_key": "fp|aedf43364ff63d54ece3a10165e3bed9f2e78b3e6533efceab483433c90a4750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_nano/src/io.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143779, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c6c0924a15a2e74a200ff129102586fe32275f0451527f746a72683f2268ee4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/io.rs", "duplicate_line": 1, "correlation_key": "fp|9c6c0924a15a2e74a200ff129102586fe32275f0451527f746a72683f2268ee4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_nano/src/io.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143778, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9020ee21fe9b79870bd3e7bc761e24e7e998f513d84d4a3213fe6d24e4745ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/main.rs", "duplicate_line": 274, "correlation_key": "fp|d9020ee21fe9b79870bd3e7bc761e24e7e998f513d84d4a3213fe6d24e4745ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_atp/src/main.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143777, "scanner": "repobility-ai-code-hygiene", "fingerprint": "905fe8cc695839bcb98ebd30c0bc06bbc657755578f9e057876ca11f4d1f14dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boards/apollo3/lora_things_plus/src/io.rs", "duplicate_line": 1, "correlation_key": "fp|905fe8cc695839bcb98ebd30c0bc06bbc657755578f9e057876ca11f4d1f14dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/apollo3/redboard_artemis_atp/src/io.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143776, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f47c76b1b7ad0e3a317c9985ca186319ee00548bbe6179cc669ecec340ba4f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/riscv/src/csr/mie.rs", "duplicate_line": 4, "correlation_key": "fp|9f47c76b1b7ad0e3a317c9985ca186319ee00548bbe6179cc669ecec340ba4f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/riscv/src/csr/mip.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143775, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78c260622797737a1b97a0be6b4ed20359dc2f8cd4374ab534b69e1178e2b8e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m/src/lib.rs", "duplicate_line": 81, "correlation_key": "fp|78c260622797737a1b97a0be6b4ed20359dc2f8cd4374ab534b69e1178e2b8e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-v7m/src/lib.rs"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143774, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49e3a8be5b467ccb29624abae981bef2c09c0bd683e59ab0390cce86db2cae07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0/src/lib.rs", "duplicate_line": 253, "correlation_key": "fp|49e3a8be5b467ccb29624abae981bef2c09c0bd683e59ab0390cce86db2cae07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-v7m/src/lib.rs"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143773, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d216c81e291869a9561fdb5127d80ddb64e45ea9773347f97e9d3327e59ba65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0p/src/lib.rs", "duplicate_line": 62, "correlation_key": "fp|4d216c81e291869a9561fdb5127d80ddb64e45ea9773347f97e9d3327e59ba65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m7/src/lib.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143772, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c7732c484a9c27b9826bb798ba1958b61ac2575d8e73b7406414a89ed869897", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m3/src/lib.rs", "duplicate_line": 22, "correlation_key": "fp|7c7732c484a9c27b9826bb798ba1958b61ac2575d8e73b7406414a89ed869897"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m7/src/lib.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143771, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f83ff669a18011c1ac5f4543dcf37ecc6ae4dd742c65c4bffcff1ca972561108", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0p/src/lib.rs", "duplicate_line": 62, "correlation_key": "fp|f83ff669a18011c1ac5f4543dcf37ecc6ae4dd742c65c4bffcff1ca972561108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m4f/src/lib.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143770, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb590d7b1a10d6dd742b3871754df5e1de13f5a9c6da9f972f56a31815c4114e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m3/src/lib.rs", "duplicate_line": 22, "correlation_key": "fp|cb590d7b1a10d6dd742b3871754df5e1de13f5a9c6da9f972f56a31815c4114e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m4f/src/lib.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143769, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e9237d6c394a371e6509469b54b6d69e246e952f16b5a841bc1ecab07155eb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0p/src/lib.rs", "duplicate_line": 62, "correlation_key": "fp|5e9237d6c394a371e6509469b54b6d69e246e952f16b5a841bc1ecab07155eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m4/src/lib.