{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_ensure_compiler_in_openvino_libs` has cognitive complexity 11 (SonarSour", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_ensure_compiler_in_openvino_libs` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean c"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.", "shortDescription": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 57 more): Same pattern found in 57 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 43 more): Same pattern found in 43 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 43 more): Same pattern found in 43 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter (and 1 more): Same pattern found in 1 additional files. Review if nee", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 30 more): Same pattern found in 30 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 786 more): Same pattern found in 786 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 786 more): Same pattern found in 786 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `tflite/java/", "shortDescription": {"text": "[MINED134] Binary file `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (53,636 bytes) committed to a repo that otherwise has 2639"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:", "shortDescription": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` unpinned: `container/services image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:l"}, "fullDescription": {"text": "Replace with `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at work", "shortDescription": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise"}, "fullDescription": {"text": "Replace with: `uses: actions/cache/restore@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `tensorflow/build:latest-python3.11` not pinned by digest: `FROM tensorflow/build:latest-pyth", "shortDescription": {"text": "[MINED118] Dockerfile FROM `tensorflow/build:latest-python3.11` not pinned by digest: `FROM tensorflow/build:latest-python3.11` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is p"}, "fullDescription": {"text": "Replace with: `FROM tensorflow/build:latest-python3.11@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_i32: Test function `test_i32` runs code but contains no assert / expect / should ", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_i32: Test function `test_i32` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_prepare_for_npu_bad_config` of class `P", "shortDescription": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_prepare_for_npu_bad_config` of class `PrepareForNpuTest` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). T"}, "fullDescription": {"text": "Initialize `self.assertRaises = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED011", "name": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match.", "shortDescription": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED029", "name": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety.", "shortDescription": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `", "shortDescription": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import operator` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1200"}, "properties": {"repository": "google-ai-edge/LiteRT", "repoUrl": "https://github.com/google-ai-edge/LiteRT", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120945, "scanner": "repobility-ast-engine", "fingerprint": "816dbfac29656032e9e41e7cf463c07e0ff93e7c6baf7f12e19317b6322aa365", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|816dbfac29656032e9e41e7cf463c07e0ff93e7c6baf7f12e19317b6322aa365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/tests/debuginfo/saved_model_error.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120944, "scanner": "repobility-ast-engine", "fingerprint": "3554cadb575dc2d0120bcd1aec59c80450503afca2d1d0519a729c0f197cb77b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3554cadb575dc2d0120bcd1aec59c80450503afca2d1d0519a729c0f197cb77b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/tests/debuginfo/concrete_function_error.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120942, "scanner": "repobility-ast-engine", "fingerprint": "f350049b9974a0bffa4a33a2fd635c6cd41a468431cef60f36fbea8bb1d330d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f350049b9974a0bffa4a33a2fd635c6cd41a468431cef60f36fbea8bb1d330d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/lite.py"}, "region": {"startLine": 2882}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120941, "scanner": "repobility-ast-engine", "fingerprint": "bd6463d4e524af5fe81835689e31dae57c120eeb1321c621c18b152b04cc0cf0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd6463d4e524af5fe81835689e31dae57c120eeb1321c621c18b152b04cc0cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/lite.py"}, "region": {"startLine": 2547}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120940, "scanner": "repobility-ast-engine", "fingerprint": "d3af1f8eb9b4db45375c093686c2584860968a086d994a3872025f862ef42ad6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3af1f8eb9b4db45375c093686c2584860968a086d994a3872025f862ef42ad6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/lite.py"}, "region": {"startLine": 1902}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120939, "scanner": "repobility-ast-engine", "fingerprint": "dc49267ee69521fbcb6b5b60f8adb693e123786c67f6b47c177074b2faceef73", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc49267ee69521fbcb6b5b60f8adb693e123786c67f6b47c177074b2faceef73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/lite.py"}, "region": {"startLine": 1681}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120938, "scanner": "repobility-ast-engine", "fingerprint": "0305c7359e7f648ee26a98ec7871160d30b41796a0aa66b4301b134d9d7249e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0305c7359e7f648ee26a98ec7871160d30b41796a0aa66b4301b134d9d7249e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/util.py"}, "region": {"startLine": 1151}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120935, "scanner": "repobility-ast-engine", "fingerprint": "40da48a150cb68685c0a97099c8a8c6a83e0475d4b023bbf17772af6e23536a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40da48a150cb68685c0a97099c8a8c6a83e0475d4b023bbf17772af6e23536a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/ai_edge_litert_sdk_google_tensor/__init__.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120934, "scanner": "repobility-ast-engine", "fingerprint": "afe4b38b1fd827764d9f751ad052b547c3b8da3166345805bc5af1a2ebfcf88e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afe4b38b1fd827764d9f751ad052b547c3b8da3166345805bc5af1a2ebfcf88e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/ai_edge_litert_sdk_qualcomm/__init__.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120933, "scanner": "repobility-ast-engine", "fingerprint": "d4a5d63aa0c5c69ee1e7e82fc5c3e97042ee264ce3f3033079516dee2a709ea6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4a5d63aa0c5c69ee1e7e82fc5c3e97042ee264ce3f3033079516dee2a709ea6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/ai_edge_litert_sdk_mediatek/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120932, "scanner": "repobility-ast-engine", "fingerprint": "9a9ff5d5609dd7d25a21004657f20715b8f74557ebbe27a7bdb7e2a725ab6bed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a9ff5d5609dd7d25a21004657f20715b8f74557ebbe27a7bdb7e2a725ab6bed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/ai_edge_litert_sdk_samsung/__init__.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120931, "scanner": "repobility-ast-engine", "fingerprint": "ab85fc6a105f42b56a63c535405a87a5d0c40a8a16c05538ca5dbbc24dfb5fce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab85fc6a105f42b56a63c535405a87a5d0c40a8a16c05538ca5dbbc24dfb5fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/setup.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120930, "scanner": "repobility-ast-engine", "fingerprint": "8dc838b3cd809ac8ac950b96832cea7a2a51108a15607c7990b006a8d693b4eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dc838b3cd809ac8ac950b96832cea7a2a51108a15607c7990b006a8d693b4eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/setup.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120929, "scanner": "repobility-ast-engine", "fingerprint": "a58b3136fad039c648298fe77be945f82200717c750a32fd46f946909b8c4508", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a58b3136fad039c648298fe77be945f82200717c750a32fd46f946909b8c4508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/setup.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120928, "scanner": "repobility-ast-engine", "fingerprint": "d0fc02601e50a3f61d0db7e5d9f3f2973f9fdc38c7a6465898e587eac4207ec3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0fc02601e50a3f61d0db7e5d9f3f2973f9fdc38c7a6465898e587eac4207ec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/setup.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120927, "scanner": "repobility-ast-engine", "fingerprint": "113a2536271f2aed032878b7cca40ec3a767e5d1208f006adf0168e149aa78d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|113a2536271f2aed032878b7cca40ec3a767e5d1208f006adf0168e149aa78d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120926, "scanner": "repobility-ast-engine", "fingerprint": "d28e6af2c15dc96521d59b44f6547562561629b71da0a16322fc7e68a96c3310", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d28e6af2c15dc96521d59b44f6547562561629b71da0a16322fc7e68a96c3310"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/converter_setup_with_binary.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120925, "scanner": "repobility-ast-engine", "fingerprint": "6e9ba4a3f21f4a1fe2778f5d53b1450e7029d9960344ca19bba7070d0a289daf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e9ba4a3f21f4a1fe2778f5d53b1450e7029d9960344ca19bba7070d0a289daf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/setup_with_binary.