{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-5239-wwwm-4pmq", "name": "pygments: GHSA-5239-wwwm-4pmq", "shortDescription": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "fullDescription": {"text": "Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 14 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 14."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `archlinux:base-devel` unpinned", "shortDescription": {"text": "Workflow container/services image `archlinux:base-devel` unpinned"}, "fullDescription": {"text": "`container/services image: archlinux:base-devel` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1407"}, "properties": {"repository": "malbiruk/driftwm", "repoUrl": "https://github.com/malbiruk/driftwm", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144365, "scanner": "repobility-ast-engine", "fingerprint": "7bab4f5e5238ae768da24ec667aa97ea92d6a6a16c631925de283b555ce5a96c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bab4f5e5238ae768da24ec667aa97ea92d6a6a16c631925de283b555ce5a96c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/widgets/common.py"}, "region": {"startLine": 396}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144364, "scanner": "repobility-ast-engine", "fingerprint": "0aae100981ce2defa18b08c101ab93b38453526f6a75f4db0e3be24b0b9324c0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0aae100981ce2defa18b08c101ab93b38453526f6a75f4db0e3be24b0b9324c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/widgets/common.py"}, "region": {"startLine": 310}}}]}, {"ruleId": "GHSA-5239-wwwm-4pmq", "level": "note", "message": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "properties": {"repobilityId": 144389, "scanner": "osv-scanner", "fingerprint": "c2d3cae68d505efbf07e261e9df09f634ad9ba8770713860c4487359450487b1", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4539"], "package": "pygments", "rule_id": "GHSA-5239-wwwm-4pmq", "scanner": "osv-scanner", "correlation_key": "vuln|pygments|CVE-2026-4539|extras/widgets/uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/widgets/uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=5, except=1, if=1, nested_bonus=6, while=1."}, "properties": {"repobilityId": 144376, "scanner": "repobility-threat-engine", "fingerprint": "14afdf1f3a19fa7556b4f439e113e69fb726e1f0b14b0746c119c95e19ada080", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "elif": 5, "while": 1, "except": 1, "nested_bonus": 6}, "complexity": 14, "correlation_key": "fp|14afdf1f3a19fa7556b4f439e113e69fb726e1f0b14b0746c119c95e19ada080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/widgets/power_menu.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `render` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, except=1, for=2, if=1, nested_bonus=5."}, "properties": {"repobilityId": 144375, "scanner": "repobility-threat-engine", "fingerprint": "364a9e98a19573dd74a41faf63c69c8846debc3b22ef505e5a1edf70f56bb6ee", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "render", "breakdown": {"if": 1, "for": 2, "elif": 1, "else": 1, "except": 1, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|364a9e98a19573dd74a41faf63c69c8846debc3b22ef505e5a1edf70f56bb6ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extras/widgets/calendar_widget.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b108239464d8344a21ab2962d6a6b4dc727e18c476d851d7ead0c18b32cda3e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/config_bindings_test.rs", "duplicate_line": 2, "correlation_key": "fp|b108239464d8344a21ab2962d6a6b4dc727e18c476d851d7ead0c18b32cda3e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/config_toml_test.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa5b3b6a918f173bc249b86d03f2a22be61e81e7c9b06a5ed63fb7c4876d4239", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/config_parse_test.rs", "duplicate_line": 7, "correlation_key": "fp|aa5b3b6a918f173bc249b86d03f2a22be61e81e7c9b06a5ed63fb7c4876d4239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/config_toml_test.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "703727f3302c5375fe3c904ba4c58369d598568d638a8e94ce88ce16259cae2e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/config_bindings_test.rs", "duplicate_line": 2, "correlation_key": "fp|703727f3302c5375fe3c904ba4c58369d598568d638a8e94ce88ce16259cae2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/config_parse_test.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df5399534eb5bff6f20d142f65f27904e97195e6d3cd6d7a5d7854a3e5b48f82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/handlers/xdg_shell.rs", "duplicate_line": 333, "correlation_key": "fp|df5399534eb5bff6f20d142f65f27904e97195e6d3cd6d7a5d7854a3e5b48f82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/input/pointer.rs"}, "region": {"startLine": 379}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f78977a93aadbc93bf4b59412761de6449781c01c435fdce4fc225e51e624eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/handlers/mod.rs", "duplicate_line": 510, "correlation_key": "fp|4f78977a93aadbc93bf4b59412761de6449781c01c435fdce4fc225e51e624eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/handlers/xdg_shell.rs"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "001a70f4f06affc53ab75bb5aa17a7c26c1ff94a35c84e73536c5de5f2c88417", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/grabs/move_grab.rs", "duplicate_line": 165, "correlation_key": "fp|001a70f4f06affc53ab75bb5aa17a7c26c1ff94a35c84e73536c5de5f2c88417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/grabs/resize_grab.rs"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144387, "scanner": "repobility-threat-engine", "fingerprint": "82b03f6d47da6f8138de0c08108e5442b1e8758990e99846ee3341bc217c6ff5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|82b03f6d47da6f8138de0c08108e5442b1e8758990e99846ee3341bc217c6ff5", "aggregated_count": 1}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 144386, "scanner": "repobility-threat-engine", "fingerprint": "d6dc33d89ae813b320167b5c7ac52f7b3749c46374f20ca2cf7bf9faf1899356", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d6dc33d89ae813b320167b5c7ac52f7b3749c46374f20ca2cf7bf9faf1899356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signals.