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143768, "scanner": "repobility-ai-code-hygiene", "fingerprint": "065983439b4983888074e4f428a26ea56d980b0ac2c6c4dd78f4ab1fffca79dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m3/src/lib.rs", "duplicate_line": 22, "correlation_key": "fp|065983439b4983888074e4f428a26ea56d980b0ac2c6c4dd78f4ab1fffca79dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m4/src/lib.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143767, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40a8f5bcba128e4a7135dc6323d989e31d995ae3b019bc11863c5fe73442cc68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m/src/mpu.rs", "duplicate_line": 271, "correlation_key": "fp|40a8f5bcba128e4a7135dc6323d989e31d995ae3b019bc11863c5fe73442cc68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m33/src/mpu_v8m.rs"}, "region": {"startLine": 280}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143766, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a55eaec1f72f8d9f4e86bb23ae8080d25f43433a21c398cfee649b1e7f84fc80", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0p/src/lib.rs", "duplicate_line": 62, "correlation_key": "fp|a55eaec1f72f8d9f4e86bb23ae8080d25f43433a21c398cfee649b1e7f84fc80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m33/src/lib.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143765, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80b48d7e91449ecb01aa773a15c78efddf674624dfbc129288b2f5a7c8c392da", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m3/src/lib.rs", "duplicate_line": 22, "correlation_key": "fp|80b48d7e91449ecb01aa773a15c78efddf674624dfbc129288b2f5a7c8c392da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m33/src/lib.rs"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143764, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcb403a148c8366a944d71e0c64c374a765b7ab53738bbc5d5812b020949767e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "arch/cortex-m0p/src/lib.rs", "duplicate_line": 62, "correlation_key": "fp|fcb403a148c8366a944d71e0c64c374a765b7ab53738bbc5d5812b020949767e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m3/src/lib.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 143763, "scanner": "repobility-threat-engine", "fingerprint": "1998e85426e1653c375f2bd2cdf673d8876e0b6daf4e3d42796aa4bfc19a128f", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|144|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/embedded_data_visualizer.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `task_stale_pr_assign` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=4, for=1, if=3, nested_bonus=2, ternary=1."}, "properties": {"repobilityId": 143757, "scanner": "repobility-threat-engine", "fingerprint": "134485497618d78db8f6738b6ec8f852edf4de7449f4ad4641a8e8d09130c710", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "task_stale_pr_assign", "breakdown": {"if": 3, "and": 4, "for": 1, "ternary": 1, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|134485497618d78db8f6738b6ec8f852edf4de7449f4ad4641a8e8d09130c710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/tockbot/tockbot.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 143759, "scanner": "repobility-threat-engine", "fingerprint": "0cd398315587194ecf50626aa248d0cae0fd30f01eb991fc5ae7a5ffd1da3d6e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0cd398315587194ecf50626aa248d0cae0fd30f01eb991fc5ae7a5ffd1da3d6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/diff_memory_usage.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 143758, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "find_implemented_capsules", "breakdown": {"if": 5, "for": 5, "else": 1, "break": 3, "continue": 1, "nested_bonus": 25}, "aggregated": true, "complexity": 40, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 143752, "scanner": "repobility-threat-engine", "fingerprint": "9222dff464c4496859ed4d0ab28882ebfcf89dc0cb03c2b1ae90e279f083d7e6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9222dff464c4496859ed4d0ab28882ebfcf89dc0cb03c2b1ae90e279f083d7e6", "aggregated_count": 10}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 143751, "scanner": "repobility-threat-engine", "fingerprint": "bc2d86f43691469e091788f175b8c8e6304764626e1c5983ab607bea175da15e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bc2d86f43691469e091788f175b8c8e6304764626e1c5983ab607bea175da15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "chips/virtio/src/devices/virtio_input.rs"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 143750, "scanner": "repobility-threat-engine", "fingerprint": "ab110cefd85f127d9a6727bbdc9b488e7dfc3bc34fb805030c879629d93711eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab110cefd85f127d9a6727bbdc9b488e7dfc3bc34fb805030c879629d93711eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "chips/litex/src/liteeth.rs"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 143749, "scanner": "repobility-threat-engine", "fingerprint": "539019ac4bdc26f88a61ff65b5d1d2e03d6d30b99007559c63dfef4da41261ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|539019ac4bdc26f88a61ff65b5d1d2e03d6d30b99007559c63dfef4da41261ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/build_scripts/src/default.rs"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "properties": {"repobilityId": 143748, "scanner": "repobility-threat-engine", "fingerprint": "9434c21f2249a05c00b54d3abc39f0d9ebed54709a5e024fe13b257163423eb1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9434c21f2249a05c00b54d3abc39f0d9ebed54709a5e024fe13b257163423eb1", "aggregated_count": 36}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 44 more): Same pattern found in 44 additional files. Review if needed."