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120924, "scanner": "repobility-ast-engine", "fingerprint": "f48814438122b7f3bdfb89c6b07b1201f0927e8a6bb826d6b0aa5fdf9dfc1305", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f48814438122b7f3bdfb89c6b07b1201f0927e8a6bb826d6b0aa5fdf9dfc1305"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/setup_with_binary.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120908, "scanner": "repobility-ast-engine", "fingerprint": "a6ccf314c265d86f661ef8fb2865efb8540c0f104ea8b731b6defdf0088b802b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6ccf314c265d86f661ef8fb2865efb8540c0f104ea8b731b6defdf0088b802b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/litert_wrapper/simple_accel_smoke_test.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 120870, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 120867, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120866, "scanner": "repobility-docker", "fingerprint": "e5a9a28a7a0096accc0d71c17b6ce1d194f9e788f0f0f046f660380925511189", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${IMAGE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5a9a28a7a0096accc0d71c17b6ce1d194f9e788f0f0f046f660380925511189"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 120823, "scanner": "repobility-threat-engine", "fingerprint": "54377b53d7b35f43397ae080f707e7946f339a62e7e718b300c546521c6c7443", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|54|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/quantization/lite/quantize_model.h"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 120822, "scanner": "repobility-threat-engine", "fingerprint": "57329227051d2b8e6928f6872b11457151ae5aa10b052f72aad9ee03c2e03d52", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|197|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/quantization/common/quantization_lib/quantization_config.h"}, "region": {"startLine": 197}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 120821, "scanner": "repobility-threat-engine", "fingerprint": "ab24e1f297936296689cccc480f8a3dcf8e2e4ef0f1cfc0187adbc6782acebe9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|48|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/python/converter_python_api.h"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 120810, "scanner": "repobility-threat-engine", "fingerprint": "c896ddc13def225443ed84f573ad31b375db40dec03ab68a53f905224a544207", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _call_component(\n    component: aot_types.Component,\n    backend: GoogleTensorBackend,\n    unuse", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c896ddc13def225443ed84f573ad31b375db40dec03ab68a53f905224a544207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/google_tensor/google_tensor_backend.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 120809, "scanner": "repobility-threat-engine", "fingerprint": "992d1331c5b71077d7dd34a0642c79dfb64f49ccaeb4d8e1b21dcb87c06ed1ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _call_component(\n    component: aot_types.Component,\n    backend: FallbackBackend,\n    unused_in", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|992d1331c5b71077d7dd34a0642c79dfb64f49ccaeb4d8e1b21dcb87c06ed1ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/fallback_backend.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 120808, "scanner": "repobility-threat-engine", "fingerprint": "c255f1d509f139b7ac838b83f145c54a517f482ddbb6fdd309c3231ea26b912d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _call_component(\n    component: aot_types.Component,\n    backend: ExampleBackend,\n    unused_inp", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c255f1d509f139b7ac838b83f145c54a517f482ddbb6fdd309c3231ea26b912d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/example/example_backend.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 120803, "scanner": "repobility-threat-engine", "fingerprint": "7f37e1f98313b0c6d2810af370390af90a7086be805e31199b555eb4cddf303e", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://github.com/xinntao/Real-ESRGAN/blob/master/LICENSE\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|39|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/real_esrgan/src/image_upscaler.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 120802, "scanner": "repobility-threat-engine", "fingerprint": "83200bfa44b22082679ed1a48b62fa16441ce6611cf1da5f329cb98b95d836ef", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://github.com/DepthAnything/Depth-Anything-V2/blob/main/LICENSE\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|236|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/src/index.ts"}, "region": {"startLine": 236}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 120794, "scanner": "repobility-threat-engine", "fingerprint": "5da688bef51db6b4ddc21403d33dee826d87f6b0f4b5f473702a817e81b8491e", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|184|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/async/backend_async_kernel_interface.h"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 120793, "scanner": "repobility-threat-engine", "fingerprint": "a13a2023875a3b583d50913855c4f2f0135c8b85b59218a8b6133799ac2c9fe0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|133|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/async/backend_async_kernel_interface.cc"}, "region": {"startLine": 133}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 120792, "scanner": "repobility-threat-engine", "fingerprint": "7e4f9353d1a49abae0d8eefe838062189faa463e99942196f908291c74c3ae2a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|66|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/runtime/dispatch/dispatch_delegate_kernel.h"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 120778, "scanner": "repobility-threat-engine", "fingerprint": "0ab1a3f7c53c1c11621b1a2bfad97c4ff71bb5c4c8e113681ced9d1796063dae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"foo bar\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ab1a3f7c53c1c11621b1a2bfad97c4ff71bb5c4c8e113681ced9d1796063dae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/internal/scoped_file_test.cc"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120757, "scanner": "repobility-threat-engine", "fingerprint": "5fce4860d12bb7eeeb3f142aeb84f2b09de697c1cf0343dafd2d9fa8be1389b0", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|166|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120756, "scanner": "repobility-threat-engine", "fingerprint": "8a0b6774cb2fdd0aefd078175bf019fa7c98746e9333aebeb73830088b3cf691", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|163|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/setup.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120755, "scanner": "repobility-threat-engine", "fingerprint": "6c7788ec8ccbf7ce78312bb26ec987b5e2ba9c9732113834e239289ab8e283ef", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|200|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/setup.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120869, "scanner": "repobility-docker", "fingerprint": "284e0cd5915c47b8eee2a933214f1d19df17a444fd04517eaaedbb9fa5c0d7b8", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "litert-build", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|284e0cd5915c47b8eee2a933214f1d19df17a444fd04517eaaedbb9fa5c0d7b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker_build/docker-compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120868, "scanner": "repobility-docker", "fingerprint": "9531abedb349b4dc38a2a61baaef5a63464a454d40e589f0b061eb7f96a903be", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "litert-build", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9531abedb349b4dc38a2a61baaef5a63464a454d40e589f0b061eb7f96a903be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker_build/docker-compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120865, "scanner": "repobility-docker", "fingerprint": "2cd184cd8a46e5ac3ade50f3715d076c16f71d928f4966de47e9dd6de8437bbe", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2cd184cd8a46e5ac3ade50f3715d076c16f71d928f4966de47e9dd6de8437bbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120864, "scanner": "repobility-docker", "fingerprint": "259a25693f8fdfd66ecbb7059e7aa89759abc8757147f15ead27a4571d9a15c0", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|259a25693f8fdfd66ecbb7059e7aa89759abc8757147f15ead27a4571d9a15c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120863, "scanner": "repobility-docker", "fingerprint": "f2e7f32a543b900d63a12bfde5f7ec7a0451ed3f3377c8e3573f2c648b702f62", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f2e7f32a543b900d63a12bfde5f7ec7a0451ed3f3377c8e3573f2c648b702f62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120862, "scanner": "repobility-docker", "fingerprint": "1673be98fe9e1def2622f2c839715408609265413597a029a7899741ec6123b9", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1673be98fe9e1def2622f2c839715408609265413597a029a7899741ec6123b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "027d8c916ca286215f71a42f9b799591f9dd7fd9636a1c2558b2f3a6d633ca54", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/python/aot/vendors/google_tensor/target.py", "duplicate_line": 29, "correlation_key": "fp|027d8c916ca286215f71a42f9b799591f9dd7fd9636a1c2558b2f3a6d633ca54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/qualcomm/target.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8ec703586992c1edc471d4925f22cf4bc5ccfd166c59faa68c1dd536aad31a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/python/aot/vendors/fallback_backend.py", "duplicate_line": 32, "correlation_key": "fp|d8ec703586992c1edc471d4925f22cf4bc5ccfd166c59faa68c1dd536aad31a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/qualcomm/qualcomm_backend.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "769b75149d683ba87bddebfef2d5c175dff772f3f393a34603bec055108111b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/python/aot/vendors/fallback_backend.py", "duplicate_line": 32, "correlation_key": "fp|769b75149d683ba87bddebfef2d5c175dff772f3f393a34603bec055108111b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/mediatek/mediatek_backend.