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 144385, "scanner": "repobility-threat-engine", "fingerprint": "e10354e344356d92b5dbc589e0494f3dda20dbe54d7c65ccc8a366cd1f02b811", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e10354e344356d92b5dbc589e0494f3dda20dbe54d7c65ccc8a366cd1f02b811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 144384, "scanner": "repobility-threat-engine", "fingerprint": "6e9212bac1480ca1a1003fdc341c4a7936b0d1d770231d3d9d7af473a325c362", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e9212bac1480ca1a1003fdc341c4a7936b0d1d770231d3d9d7af473a325c362"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ipc/protocol.rs"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144383, "scanner": "repobility-threat-engine", "fingerprint": "6d61b1b9adbc555ff68336e2e5d34d8209d2933fce656ea17f71da8940afeafb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d61b1b9adbc555ff68336e2e5d34d8209d2933fce656ea17f71da8940afeafb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/text.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144382, "scanner": "repobility-threat-engine", "fingerprint": "031c535acb9081b449ce522ea4bbea5bbf3a5ddd4bbbd3cc0a7fce8e787acee6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|031c535acb9081b449ce522ea4bbea5bbf3a5ddd4bbbd3cc0a7fce8e787acee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signals.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144381, "scanner": "repobility-threat-engine", "fingerprint": "b4b838df701e80f2d2fc6d832ff6ed8f58b543963034a805d274e1febf0d90ba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4b838df701e80f2d2fc6d832ff6ed8f58b543963034a805d274e1febf0d90ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/backend/cvt.rs"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 144380, "scanner": "repobility-threat-engine", "fingerprint": "01ea48ccde960d826736e10dc92ff9485d342976b2b1cfee4f616935d660f870", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|01ea48ccde960d826736e10dc92ff9485d342976b2b1cfee4f616935d660f870", "aggregated_count": 15}}}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 144388, "scanner": "osv-scanner", "fingerprint": "a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "ee2ad9157999fcb0c8f925391a5e09946511288ceed3e6c5f5b05828611b879f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144379, "scanner": "repobility-threat-engine", "fingerprint": "8f2408d9b9c11293b64f94feb4c7e4e42f1ec9b2d938f4c50421ce119a10bcfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f2408d9b9c11293b64f94feb4c7e4e42f1ec9b2d938f4c50421ce119a10bcfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/grabs/pan_grab.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144378, "scanner": "repobility-threat-engine", "fingerprint": "60db282ed6793ca57220ec5a0e84070a923bd9dcb3a7fa7c567a2a9174142db5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60db282ed6793ca57220ec5a0e84070a923bd9dcb3a7fa7c567a2a9174142db5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/backend/winit.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144377, "scanner": "repobility-threat-engine", "fingerprint": "03683388c1ce229bf26402d92585f0dd9712def0cab02d3253547fc0e6f67dd1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|03683388c1ce229bf26402d92585f0dd9712def0cab02d3253547fc0e6f67dd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/backend/cvt.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 144374, "scanner": "repobility-supply-chain", "fingerprint": "a43b2f2466bb76aaac1a9712a5376e198a5a34ea0d6b82d019b8a3550fa4e163", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a43b2f2466bb76aaac1a9712a5376e198a5a34ea0d6b82d019b8a3550fa4e163"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 144373, "scanner": "repobility-supply-chain", "fingerprint": "f2fdc9bd971763366ae63611a87f5fc84738090735efd5283e5cfb4f016b0095", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2fdc9bd971763366ae63611a87f5fc84738090735efd5283e5cfb4f016b0095"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 144372, "scanner": "repobility-supply-chain", "fingerprint": "785f0f2035c8c1c8345c5d689feaf489e1ccbf33a48a1e1b0e2cb4002765c62c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|785f0f2035c8c1c8345c5d689feaf489e1ccbf33a48a1e1b0e2cb4002765c62c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 144371, "scanner": "repobility-supply-chain", "fingerprint": "ac5a61651b59c95266453920dda8df5ae4ed6ac1ed88d4debb4f895f1321ef51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac5a61651b59c95266453920dda8df5ae4ed6ac1ed88d4debb4f895f1321ef51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 144370, "scanner": "repobility-supply-chain", "fingerprint": "68afaf89fad9daf44c061b3d5bf2289b025f15e50684e459f83d78411c35327f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|68afaf89fad9daf44c061b3d5bf2289b025f15e50684e459f83d78411c35327f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 144369, "scanner": "repobility-supply-chain", "fingerprint": "82cb516c9365eb0330e8c6a77971b337369c0ca7cdd6c521b23802b329289b5f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82cb516c9365eb0330e8c6a77971b337369c0ca7cdd6c521b23802b329289b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 144368, "scanner": "repobility-supply-chain", "fingerprint": "7b2b1c9c73e719cc7643005a40539c011a62ed1d65adf2f8f7aef6d4368747f3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b2b1c9c73e719cc7643005a40539c011a62ed1d65adf2f8f7aef6d4368747f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 144367, "scanner": "repobility-supply-chain", "fingerprint": "e8b356a5e98c68792acf4f4d9f8c084ac1c7016c767059f265d0eb9f6a14768c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8b356a5e98c68792acf4f4d9f8c084ac1c7016c767059f265d0eb9f6a14768c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `archlinux:base-devel` unpinned"}, "properties": {"repobilityId": 144366, "scanner": "repobility-supply-chain", "fingerprint": "d1c30246a70c428a06575d773f6fcfa09c36ba69979d3947d7038b7eb6d9c49c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1c30246a70c428a06575d773f6fcfa09c36ba69979d3947d7038b7eb6d9c49c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/aur-release.yml"}, "region": {"startLine": 19}}}]}]}]}