}, "properties": {"repobilityId": 143744, "scanner": "repobility-threat-engine", "fingerprint": "4e440e90113bbb9eb1beb0597e98add68d58a6e166418b3cebaf29ad98ce02c5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 44 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4e440e90113bbb9eb1beb0597e98add68d58a6e166418b3cebaf29ad98ce02c5", "aggregated_count": 44}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 143743, "scanner": "repobility-threat-engine", "fingerprint": "4c5cd80900a80b9d5edd6b26bd4fd117f2088f549cf6b5beb8733a9334cf466c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c5cd80900a80b9d5edd6b26bd4fd117f2088f549cf6b5beb8733a9334cf466c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/components/src/bus.rs"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 143742, "scanner": "repobility-threat-engine", "fingerprint": "90d727b00777cb211751903c191e1038393eb904f1a8f823fb839f65be84b639", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90d727b00777cb211751903c191e1038393eb904f1a8f823fb839f65be84b639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/build_scripts/src/default.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 143741, "scanner": "repobility-threat-engine", "fingerprint": "23c93b362efcaa05a54ecee38ab3b100041b5531974b5cc60a9a8dcbeea618de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23c93b362efcaa05a54ecee38ab3b100041b5531974b5cc60a9a8dcbeea618de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/x86/src/interrupts/handlers.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED041", "level": "none", "message": {"text": "[MINED041] Rust Unimplemented Macro (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "properties": {"repobilityId": 143740, "scanner": "repobility-threat-engine", "fingerprint": "59d6f04d42f5f04465223e75ef9ca7f267590f70bed9e367f059d1c762495f8e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|59d6f04d42f5f04465223e75ef9ca7f267590f70bed9e367f059d1c762495f8e", "aggregated_count": 27}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 170 more): Same pattern found in 170 additional files. Review if needed."}, "properties": {"repobilityId": 143736, "scanner": "repobility-threat-engine", "fingerprint": "52687879f6c16e81488d226b19989fa61634101df9de54788b6e4d6345ffb497", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 170 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|52687879f6c16e81488d226b19989fa61634101df9de54788b6e4d6345ffb497", "aggregated_count": 170}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143735, "scanner": "repobility-threat-engine", "fingerprint": "1fb98e898affdc648b01b3279398bc25c3c9fdd660adf5e905fff05cb2d12ec2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1fb98e898affdc648b01b3279398bc25c3c9fdd660adf5e905fff05cb2d12ec2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m/src/nvic.rs"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143734, "scanner": "repobility-threat-engine", "fingerprint": "dba93486267d9def0311fa2e0cbcbda98228ef130184500fa6ce19f153c69dac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dba93486267d9def0311fa2e0cbcbda98228ef130184500fa6ce19f153c69dac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m/src/dma_fence.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143733, "scanner": "repobility-threat-engine", "fingerprint": "963ba1764d4ecf7bef73df3ec70b512c283b9b80368851b9bb0d565e5771eaf8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|963ba1764d4ecf7bef73df3ec70b512c283b9b80368851b9bb0d565e5771eaf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m/src/dcb.rs"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143841, "scanner": "repobility-supply-chain", "fingerprint": "a38c7d6288a5a6eee36fb2692f828f7fe7b4fdbbd3440d29992ee7e2f4b5b0eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a38c7d6288a5a6eee36fb2692f828f7fe7b4fdbbd3440d29992ee7e2f4b5b0eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-nightly.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143840, "scanner": "repobility-supply-chain", "fingerprint": "99ebd43491978615bc95f088f08748df3229ddcc3e68837e9019af9c3e62e040", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|99ebd43491978615bc95f088f08748df3229ddcc3e68837e9019af9c3e62e040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-nightly.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/labeler` pinned to mutable ref `@v4.3.0`: `uses: actions/labeler@v4.3.