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e35864176139dd7f3b4f809253f1a3f0005788292b7a0b6ea0c2cc323ce2314", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/python/aot/vendors/google_tensor/target.py", "duplicate_line": 29, "correlation_key": "fp|1e35864176139dd7f3b4f809253f1a3f0005788292b7a0b6ea0c2cc323ce2314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/intel_openvino/target.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed44e62320ecbfccb6af484ea5be78cd663ad35f8cfbb2a570a27370f968d2f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/python/aot/vendors/fallback_backend.py", "duplicate_line": 32, "correlation_key": "fp|ed44e62320ecbfccb6af484ea5be78cd663ad35f8cfbb2a570a27370f968d2f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/google_tensor/google_tensor_backend.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "234531e6e15ad9f3098109bab974cdb82474fd5f00299d6a15359513746490e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/Interpreter.java", "duplicate_line": 1, "correlation_key": "fp|234531e6e15ad9f3098109bab974cdb82474fd5f00299d6a15359513746490e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/InterpreterImpl.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "006042cac18fcd743fb5cc2433fcf87e5d66f4b08a70286581b74077f9761c14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/Interpreter.java", "duplicate_line": 1, "correlation_key": "fp|006042cac18fcd743fb5cc2433fcf87e5d66f4b08a70286581b74077f9761c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/InterpreterFactoryImpl.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52bc28bc0fcaa21d38771fa79a1b083f8a6e789791453919fe1b8cd7d9bfeb0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/Interpreter.java", "duplicate_line": 1, "correlation_key": "fp|52bc28bc0fcaa21d38771fa79a1b083f8a6e789791453919fe1b8cd7d9bfeb0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/InterpreterFactoryApi.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fec623b558608ff8b64c516be5ae0ecff1819f789b912a7a6f1c66dc7e9943ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/Interpreter.java", "duplicate_line": 1, "correlation_key": "fp|fec623b558608ff8b64c516be5ae0ecff1819f789b912a7a6f1c66dc7e9943ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/copied_from_tflite/java/org/tensorflow/lite/InterpreterApi.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "307f51e51c63739a70ed8c6202e5d7c6f3cceb26353275c7bb7b4ac315f78e4c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/sdist_wrapper.py", "duplicate_line": 10, "correlation_key": "fp|307f51e51c63739a70ed8c6202e5d7c6f3cceb26353275c7bb7b4ac315f78e4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/utils/wheel_builder.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "933187f0a1da5d136f60ae1b1b12214ef2c77ce60c3cd9f630d10ea2287aeeae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|933187f0a1da5d136f60ae1b1b12214ef2c77ce60c3cd9f630d10ea2287aeeae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/setup_with_binary.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0fd8023168b9fe3c9b085b6bdb048b129d0a4c1bd2726339e375c10e231e1915", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/wheel/converter_setup_with_binary.py", "duplicate_line": 23, "correlation_key": "fp|0fd8023168b9fe3c9b085b6bdb048b129d0a4c1bd2726339e375c10e231e1915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/setup_with_binary.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb3c3a1d696bbb005d6ddb89d0144c9522db1b7f01bb73540c5ce2c5f967cc8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|fb3c3a1d696bbb005d6ddb89d0144c9522db1b7f01bb73540c5ce2c5f967cc8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/wheel/converter_setup_with_binary.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "206b708d9b884e734b1d288398d5d9ca2cecd58ac862edc7a35071afcb34092e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|206b708d9b884e734b1d288398d5d9ca2cecd58ac862edc7a35071afcb34092e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/setup.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120846, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e3798d83d5f3094ae27d107bb6393779dbb7162aef1323554ba62a453330b87", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/setup.py", "duplicate_line": 85, "correlation_key": "fp|6e3798d83d5f3094ae27d107bb6393779dbb7162aef1323554ba62a453330b87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/setup.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120845, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31b7822e31e7352a840b6fef0109b4215c4981950bda619b4ae2e8b5d2143c02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/qualcomm/setup.py", "duplicate_line": 39, "correlation_key": "fp|31b7822e31e7352a840b6fef0109b4215c4981950bda619b4ae2e8b5d2143c02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/setup.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120844, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e02855f6c6d860aa8d8b8294285511e45fb373fc20c81660d4a5149cee6f01f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/mediatek/setup.py", "duplicate_line": 36, "correlation_key": "fp|e02855f6c6d860aa8d8b8294285511e45fb373fc20c81660d4a5149cee6f01f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/setup.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02c0c7da6c625a2c6a09e92657b0d57be397b237c392ac10e56a3770431a8bcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/ai_edge_litert_sdk_google_tensor/__init__.py", "duplicate_line": 22, "correlation_key": "fp|02c0c7da6c625a2c6a09e92657b0d57be397b237c392ac10e56a3770431a8bcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/ai_edge_litert_sdk_samsung/__init__.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "352384aa0a0647ac229a02e30e4faf43690e08bd21f6f1e5f766244d6eb7961f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/mediatek/ai_edge_litert_sdk_mediatek/__init__.py", "duplicate_line": 39, "correlation_key": "fp|352384aa0a0647ac229a02e30e4faf43690e08bd21f6f1e5f766244d6eb7961f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/samsung/ai_edge_litert_sdk_samsung/__init__.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120841, "scanner": "repobility-ai-code-hygiene", "fingerprint": "811feff525f841589ec34599980a196397a84342a3aa11f36536b4eea0263536", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|811feff525f841589ec34599980a196397a84342a3aa11f36536b4eea0263536"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "437296ebb201dcf509f0ba28776c26e17141c9c3f921ceba5379e8a8fdd5da95", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/setup.py", "duplicate_line": 85, "correlation_key": "fp|437296ebb201dcf509f0ba28776c26e17141c9c3f921ceba5379e8a8fdd5da95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1cf5f86f4e61a23849bdf70a008f936422e7e03433df511ab48d0db6492da25a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/mediatek/setup.py", "duplicate_line": 30, "correlation_key": "fp|1cf5f86f4e61a23849bdf70a008f936422e7e03433df511ab48d0db6492da25a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cea8236b7e2165a762aa1c837f6e01164c47b47be0efae296d381be064810c36", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/ai_edge_litert_sdk_google_tensor/__init__.py", "duplicate_line": 22, "correlation_key": "fp|cea8236b7e2165a762aa1c837f6e01164c47b47be0efae296d381be064810c36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/ai_edge_litert_sdk_qualcomm/__init__.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32f93faaf4ccc702ff4da682ac27f7fb6bcea71f26637da05c61ecc760dc7826", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/mediatek/ai_edge_litert_sdk_mediatek/__init__.py", "duplicate_line": 39, "correlation_key": "fp|32f93faaf4ccc702ff4da682ac27f7fb6bcea71f26637da05c61ecc760dc7826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/ai_edge_litert_sdk_qualcomm/__init__.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2acf38357e03d0a8573488812303524cbc90e50f01420b91f31f66ea185c6dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|b2acf38357e03d0a8573488812303524cbc90e50f01420b91f31f66ea185c6dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/setup.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120835, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82ff0fad00f41a545fdb6aeb30bcdf17bc61f3c85b62629f72d5d374ed82b781", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/setup.py", "duplicate_line": 85, "correlation_key": "fp|82ff0fad00f41a545fdb6aeb30bcdf17bc61f3c85b62629f72d5d374ed82b781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/setup.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120834, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d0f518df11ebf105bdf22fee2759c41dcb52355db3f08c368ecc2ed21b2236cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/ai_edge_litert_sdk_google_tensor/__init__.py", "duplicate_line": 22, "correlation_key": "fp|d0f518df11ebf105bdf22fee2759c41dcb52355db3f08c368ecc2ed21b2236cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/ai_edge_litert_sdk_mediatek/__init__.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94630124537ac9bd4f0769ed31f21c3a48df2a33aa44f2fab796d0a4ab1e51b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|94630124537ac9bd4f0769ed31f21c3a48df2a33aa44f2fab796d0a4ab1e51b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/setup.py"}, "region": {"startLine": 296}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120832, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87e154a6ef3e8fa7c40eb161f8af535362836cdccbb579e4d534b31839fc5530", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/tools/python/vendor_sdk/google_tensor/setup.py", "duplicate_line": 199, "correlation_key": "fp|87e154a6ef3e8fa7c40eb161f8af535362836cdccbb579e4d534b31839fc5530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/setup.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120831, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1a59f97323c9763a307c9dc4096bca15019cd74f040d517dfc3d28d9db22981", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ci/setup_with_binary.py", "duplicate_line": 17, "correlation_key": "fp|f1a59f97323c9763a307c9dc4096bca15019cd74f040d517dfc3d28d9db22981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/setup.