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143839, "scanner": "repobility-supply-chain", "fingerprint": "693e9d86b266ba60bc737e5acf33d9af4356734f9364613fa4a877f89fc70f8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|693e9d86b266ba60bc737e5acf33d9af4356734f9364613fa4a877f89fc70f8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/labeler.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143838, "scanner": "repobility-supply-chain", "fingerprint": "8858f28e138b18bb6f7543e474bdcd6c6cd9c511057bfca51cb171999a500351", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8858f28e138b18bb6f7543e474bdcd6c6cd9c511057bfca51cb171999a500351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mergequeue_docs.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143837, "scanner": "repobility-supply-chain", "fingerprint": "36e2bd8b969cceeb5a05eb3ed681ba804eac4641332f0c1eb7d20f1eda7e6b0a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36e2bd8b969cceeb5a05eb3ed681ba804eac4641332f0c1eb7d20f1eda7e6b0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143836, "scanner": "repobility-supply-chain", "fingerprint": "9e0d794593bd44135c6ce26b662ffe4368c160f3bb3c286abe15f5b2e25176ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9e0d794593bd44135c6ce26b662ffe4368c160f3bb3c286abe15f5b2e25176ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143835, "scanner": "repobility-supply-chain", "fingerprint": "00b6011eeaeb10bd4b4a95e73b3079635e57227c68e99e775438bb871239c20c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|00b6011eeaeb10bd4b4a95e73b3079635e57227c68e99e775438bb871239c20c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143834, "scanner": "repobility-supply-chain", "fingerprint": "3e545e7e5729f84fe76a2edd4602eff15ced61d141fb5dcefed88f3d45903e17", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e545e7e5729f84fe76a2edd4602eff15ced61d141fb5dcefed88f3d45903e17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143833, "scanner": "repobility-supply-chain", "fingerprint": "b193aea67894978e5d7d49b21872ba70806b8495497011d46dcf86b4e3ca1873", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b193aea67894978e5d7d49b21872ba70806b8495497011d46dcf86b4e3ca1873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143832, "scanner": "repobility-supply-chain", "fingerprint": "f4744d7c6fb0215a3a7052b3ff43124d214334c60b4f3c28c6a157802037ffe8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f4744d7c6fb0215a3a7052b3ff43124d214334c60b4f3c28c6a157802037ffe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v3`: `uses: actions/setup-node@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143831, "scanner": "repobility-supply-chain", "fingerprint": "cdcc841dc4a31c10f44e666d5c4c6e5757be2d78350d4bcd29e7dfe78d9e2c62", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cdcc841dc4a31c10f44e666d5c4c6e5757be2d78350d4bcd29e7dfe78d9e2c62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143830, "scanner": "repobility-supply-chain", "fingerprint": "793900d81f6b981ad8619344b0d2dacc44ebecfe8d94c4d7b0b207270b45b0a4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|793900d81f6b981ad8619344b0d2dacc44ebecfe8d94c4d7b0b207270b45b0a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143829, "scanner": "repobility-supply-chain", "fingerprint": "6871bdbc3adbddaf33f286260314b740202a35f20674816ff9dba90d51b1e540", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6871bdbc3adbddaf33f286260314b740202a35f20674816ff9dba90d51b1e540"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143828, "scanner": "repobility-supply-chain", "fingerprint": "da6661d98e831722d3951e855f3d5b99320c33c6bd93dfa28fc049562010d15a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da6661d98e831722d3951e855f3d5b99320c33c6bd93dfa28fc049562010d15a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmarks.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143827, "scanner": "repobility-supply-chain", "fingerprint": "9aa566ba04edba98cebac3a4f4835157206be17356e97decb1aeca3268a7652c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9aa566ba04edba98cebac3a4f4835157206be17356e97decb1aeca3268a7652c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tockbot-nightly.yml"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143826, "scanner": "repobility-supply-chain", "fingerprint": "6db9c2bd107d9c78da7fae54a0a233a601bb256142198f708d0800cfa1136892", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6db9c2bd107d9c78da7fae54a0a233a601bb256142198f708d0800cfa1136892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tockbot-nightly.yml"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143825, "scanner": "repobility-supply-chain", "fingerprint": "bfdde930033262c8b5443f96cfe5c5b3bbb146d5084bc3d964de6dc397fc4b25", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfdde930033262c8b5443f96cfe5c5b3bbb146d5084bc3d964de6dc397fc4b25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tockbot-nightly.