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 120830, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f042dc41c99d44d2fe2df648593a0c24cd3ee97fe390694e0fed942fad49ddc7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f042dc41c99d44d2fe2df648593a0c24cd3ee97fe390694e0fed942fad49ddc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/testing/op_tests/tensor_scatter_update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_ensure_compiler_in_openvino_libs` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, except=1, for=1, if=4, nested_bonus=3."}, "properties": {"repobilityId": 120765, "scanner": "repobility-threat-engine", "fingerprint": "eedc6ed5f19530f4263ba9bcda231bb7b16b850a3fd11dc5d0812196bcf1d22d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_ensure_compiler_in_openvino_libs", "breakdown": {"if": 4, "for": 1, "except": 1, "continue": 2, "nested_bonus": 3}, "complexity": 11, "correlation_key": "fp|eedc6ed5f19530f4263ba9bcda231bb7b16b850a3fd11dc5d0812196bcf1d22d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/ai_edge_litert_sdk_intel/__init__.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=3, if=3, nested_bonus=4, recursion=1."}, "properties": {"repobilityId": 120764, "scanner": "repobility-threat-engine", "fingerprint": "2bde7eaa479d46e1b3941e740773510fc6a6b114d9d5e9d16d13a6767265d0ee", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run", "breakdown": {"if": 3, "elif": 1, "else": 3, "recursion": 1, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|2bde7eaa479d46e1b3941e740773510fc6a6b114d9d5e9d16d13a6767265d0ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/setup.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120861, "scanner": "repobility-docker", "fingerprint": "c897e22053703cd3fdfe04b3031ee0aab208468c911987be57d12f5f13958e76", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|c897e22053703cd3fdfe04b3031ee0aab208468c911987be57d12f5f13958e76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/pip_package/Dockerfile.py3"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 120829, "scanner": "repobility-threat-engine", "fingerprint": "9e04c2ac6ed41bc94dbfcf94946b8ca6b970b88218816a047bb1ffc09503eddb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e04c2ac6ed41bc94dbfcf94946b8ca6b970b88218816a047bb1ffc09503eddb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/delegates/coreml/coreml_executor.mm"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 120828, "scanner": "repobility-threat-engine", "fingerprint": "356219644d270fe69d794a7b6a40cffdc0696d01378bc788d28a70486ddf90af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|356219644d270fe69d794a7b6a40cffdc0696d01378bc788d28a70486ddf90af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/delegates/coreml/coreml_delegate_kernel.mm"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 120820, "scanner": "repobility-threat-engine", "fingerprint": "bfd82d6153aa02fa1ca11cd700a04098669f0f07c6f62502686a2cf793b82728", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bfd82d6153aa02fa1ca11cd700a04098669f0f07c6f62502686a2cf793b82728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/src/helper_funs.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 120819, "scanner": "repobility-threat-engine", "fingerprint": "43d7e26ef5252adbeffd97cbeee87973cae23d858ef3e62c31f695f6f9c4bbe3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43d7e26ef5252adbeffd97cbeee87973cae23d858ef3e62c31f695f6f9c4bbe3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/src/environment.rs"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 120818, "scanner": "repobility-threat-engine", "fingerprint": "6ea3058b6820a0d96fcc1fa020fe70d1a52f27234bbcf6df9b6872f1c420cd52", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ea3058b6820a0d96fcc1fa020fe70d1a52f27234bbcf6df9b6872f1c420cd52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/src/compiled_model.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 120817, "scanner": "repobility-threat-engine", "fingerprint": "887ac7ea6869767f896d52a00ef15c07d3ca17c510371b777d416f0b39c4deab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|887ac7ea6869767f896d52a00ef15c07d3ca17c510371b777d416f0b39c4deab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/src/environment.rs"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 120816, "scanner": "repobility-threat-engine", "fingerprint": "38f3df73b4cb0ddce0a19fbbdaf77853204a19502e4b14d7e155de4f0fd1b6fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38f3df73b4cb0ddce0a19fbbdaf77853204a19502e4b14d7e155de4f0fd1b6fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/example/segmentation_main.rs"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 120813, "scanner": "repobility-threat-engine", "fingerprint": "0beb75c2b2e4ce09a8ae452d1ed44847c6b8292221c325f3a21f49a13b30ad56", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0beb75c2b2e4ce09a8ae452d1ed44847c6b8292221c325f3a21f49a13b30ad56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/match/_match_dag/instruction.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 120812, "scanner": "repobility-threat-engine", "fingerprint": "6b83df9bfeba3efc7a3d69d279ed5f590a1f4b5078c50244ce9b5368e14e4036", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b83df9bfeba3efc7a3d69d279ed5f590a1f4b5078c50244ce9b5368e14e4036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/dialect/tfl/tile.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 120811, "scanner": "repobility-threat-engine", "fingerprint": "3ed7a2f52ee1a8fa5e3c8f8ec23d03df7ea497373d1150621cfae12b311f6b1c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3ed7a2f52ee1a8fa5e3c8f8ec23d03df7ea497373d1150621cfae12b311f6b1c"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 120805, "scanner": "repobility-threat-engine", "fingerprint": "25f6375d68922659935820d8eaa871ead433c9899538c409dad1375fb2e36d02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25f6375d68922659935820d8eaa871ead433c9899538c409dad1375fb2e36d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/packages/core/src/wasm_feature_detect.ts"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 120804, "scanner": "repobility-threat-engine", "fingerprint": "579725cf3d929c1a9ff40252024954095581629ab02c467abe3a7fe4680f0d27", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|579725cf3d929c1a9ff40252024954095581629ab02c467abe3a7fe4680f0d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/selfie_multiclass/src/index.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 120801, "scanner": "repobility-threat-engine", "fingerprint": "626b968a51905fab68488b914668d7d2e59a6d38ac62d921861aaee76f35958d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|626b968a51905fab68488b914668d7d2e59a6d38ac62d921861aaee76f35958d"}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 120797, "scanner": "repobility-threat-engine", "fingerprint": "5463d03bbb523f5e355bb3ac2b8b50d5d47a4d40f2250f4c082ac34bdc1b9468", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5463d03bbb523f5e355bb3ac2b8b50d5d47a4d40f2250f4c082ac34bdc1b9468"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/convert_model.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 120795, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 120790, "scanner": "repobility-threat-engine", "fingerprint": "a9290e9308832db1b29e6bdd660fce33b2dfaab9a936cf53d01913e8456ee998", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a9290e9308832db1b29e6bdd660fce33b2dfaab9a936cf53d01913e8456ee998", "aggregated_count": 4}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 120789, "scanner": "repobility-threat-engine", "fingerprint": "d738cbc48662243dedeca8c0b49f5b21d398677fdb31e80147152aa47fcd936c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d738cbc48662243dedeca8c0b49f5b21d398677fdb31e80147152aa47fcd936c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/packages/core/src/gpu_copy_functions.ts"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 120788, "scanner": "repobility-threat-engine", "fingerprint": "461735ac85fe664aff69cd1608c006e04f20c1baf4dfb9fa3ad8695a589884be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|461735ac85fe664aff69cd1608c006e04f20c1baf4dfb9fa3ad8695a589884be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/mobilenetv2/src/index.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 120787, "scanner": "repobility-threat-engine", "fingerprint": "e87519b56d8c91add7536a58bd872145579096e883f799406dc80ce850d13284", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e87519b56d8c91add7536a58bd872145579096e883f799406dc80ce850d13284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/apps/model_tester/src/model_runner.ts"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120786, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120782, "scanner": "repobility-threat-engine", "fingerprint": "008cf5cb4a6d001a21b9b079a6ea304b3e2a8e1a8ed47e19e1e699385013451b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|008cf5cb4a6d001a21b9b079a6ea304b3e2a8e1a8ed47e19e1e699385013451b", "aggregated_count": 1}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 120781, "scanner": "repobility-threat-engine", "fingerprint": "9d3dd8b63869459f0c9a5a8c7a254526b051e818b6ff2138432e70ed607236df", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d3dd8b63869459f0c9a5a8c7a254526b051e818b6ff2138432e70ed607236df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/core/async/async_signature_runner_test.cc"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 120780, "scanner": "repobility-threat-engine", "fingerprint": "557531f76f9013571ad271522b49a85c80d46cc25780b8c1342e15ab1fcb9b9b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|557531f76f9013571ad271522b49a85c80d46cc25780b8c1342e15ab1fcb9b9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/runtime/tensor_buffer_registry_test.cc"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 120779, "scanner": "repobility-threat-engine", "fingerprint": "b6edb43e7d5db09aa6718c8dfaaeb6c7e50c22be4cb01f9dad9a3d17a484bc4e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6edb43e7d5db09aa6718c8dfaaeb6c7e50c22be4cb01f9dad9a3d17a484bc4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/litert_opaque_options_test.cc"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "properties": {"repobilityId": 120777, "scanner": "repobility-threat-engine", "fingerprint": "6b538cc15aa386b174c3a4cf1db876d867df3e745368ff366035a85e84769e9d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6b538cc15aa386b174c3a4cf1db876d867df3e745368ff366035a85e84769e9d", "aggregated_count": 57}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 43 more): Same pattern found in 43 additional files. Review if needed."}, "properties": {"repobilityId": 120773, "scanner": "repobility-threat-engine", "fingerprint": "2088f0a9b26ee96ac6d465cf4cc80288be1a5363018786f39ae90d97089c50a3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 43 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2088f0a9b26ee96ac6d465cf4cc80288be1a5363018786f39ae90d97089c50a3", "aggregated_count": 43}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 120772, "scanner": "repobility-threat-engine", "fingerprint": "dffb07c12e156ba8d691cfdd63159625bade7b995bc890a7cc49478a32a4d8f1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dffb07c12e156ba8d691cfdd63159625bade7b995bc890a7cc49478a32a4d8f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/main/jni/litert_environment_jni.cc"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 120771, "scanner": "repobility-threat-engine", "fingerprint": "10c538e03e4840ae3b3e2494a1517b7d717f6caae1a39275c485d57c7a4992a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10c538e03e4840ae3b3e2494a1517b7d717f6caae1a39275c485d57c7a4992a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/litert_opaque_options_test.cc"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 120770, "scanner": "repobility-threat-engine", "fingerprint": "2c2f3cf0f113756a51c345ccf843145bf9e2701ad61aafb82f1218d10b0c021b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c2f3cf0f113756a51c345ccf843145bf9e2701ad61aafb82f1218d10b0c021b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/c/internal/litert_logging.cc"}, "region": {"startLine": 335}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 45 more): Same pattern found in 45 additional files. Review if needed."}, "properties": {"repobilityId": 120766, "scanner": "repobility-threat-engine", "fingerprint": "303e2c540ab4b5e229144f450ae8f446963dc63e88fff87fae20cbba34a78a4b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 45 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_download_and_extract", "breakdown": {"if": 13, "for": 2, "elif": 2, "else": 4, "except": 3, "continue": 4, "nested_bonus": 24}, "aggregated": true, "complexity": 52, "correlation_key": "fp|303e2c540ab4b5e229144f450ae8f446963dc63e88fff87fae20cbba34a78a4b", "aggregated_count": 45}}}, {"ruleId": "SEC080", "level": "none", "message": {"text": "[SEC080] Python: tarfile.extractall without filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120762, "scanner": "repobility-threat-engine", "fingerprint": "bfced776943fc121f5646cf3dc707b7298bf9983befe0aab264429196f0eebac", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bfced776943fc121f5646cf3dc707b7298bf9983befe0aab264429196f0eebac"}}}, {"ruleId": "SEC012", "level": "none", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120758, "scanner": "repobility-threat-engine", "fingerprint": "f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "properties": {"repobilityId": 120754, "scanner": "repobility-threat-engine", "fingerprint": "4f2bbcaca8f99c1eda4de45612adc1e7b004a9cf50a77fa70ec99a0b3d0b318d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4f2bbcaca8f99c1eda4de45612adc1e7b004a9cf50a77fa70ec99a0b3d0b318d", "aggregated_count": 30}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 120753, "scanner": "repobility-threat-engine", "fingerprint": "8d184a7a7962465a37aff83a075530afccdc1f835a7eb5ee15ada2bbaabdffd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d184a7a7962465a37aff83a075530afccdc1f835a7eb5ee15ada2bbaabdffd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/ai_edge_litert_sdk_mediatek/__init__.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 120752, "scanner": "repobility-threat-engine", "fingerprint": "8c43864ce1b130925f8f6a51b4cb95872c55d2d00f74bdd06e864b144e320213", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c43864ce1b130925f8f6a51b4cb95872c55d2d00f74bdd06e864b144e320213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/ai_edge_litert_sdk_intel/__init__.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 120751, "scanner": "repobility-threat-engine", "fingerprint": "cd5020ccb9a61d17d470d2ff32a7357c7ae17eb6731a050d0247c4bd0b8e8bcb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd5020ccb9a61d17d470d2ff32a7357c7ae17eb6731a050d0247c4bd0b8e8bcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/ai_edge_litert_sdk_google_tensor/__init__.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 786 more): Same pattern found in 786 additional files. Review if needed."}, "properties": {"repobilityId": 120750, "scanner": "repobility-threat-engine", "fingerprint": "c1644c91e66591f0bacb9d880b4fab6f48df710437d7b583b6ad2c641984d927", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 786 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c1644c91e66591f0bacb9d880b4fab6f48df710437d7b583b6ad2c641984d927", "aggregated_count": 786}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120749, "scanner": "repobility-threat-engine", "fingerprint": "d5808423b43f3d9a7cb2e51382d91667a9bd42df38ad91dd4b0af0191a781e8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5808423b43f3d9a7cb2e51382d91667a9bd42df38ad91dd4b0af0191a781e8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/core/model/ops/one_hot.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120748, "scanner": "repobility-threat-engine", "fingerprint": "10b34e745c82ea94d464639900fbcda93dfe833c92426a19db9cf8114efbbd47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10b34e745c82ea94d464639900fbcda93dfe833c92426a19db9cf8114efbbd47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmake_example/tflite_minimal.cc"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120747, "scanner": "repobility-threat-engine", "fingerprint": "01c29bad0dc9fff4c8a8cb740de3f08c40c6baa28ea2a415587696ec44189e3b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01c29bad0dc9fff4c8a8cb740de3f08c40c6baa28ea2a415587696ec44189e3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/build_android_package.sh"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 120746, "scanner": "repobility-threat-engine", "fingerprint": "8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "aggregated_count": 11}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 120745, "scanner": "repobility-threat-engine", "fingerprint": "c9b360a9beb668186c35494da6d2293a5b97c9a6dfb2c064b8d06060e87629f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c9b360a9beb668186c35494da6d2293a5b97c9a6dfb2c064b8d06060e87629f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/apps/model_tester/serve.js"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 120744, "scanner": "repobility-threat-engine", "fingerprint": "d6ed5107441b0187ec9d5b4b63312da7760478aad466683a38384a4fc5c6d554", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d6ed5107441b0187ec9d5b4b63312da7760478aad466683a38384a4fc5c6d554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/apps/model_tester/scripts/devserver.js"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 120743, "scanner": "repobility-threat-engine", "fingerprint": "8906727cfa916808c31622bbe4300a5019d9b70343fc2e27e0dc1299144bdbfa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8906727cfa916808c31622bbe4300a5019d9b70343fc2e27e0dc1299144bdbfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-assignment.js"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (53,636 bytes) committed to a repo that otherwise has 2639 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120981, "scanner": "repobility-supply-chain", "fingerprint": "568baf31d9cb1e9f92374b94099d3cbacba294b76274e3b3d82b3a2ef1b56ea8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|568baf31d9cb1e9f92374b94099d3cbacba294b76274e3b3d82b3a2ef1b56ea8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tflite/java/demo/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `tflite/java/demo/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (53,636 bytes) committed to a repo that otherwise has 2639 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120980, "scanner": "repobility-supply-chain", "fingerprint": "3bf8d15f4f2cdb7892a345f5b3d706825ccae5392c693aac897c5e45b08fdc2a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3bf8d15f4f2cdb7892a345f5b3d706825ccae5392c693aac897c5e45b08fdc2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/java/demo/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` unpinned: `container/services image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 120979, "scanner": "repobility-supply-chain", "fingerprint": "2d1d9989702558874c716ef43d2453324e9ee90be5e57e4a81ce3d8bfc400d8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d1d9989702558874c716ef43d2453324e9ee90be5e57e4a81ce3d8bfc400d8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cmake_android_linux_x86_64.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` unpinned: `container/services image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 120978, "scanner": "repobility-supply-chain", "fingerprint": "23bc86f560e384dc82ec95dd21e8ca6789c0854bde8da57ed998598567e68281", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23bc86f560e384dc82ec95dd21e8ca6789c0854bde8da57ed998598567e68281"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clang_tidy.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` unpinned: `container/services image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 120977, "scanner": "repobility-supply-chain", "fingerprint": "cf59f47575d503750f3f916c178afbd406a14a6538334013e11dc8317a5345f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf59f47575d503750f3f916c178afbd406a14a6538334013e11dc8317a5345f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_nightly_wheel.