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143824, "scanner": "repobility-supply-chain", "fingerprint": "cc4cc4dce00672c3cb7d276de48668d289445630f2ee15e09b8f4109ea8aaac7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc4cc4dce00672c3cb7d276de48668d289445630f2ee15e09b8f4109ea8aaac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tockbot-nightly.yml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143823, "scanner": "repobility-supply-chain", "fingerprint": "fa39c30a291aa97391e705cbc17fe52dad71e9ad0a302c050f9523cf0c3d4941", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa39c30a291aa97391e705cbc17fe52dad71e9ad0a302c050f9523cf0c3d4941"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tockbot-nightly.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143822, "scanner": "repobility-supply-chain", "fingerprint": "de55a4758651c03c9b9d93e20f466990dff359935e1a4bd30b00e6871b6d3239", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de55a4758651c03c9b9d93e20f466990dff359935e1a4bd30b00e6871b6d3239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/litex_sim.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143821, "scanner": "repobility-supply-chain", "fingerprint": "cd37de766809e5088727be4d794cb053abb31275cd1a25b4fddcc4e379d9932e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cd37de766809e5088727be4d794cb053abb31275cd1a25b4fddcc4e379d9932e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/litex_sim.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143820, "scanner": "repobility-supply-chain", "fingerprint": "25a6263ca5fe94413c78e56676cebead1ae470d28211ed8985b46b9d14556f0f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25a6263ca5fe94413c78e56676cebead1ae470d28211ed8985b46b9d14556f0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/litex_sim.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tock/tock-hardware-ci/.github/workflows/treadmill-ci.yml` pinned to mutable ref `@main`: `uses: tock/tock-hardware-ci/.github/workflows/treadmill-ci.yml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143819, "scanner": "repobility-supply-chain", "fingerprint": "35af980bc5b983fa6707c0c8e6b6f9763b5928c193efe52dad51dc2cc9d14e29", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35af980bc5b983fa6707c0c8e6b6f9763b5928c193efe52dad51dc2cc9d14e29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/treadmill-ci.yml"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143818, "scanner": "repobility-supply-chain", "fingerprint": "14cc4c1cd085e8c932880549e8fac1564a601e1ad94ea8d6c0c0b09e33840d3c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14cc4c1cd085e8c932880549e8fac1564a601e1ad94ea8d6c0c0b09e33840d3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/treadmill-ci.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143817, "scanner": "repobility-supply-chain", "fingerprint": "7253c7d8fe83b395468aa5961c23b43b498bb524cbba05f3cca7b60592a5e24a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7253c7d8fe83b395468aa5961c23b43b498bb524cbba05f3cca7b60592a5e24a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/treadmill-ci.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.__evaluate_encoded` used but never assigned in __init__: Method `recv_output` of class `SerialPort` reads `self.__evaluate_encoded`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143812, "scanner": "repobility-ast-engine", "fingerprint": "c818d6723056f559f59ed56fcf235c2c9875006980fea5151c9dc10632a94d36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c818d6723056f559f59ed56fcf235c2c9875006980fea5151c9dc10632a94d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_deleting_with: Test function `test_deleting_with` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143811, "scanner": "repobility-ast-engine", "fingerprint": "dc2722bc9d34f0c9b1d73b6b809b5e503708e8eef1f5182d507ef71a3f893d70", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc2722bc9d34f0c9b1d73b6b809b5e503708e8eef1f5182d507ef71a3f893d70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 523}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inserting: Test function `test_inserting` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143810, "scanner": "repobility-ast-engine", "fingerprint": "4f96d0866b9baa293b0c76a62623a0136c887e16382d423bbdd2200ce948fc75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f96d0866b9baa293b0c76a62623a0136c887e16382d423bbdd2200ce948fc75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 488}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_deleting_with: Test function `test_deleting_with` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143809, "scanner": "repobility-ast-engine", "fingerprint": "89b9db5bde17b7d853ddc454ee8527562967225581b6d9ac7ec4fc5f7120c7e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89b9db5bde17b7d853ddc454ee8527562967225581b6d9ac7ec4fc5f7120c7e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_command_history_edit: Test function `test_command_history_edit` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143808, "scanner": "repobility-ast-engine", "fingerprint": "31bbeb872b44958782797a6c594a768cc967b6001d4b7787c57bf283f0276fb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31bbeb872b44958782797a6c594a768cc967b6001d4b7787c57bf283f0276fb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_newline_return: Test function `test_newline_return` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143807, "scanner": "repobility-ast-engine", "fingerprint": "bbb2812bcf3b07dd7b768b57d4ae74451ce69ce3f2df92f45f3c7ddb9d93b381", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbb2812bcf3b07dd7b768b57d4ae74451ce69ce3f2df92f45f3c7ddb9d93b381"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cariage_return: Test function `test_cariage_return` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143806, "scanner": "repobility-ast-engine", "fingerprint": "b63383b8ec941175f48490f983609f54e1da4101ab4fa1f5c92176d8867188dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b63383b8ec941175f48490f983609f54e1da4101ab4fa1f5c92176d8867188dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 387}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_deleting: Test function `test_deleting` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143805, "scanner": "repobility-ast-engine", "fingerprint": "bdfef854f289a516e4c2e976ce9a74a2e9a2e1bb89b328d9ded9640ec73dd355", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdfef854f289a516e4c2e976ce9a74a2e9a2e1bb89b328d9ded9640ec73dd355"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inserting: Test function `test_inserting` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143804, "scanner": "repobility-ast-engine", "fingerprint": "ff384072a95246518ddde6379fc2155aac5df39d58cc2b634950e17957a2c6a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff384072a95246518ddde6379fc2155aac5df39d58cc2b634950e17957a2c6a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inserting_in_middle: Test function `test_inserting_in_middle` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143803, "scanner": "repobility-ast-engine", "fingerprint": "14ef2a7ded82b4a95e3e861e78f6d5e13e7de225a2b22829ca6dea2bd4588670", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14ef2a7ded82b4a95e3e861e78f6d5e13e7de225a2b22829ca6dea2bd4588670"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inserting_at_start: Test function `test_inserting_at_start` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143802, "scanner": "repobility-ast-engine", "fingerprint": "c157a0c2aa0e41d70dfd622484d6a796706e860800dd2ec316f4f98f74fbb269", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c157a0c2aa0e41d70dfd622484d6a796706e860800dd2ec316f4f98f74fbb269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_inserting_at_end: Test function `test_inserting_at_end` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143801, "scanner": "repobility-ast-engine", "fingerprint": "84c99721f04bb6c77b800a5ebee17695d57e7b453e10332fd1c47cd89900fc04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84c99721f04bb6c77b800a5ebee17695d57e7b453e10332fd1c47cd89900fc04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_command_history_api: Test function `test_command_history_api` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143800, "scanner": "repobility-ast-engine", "fingerprint": "6dea25921ccc556c5aabf76c8734ce732b8e3b6c7b64b963b17829fbbdb4079a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6dea25921ccc556c5aabf76c8734ce732b8e3b6c7b64b963b17829fbbdb4079a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fill_command_history: Test function `test_fill_command_history` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143799, "scanner": "repobility-ast-engine", "fingerprint": "3bbda059114dbff8f316bd27d61db9e18b97abf3e577e43a4c24bcaef5f7bfd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bbda059114dbff8f316bd27d61db9e18b97abf3e577e43a4c24bcaef5f7bfd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_open_serial_port: Test function `test_open_serial_port` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143798, "scanner": "repobility-ast-engine", "fingerprint": "0e1d794e559761002dc8571bbbf5eecdafbfebe34f508526d992d7c3bd8c7207", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e1d794e559761002dc8571bbbf5eecdafbfebe34f508526d992d7c3bd8c7207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/check_process_console.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 143762, "scanner": "repobility-threat-engine", "fingerprint": "fbca50960df36ee98891e6b98694afa1bd36e562f3852ba1101f17b2eca1462d", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\n            '^([0-9a-f]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|188|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/embedded_data_analyzer.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 143760, "scanner": "repobility-threat-engine", "fingerprint": "18d9da5bff10dba490a9fed3e14b962477ac147246a495e6be75e55768a21784", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18d9da5bff10dba490a9fed3e14b962477ac147246a495e6be75e55768a21784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/netlify-build.sh"}, "region": {"startLine": 20}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 40 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, elif=6, except=1, for=2, if=11, nested_bonus=18."