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120976, "scanner": "repobility-supply-chain", "fingerprint": "5cda0555a8c7d9a07d7bd852695d0a6adf4d8d7c8d0c1a2c196cd7ae77673e46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cda0555a8c7d9a07d7bd852695d0a6adf4d8d7c8d0c1a2c196cd7ae77673e46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ios-arm64.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120975, "scanner": "repobility-supply-chain", "fingerprint": "89ba1f233f55beeb6839409c109961bb6e4c6ebb9e2c22db1bcf9326ac8ab581", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89ba1f233f55beeb6839409c109961bb6e4c6ebb9e2c22db1bcf9326ac8ab581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ios-arm64.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120974, "scanner": "repobility-supply-chain", "fingerprint": "eae2cba4eef248e9d4c27dc592fffd0fa471f976c9093d4880f3dd03712e6e32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eae2cba4eef248e9d4c27dc592fffd0fa471f976c9093d4880f3dd03712e6e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ios-arm64.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120973, "scanner": "repobility-supply-chain", "fingerprint": "e5c2210dfbfd685cf84df83b92208f6f6cecfbc020ac79d0d6f48cfbdbaaaccb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e5c2210dfbfd685cf84df83b92208f6f6cecfbc020ac79d0d6f48cfbdbaaaccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-assignment.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120972, "scanner": "repobility-supply-chain", "fingerprint": "5f786ae375c2fd67756ffc552d6407626099a8a66c1c852cf6cc76d2b516f0ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f786ae375c2fd67756ffc552d6407626099a8a66c1c852cf6cc76d2b516f0ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-assignment.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120971, "scanner": "repobility-supply-chain", "fingerprint": "1c5ed8fd5d53929b14f9be6e5a0b187a108cebb41f00239996849d783eabd80e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1c5ed8fd5d53929b14f9be6e5a0b187a108cebb41f00239996849d783eabd80e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120970, "scanner": "repobility-supply-chain", "fingerprint": "74fb84fa86de557915f600f164832f27e9284468c7a656cf77ae863dcbb1a369", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74fb84fa86de557915f600f164832f27e9284468c7a656cf77ae863dcbb1a369"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/save@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120969, "scanner": "repobility-supply-chain", "fingerprint": "38fdb01f2fc7850972ffd4c912e42716927714d053d3fd065c50b2104ffce2eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|38fdb01f2fc7850972ffd4c912e42716927714d053d3fd065c50b2104ffce2eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120968, "scanner": "repobility-supply-chain", "fingerprint": "719daf657ecd8a7c10be351ed9a8aece4272ec384a5b09bb3ccfeed192025df7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|719daf657ecd8a7c10be351ed9a8aece4272ec384a5b09bb3ccfeed192025df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120967, "scanner": "repobility-supply-chain", "fingerprint": "d9b088cbec4cbc737aaeb5daf001f81cbe16d36c46e3246e1d7ca7d5e0734c8c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9b088cbec4cbc737aaeb5daf001f81cbe16d36c46e3246e1d7ca7d5e0734c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120966, "scanner": "repobility-supply-chain", "fingerprint": "76671d7f45fcf125d289b02b07412c6608dc9ec1176eb3f4897c8112850897ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76671d7f45fcf125d289b02b07412c6608dc9ec1176eb3f4897c8112850897ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `bazelbuild/setup-bazelisk` pinned to mutable ref `@v3`: `uses: bazelbuild/setup-bazelisk@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120965, "scanner": "repobility-supply-chain", "fingerprint": "68b951c4bafe725da536e6a55453fb00ffca91ce346b7b4e4687a9e486b30f8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|68b951c4bafe725da536e6a55453fb00ffca91ce346b7b4e4687a9e486b30f8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120964, "scanner": "repobility-supply-chain", "fingerprint": "2925f92dd30679fb55c85c4c96938734637656fe5c48d94d4bef089eaf1d9e0d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2925f92dd30679fb55c85c4c96938734637656fe5c48d94d4bef089eaf1d9e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_wheel_release.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120963, "scanner": "repobility-supply-chain", "fingerprint": "7ab7c9a1896c0594e8cfbb098eb0589d229ef207e5aa39fbc73ffbd7e2739848", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ab7c9a1896c0594e8cfbb098eb0589d229ef207e5aa39fbc73ffbd7e2739848"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120962, "scanner": "repobility-supply-chain", "fingerprint": "31590cec2d16a57d7e4c8beb8685f77044446c4144631856f20a0ab981c5aa1e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31590cec2d16a57d7e4c8beb8685f77044446c4144631856f20a0ab981c5aa1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/save@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120961, "scanner": "repobility-supply-chain", "fingerprint": "3bbf0314ff9fff440892764d9c571916f152433e054c94cfa0762496f78586dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3bbf0314ff9fff440892764d9c571916f152433e054c94cfa0762496f78586dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120960, "scanner": "repobility-supply-chain", "fingerprint": "5cbd77d242d3d3da0e8f222f706bfd456b206eff62db848c05501349fd3f20e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cbd77d242d3d3da0e8f222f706bfd456b206eff62db848c05501349fd3f20e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120959, "scanner": "repobility-supply-chain", "fingerprint": "9bea28ec69184a37f06fe3403549ed32f7b1908b72bd1f063eb118975abe2cf7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9bea28ec69184a37f06fe3403549ed32f7b1908b72bd1f063eb118975abe2cf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120958, "scanner": "repobility-supply-chain", "fingerprint": "decfbbed0a77bea55936845c67d9dd5548347cebd2bdd5bc6be6cdc405c266e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|decfbbed0a77bea55936845c67d9dd5548347cebd2bdd5bc6be6cdc405c266e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `bazelbuild/setup-bazelisk` pinned to mutable ref `@v3`: `uses: bazelbuild/setup-bazelisk@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120957, "scanner": "repobility-supply-chain", "fingerprint": "16a693fdaec21e386714f03bce75b74f02fdcbe6f9751315eca812c3d047f886", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16a693fdaec21e386714f03bce75b74f02fdcbe6f9751315eca812c3d047f886"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120956, "scanner": "repobility-supply-chain", "fingerprint": "167afd99d61cacf888ec5fd89ad9bcf714e161b64d2ff6b8c8b37af12d641206", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|167afd99d61cacf888ec5fd89ad9bcf714e161b64d2ff6b8c8b37af12d641206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_nightly_wheel.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` unpinned: `container/services image: us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 120955, "scanner": "repobility-supply-chain", "fingerprint": "b248be025d8f207ff27ec0248c1fb32e04284e3cadca3fbac1c5fe4fce04233e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b248be025d8f207ff27ec0248c1fb32e04284e3cadca3fbac1c5fe4fce04233e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_x86_64.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/save@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120954, "scanner": "repobility-supply-chain", "fingerprint": "d33745e4306b5914117befc4e7a5d46c47dce8ac6dea0f7cc1666c07cfc9c9c9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d33745e4306b5914117befc4e7a5d46c47dce8ac6dea0f7cc1666c07cfc9c9c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_x86_64.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cache/restore@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120953, "scanner": "repobility-supply-chain", "fingerprint": "71cd80ad7ee4187c2835109a84c6666e06538c5cc318a561c7777763a03b354c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71cd80ad7ee4187c2835109a84c6666e06538c5cc318a561c7777763a03b354c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_x86_64.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120952, "scanner": "repobility-supply-chain", "fingerprint": "ce06eaaeb7c6eb2fca7461a97e030753551c2d0ed1733e1e28c9dd41cf4fc632", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce06eaaeb7c6eb2fca7461a97e030753551c2d0ed1733e1e28c9dd41cf4fc632"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_x86_64.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120951, "scanner": "repobility-supply-chain", "fingerprint": "fdeffe82bafa85798bee6031b146914b89b7811690ab9a66918a5b9aae17247b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fdeffe82bafa85798bee6031b146914b89b7811690ab9a66918a5b9aae17247b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_x86_64.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `tensorflow/build:latest-python3.11` not pinned by digest: `FROM tensorflow/build:latest-python3.11` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120950, "scanner": "repobility-supply-chain", "fingerprint": "8272717ebd3d3a3773d59081a3bc913fb826849bbacdc6964e2a5d04d51d2684", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8272717ebd3d3a3773d59081a3bc913fb826849bbacdc6964e2a5d04d51d2684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/tools/tflite-android.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120949, "scanner": "repobility-supply-chain", "fingerprint": "120256f13b011db4e718bf09ccd256c8071c401644c69f5cec8fd1d2f147f1d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|120256f13b011db4e718bf09ccd256c8071c401644c69f5cec8fd1d2f147f1d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker_build/hermetic_build.Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build-arm64:latest` not pinned by digest: `FROM us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build-arm64:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120948, "scanner": "repobility-supply-chain", "fingerprint": "e6def53b5c1ed9de553b072970ea7f20d26454157499a819664afc3ea930bbca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6def53b5c1ed9de553b072970ea7f20d26454157499a819664afc3ea930bbca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tflite-py3-arm64.