}, "properties": {"repobilityId": 143756, "scanner": "repobility-threat-engine", "fingerprint": "2638d9e0fbee450041ced7a5ffa9bf4b079e2f22c29896d55e05f53f748504b5", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 40 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 11, "for": 2, "elif": 6, "break": 2, "except": 1, "nested_bonus": 18}, "complexity": 40, "correlation_key": "fp|2638d9e0fbee450041ced7a5ffa9bf4b079e2f22c29896d55e05f53f748504b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/diff_memory_usage.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `find_implemented_capsules` has cognitive complexity 40 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=3, continue=1, else=1, for=5, if=5, nested_bonus=25."}, "properties": {"repobilityId": 143755, "scanner": "repobility-threat-engine", "fingerprint": "78499c2bb28c1e609ac9b15f74bfcaa4dde1d735278d7da24390666755f66643", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 40 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "find_implemented_capsules", "breakdown": {"if": 5, "for": 5, "else": 1, "break": 3, "continue": 1, "nested_bonus": 25}, "complexity": 40, "correlation_key": "fp|78499c2bb28c1e609ac9b15f74bfcaa4dde1d735278d7da24390666755f66643"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/ci/check-capsule-readme.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 143753, "scanner": "repobility-threat-engine", "fingerprint": "d68e7669d336ff22f5b1a0b61f26ebb39edfb11f399e1d060d2f0e66bf8cf417", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.publish();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d68e7669d336ff22f5b1a0b61f26ebb39edfb11f399e1d060d2f0e66bf8cf417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "capsules/system/src/debug_writer/uart_debug_writer.rs"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143747, "scanner": "repobility-threat-engine", "fingerprint": "2bf54e34f67065be4cebe2c75e5556fb5750a3ad149b4e0387417580a0a33499", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2bf54e34f67065be4cebe2c75e5556fb5750a3ad149b4e0387417580a0a33499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/components/src/thread_network.rs"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143746, "scanner": "repobility-threat-engine", "fingerprint": "1565b503283d0bd6f81289a08e24ac672100ed89ccd0d7aafd43f35ff3fc7d46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1565b503283d0bd6f81289a08e24ac672100ed89ccd0d7aafd43f35ff3fc7d46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/components/src/lpm013m126.rs"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143745, "scanner": "repobility-threat-engine", "fingerprint": "b38fcac1fe8cb898dd8ac349c078e8da8b53da31b2e4c5b181b5ff2429031718", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b38fcac1fe8cb898dd8ac349c078e8da8b53da31b2e4c5b181b5ff2429031718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boards/build_scripts/src/default.rs"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 143739, "scanner": "repobility-threat-engine", "fingerprint": "2d4524349e7927ac8ba9d51a2073367da8c5eba69e7962db35f8324cff42b97b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d4524349e7927ac8ba9d51a2073367da8c5eba69e7962db35f8324cff42b97b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m0p/src/lib.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 143738, "scanner": "repobility-threat-engine", "fingerprint": "885a2a8c99ecc20be90a57e1c1bc12773d8395a4ff2b6dcb2ff80d3d7674f7f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|885a2a8c99ecc20be90a57e1c1bc12773d8395a4ff2b6dcb2ff80d3d7674f7f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m/src/support.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 143737, "scanner": "repobility-threat-engine", "fingerprint": "2a91261e55350aaeeeffd3a2a5b006bab490dafec61b37749eaddc074703404a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a91261e55350aaeeeffd3a2a5b006bab490dafec61b37749eaddc074703404a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "arch/cortex-m/src/dma_fence.rs"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 143815, "scanner": "repobility-ast-engine", "fingerprint": "cdd9452312df4053a2c45e640047d82f9b3885ba682604c885f26f77fb9f2231", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdd9452312df4053a2c45e640047d82f9b3885ba682604c885f26f77fb9f2231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/debugging-and-development/svd2regs/svd2regs.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 143797, "scanner": "repobility-ast-engine", "fingerprint": "cec9917ceb611d91145da09b846a372aa7c62f247622ad2e523a9ab6e6179f65", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cec9917ceb611d91145da09b846a372aa7c62f247622ad2e523a9ab6e6179f65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/svd2regs/svd2regs.py"}, "region": {"startLine": 306}}}]}]}]}