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` not pinned by digest: `FROM us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120947, "scanner": "repobility-supply-chain", "fingerprint": "86be7caa06cc4ab649e907bbe409db99cdc85267378e7eb6947f30a30bca4cb1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86be7caa06cc4ab649e907bbe409db99cdc85267378e7eb6947f30a30bca4cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tflite-py3.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` not pinned by digest: `FROM us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-container/ml-build:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120946, "scanner": "repobility-supply-chain", "fingerprint": "23a10ad826e672ea6f25f3a5b49a4f7e0fc9fc5ccb5dcbca1a7405b0b3d10b92", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23a10ad826e672ea6f25f3a5b49a4f7e0fc9fc5ccb5dcbca1a7405b0b3d10b92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tflite-android.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_i32: Test function `test_i32` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120923, "scanner": "repobility-ast-engine", "fingerprint": "876b94f7705a4a34e281e05157c015031e9ff4e034c3aa1abdb6169babd96b9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|876b94f7705a4a34e281e05157c015031e9ff4e034c3aa1abdb6169babd96b9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_f64: Test function `test_f64` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120922, "scanner": "repobility-ast-engine", "fingerprint": "29ac72371edab2a60e66d23a562d9081ae6486dd2bfee3a88416ed412a60a5e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29ac72371edab2a60e66d23a562d9081ae6486dd2bfee3a88416ed412a60a5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_f32_splat: Test function `test_f32_splat` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120921, "scanner": "repobility-ast-engine", "fingerprint": "bf2aca9650f10a990591b4079b33550220f41f89801b0b208c874b2c849a217f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf2aca9650f10a990591b4079b33550220f41f89801b0b208c874b2c849a217f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_f32: Test function `test_f32` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120920, "scanner": "repobility-ast-engine", "fingerprint": "fa22c79a45951b3f84986a9b398c141481596f17739db64ba64b5f63deffe925", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa22c79a45951b3f84986a9b398c141481596f17739db64ba64b5f63deffe925"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_float16: Test function `test_float16` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120919, "scanner": "repobility-ast-engine", "fingerprint": "e666c7130c361b5a1d58adde332dccecacbd1bc82a316dd586c51ca3fe798212", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e666c7130c361b5a1d58adde332dccecacbd1bc82a316dd586c51ca3fe798212"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_bool_splat: Test function `test_bool_splat` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120918, "scanner": "repobility-ast-engine", "fingerprint": "8480d28e4cb86566168865371a2204a6f1c271a2370c47b53a449f4f8dd1e0aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8480d28e4cb86566168865371a2204a6f1c271a2370c47b53a449f4f8dd1e0aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_bool: Test function `test_bool` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120917, "scanner": "repobility-ast-engine", "fingerprint": "a60f7c795bf99d2351571ec81de2a9a341c36a4cd3a49a1800536626b631c5c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a60f7c795bf99d2351571ec81de2a9a341c36a4cd3a49a1800536626b631c5c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/numpy_to_elements_attr_test.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tfl_propagate_qsv_pass: Test function `test_tfl_propagate_qsv_pass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120916, "scanner": "repobility-ast-engine", "fingerprint": "e227badf031b3fdc725dd91632b9387294ff8aabe0134888b6d35b8824f608f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e227badf031b3fdc725dd91632b9387294ff8aabe0134888b6d35b8824f608f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tfl_prepare_quantize_pass: Test function `test_tfl_prepare_quantize_pass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120915, "scanner": "repobility-ast-engine", "fingerprint": "1276b26d2a5cd63af5adc4ac8a428bc1a3f99b33eb499daa28c3e744fbb1c675", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1276b26d2a5cd63af5adc4ac8a428bc1a3f99b33eb499daa28c3e744fbb1c675"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tfl_optimize_pass: Test function `test_tfl_optimize_pass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120914, "scanner": "repobility-ast-engine", "fingerprint": "c65b7e47084896433e545beac9b17c88908ebdbaa0378ed760d3f38965d74a30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c65b7e47084896433e545beac9b17c88908ebdbaa0378ed760d3f38965d74a30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mlir_canonicalize_pass: Test function `test_mlir_canonicalize_pass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120913, "scanner": "repobility-ast-engine", "fingerprint": "f76a9c4c8c457e1eb6d15e44c86c6ec382540d16380633ee1dffb4a08bfd48b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f76a9c4c8c457e1eb6d15e44c86c6ec382540d16380633ee1dffb4a08bfd48b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mlir_cse_pass: Test function `test_mlir_cse_pass` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120912, "scanner": "repobility-ast-engine", "fingerprint": "d78821ab6159ad0705fa75228daeb9fe0f9d9355c32724ca057146a74c48276a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d78821ab6159ad0705fa75228daeb9fe0f9d9355c32724ca057146a74c48276a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_module_cleanup: Test function `test_module_cleanup` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120911, "scanner": "repobility-ast-engine", "fingerprint": "bde67ade85b61fe6d5767323b72373af099776fa0808f20bac040c285ee7b6b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bde67ade85b61fe6d5767323b72373af099776fa0808f20bac040c285ee7b6b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/model_utils/test/mlir_passes_test.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_dense_resource_elements_attr_to_numpy: Test function `test_dense_resource_elements_attr_to_numpy` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120910, "scanner": "repobility-ast-engine", "fingerprint": "7adf3e46801ceefef46728d18378174b21ff12ffe63f378ac7efec320e8c8f86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7adf3e46801ceefef46728d18378174b21ff12ffe63f378ac7efec320e8c8f86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/mlir/_mlir_libs/converter_api_ext_test.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fails_when_no_buffer_reserved: Test function `test_fails_when_no_buffer_reserved` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120907, "scanner": "repobility-ast-engine", "fingerprint": "a14257c52e958b51e4b37a03aa9ef408103fbb5b1babc49f5890729410a82d85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a14257c52e958b51e4b37a03aa9ef408103fbb5b1babc49f5890729410a82d85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/flatbuffer_utils_test.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_dont_need_non_mmap: Test function `test_advise_dont_need_non_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120906, "scanner": "repobility-ast-engine", "fingerprint": "2e614b8bb37492fffa6e7ddd9ab810554cf7c093ffececc35ba8f43cbe4991c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e614b8bb37492fffa6e7ddd9ab810554cf7c093ffececc35ba8f43cbe4991c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_memoryview_slice: Test function `test_advise_sequential_memoryview_slice` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120905, "scanner": "repobility-ast-engine", "fingerprint": "9e892f11444e5b04f6a021186fe0aa914aebbf2b862943d206c6c78feffe1730", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e892f11444e5b04f6a021186fe0aa914aebbf2b862943d206c6c78feffe1730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_dont_need_memoryview_slice: Test function `test_advise_dont_need_memoryview_slice` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120904, "scanner": "repobility-ast-engine", "fingerprint": "7063249b9fa5a7bc75c407b4558c1b05aa3a18c02eb491240570f55eb052b837", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7063249b9fa5a7bc75c407b4558c1b05aa3a18c02eb491240570f55eb052b837"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_dont_need_memoryview_mmap: Test function `test_advise_dont_need_memoryview_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120903, "scanner": "repobility-ast-engine", "fingerprint": "cd2f4006906cb97d3a0aed83be077e816810ce229f6ddd6e0c978aa0def4ca6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd2f4006906cb97d3a0aed83be077e816810ce229f6ddd6e0c978aa0def4ca6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_dont_need_mmap: Test function `test_advise_dont_need_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120902, "scanner": "repobility-ast-engine", "fingerprint": "d4ecd180a7eced485578cf576765f2eb38d0f9c9656674506b23516affcef511", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4ecd180a7eced485578cf576765f2eb38d0f9c9656674506b23516affcef511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_nested_memoryview: Test function `test_advise_sequential_nested_memoryview` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120901, "scanner": "repobility-ast-engine", "fingerprint": "6a637985459e2694048c9c38d12c11feb2560053b2e4ab0aab33351f660fd1fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a637985459e2694048c9c38d12c11feb2560053b2e4ab0aab33351f660fd1fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_bytearray: Test function `test_advise_sequential_bytearray` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120900, "scanner": "repobility-ast-engine", "fingerprint": "2187433fb93f0b282f9d988375346d969bb6ceebe6dafaf29c7ab53e206d5a1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2187433fb93f0b282f9d988375346d969bb6ceebe6dafaf29c7ab53e206d5a1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_non_mmap: Test function `test_advise_sequential_non_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120899, "scanner": "repobility-ast-engine", "fingerprint": "ac7786988cd624fd01ec32d72b2f9db832f4aa0c2ac96fe41fceb0bcd640c6d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac7786988cd624fd01ec32d72b2f9db832f4aa0c2ac96fe41fceb0bcd640c6d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_memoryview_mmap: Test function `test_advise_sequential_memoryview_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120898, "scanner": "repobility-ast-engine", "fingerprint": "275f86052cf55fa0a4cd2be71a4688813a35769d505173fafa19f522dd2e748a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|275f86052cf55fa0a4cd2be71a4688813a35769d505173fafa19f522dd2e748a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_advise_sequential_mmap: Test function `test_advise_sequential_mmap` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 120897, "scanner": "repobility-ast-engine", "fingerprint": "4c526c1d420f221d8d287e095815232aafae16654ca7ad5d4005bff45582bbe2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c526c1d420f221d8d287e095815232aafae16654ca7ad5d4005bff45582bbe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/tools/mmap_utils_test.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertRaises` used but never assigned in __init__: Method `test_prepare_for_npu_bad_config` of class `PrepareForNpuTest` reads `self.assertRaises`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120896, "scanner": "repobility-ast-engine", "fingerprint": "4a8a42d6a6054a8c71db2e0cfa108f9fdd0fd784f194ea66e55bf34c22b97de9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a8a42d6a6054a8c71db2e0cfa108f9fdd0fd784f194ea66e55bf34c22b97de9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_model_path` used but never assigned in __init__: Method `test_prepare_for_npu_bad_config` of class `PrepareForNpuTest` reads `self.get_model_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120895, "scanner": "repobility-ast-engine", "fingerprint": "8733febc11215295fd1f63eb0de8e5a811bcedf663d460e13e193d0a6b06d507", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8733febc11215295fd1f63eb0de8e5a811bcedf663d460e13e193d0a6b06d507"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120894, "scanner": "repobility-ast-engine", "fingerprint": "42a54c706e8850163acdefbb1678017b9d08ed10ca426e37ff3211ee5bc1c4b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42a54c706e8850163acdefbb1678017b9d08ed10ca426e37ff3211ee5bc1c4b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120893, "scanner": "repobility-ast-engine", "fingerprint": "39c025747f0cd1b3865f6294eb09b02bb31e31138fda1ae57d11f57ec25188f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39c025747f0cd1b3865f6294eb09b02bb31e31138fda1ae57d11f57ec25188f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120892, "scanner": "repobility-ast-engine", "fingerprint": "402788779e5a5ca8bb808d8cd6e84ea1ac03710716d043b0a49bde4b91842113", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|402788779e5a5ca8bb808d8cd6e84ea1ac03710716d043b0a49bde4b91842113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120891, "scanner": "repobility-ast-engine", "fingerprint": "74caab20181a4b8659e87f62dd5893c6e68b391c463be7f9f64a7799aa916565", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74caab20181a4b8659e87f62dd5893c6e68b391c463be7f9f64a7799aa916565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120890, "scanner": "repobility-ast-engine", "fingerprint": "a8b0585200d0811b22fd97b9a7479f1ace8ca4d57181bce21a5b98a1d83afb3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8b0585200d0811b22fd97b9a7479f1ace8ca4d57181bce21a5b98a1d83afb3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120889, "scanner": "repobility-ast-engine", "fingerprint": "50c48e9f1d66cf9b5d73ab4bbbece7ad16f6b8fdebd9b960cf049c002298a225", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50c48e9f1d66cf9b5d73ab4bbbece7ad16f6b8fdebd9b960cf049c002298a225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120888, "scanner": "repobility-ast-engine", "fingerprint": "6c759e0a8e7ad71bb8820850c70db828055ffc729a7362d5b996a24211da358e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c759e0a8e7ad71bb8820850c70db828055ffc729a7362d5b996a24211da358e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_model_path` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.get_model_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120887, "scanner": "repobility-ast-engine", "fingerprint": "ace92545e9bee249d6ced3edfa5451c91d2e1926b1e4ba2a8a5a0d8e7415b0a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ace92545e9bee249d6ced3edfa5451c91d2e1926b1e4ba2a8a5a0d8e7415b0a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_touch_side_effect` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.get_touch_side_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120886, "scanner": "repobility-ast-engine", "fingerprint": "8fc581682d7e2df09880d48e15746ff826ce273f1f3d717059f84ee4c090428c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fc581682d7e2df09880d48e15746ff826ce273f1f3d717059f84ee4c090428c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_touch_side_effect` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.get_touch_side_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120885, "scanner": "repobility-ast-engine", "fingerprint": "7b5f88cfd047cd9ec5d7fc1dcb6e4d44d7b74efee23a69a29f7e5f64b0c13c07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b5f88cfd047cd9ec5d7fc1dcb6e4d44d7b74efee23a69a29f7e5f64b0c13c07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_touch_side_effect` used but never assigned in __init__: Method `test_prepare_for_example_npu` of class `PrepareForNpuTest` reads `self.get_touch_side_effect`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120884, "scanner": "repobility-ast-engine", "fingerprint": "43704dcb2711d39223c055475635643184e4ac5aba8699e785d8eba2feb5302b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43704dcb2711d39223c055475635643184e4ac5aba8699e785d8eba2feb5302b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/prepare_for_npu_test.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.output_dir` used but never assigned in __init__: Method `test_compile` of class `AotCompileTest` reads `self.output_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120883, "scanner": "repobility-ast-engine", "fingerprint": "8f58b9f90a1da798a7010c880bd1c95101db5947e095aabd386b3a7bff59bed0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f58b9f90a1da798a7010c880bd1c95101db5947e095aabd386b3a7bff59bed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile_test.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_compile` of class `AotCompileTest` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120882, "scanner": "repobility-ast-engine", "fingerprint": "3f8e009a54d5607d7e5439645d3bbbb20bb0d6485b3c8851fa5fc5014b9b6919", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f8e009a54d5607d7e5439645d3bbbb20bb0d6485b3c8851fa5fc5014b9b6919"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertNotEmpty` used but never assigned in __init__: Method `test_compile` of class `AotCompileTest` reads `self.assertNotEmpty`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120881, "scanner": "repobility-ast-engine", "fingerprint": "949e904e5e77daa7b1240176055dd8c75197c67da90fd1b3d74d9c310c71884e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|949e904e5e77daa7b1240176055dd8c75197c67da90fd1b3d74d9c310c71884e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile_test.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEmpty` used but never assigned in __init__: Method `test_compile` of class `AotCompileTest` reads `self.assertEmpty`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120880, "scanner": "repobility-ast-engine", "fingerprint": "172fa473f744cf019d21bfeaba659a4c195e96ac67b9f4a841c0d0fa57d2dcbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|172fa473f744cf019d21bfeaba659a4c195e96ac67b9f4a841c0d0fa57d2dcbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile_test.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_model_paths` used but never assigned in __init__: Method `test_compile` of class `AotCompileTest` reads `self.get_model_paths`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120879, "scanner": "repobility-ast-engine", "fingerprint": "525c2b8648ee1ad9b83c9c2884e6f72cfd37b9b1335b658dd670c591cfeea5a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|525c2b8648ee1ad9b83c9c2884e6f72cfd37b9b1335b658dd670c591cfeea5a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile_test.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIsNotNone` used but never assigned in __init__: Method `test_construct_converter` of class `ConverterWrapperTest` reads `self.assertIsNotNone`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120878, "scanner": "repobility-ast-engine", "fingerprint": "c7771da10354af60655f9fe770fa66c275c4d081056617fbfbe2b4e41db29e72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7771da10354af60655f9fe770fa66c275c4d081056617fbfbe2b4e41db29e72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_model_type_values` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120877, "scanner": "repobility-ast-engine", "fingerprint": "f099954c72eae5f603516273ffbd60dc2c51427a43e9577d652f02aa4e51aaa8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f099954c72eae5f603516273ffbd60dc2c51427a43e9577d652f02aa4e51aaa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_model_type_values` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120876, "scanner": "repobility-ast-engine", "fingerprint": "be3720f8ebb26e27f5846beb6ac8db8d3425df06579a5153560a37ef6dbcb726", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be3720f8ebb26e27f5846beb6ac8db8d3425df06579a5153560a37ef6dbcb726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_model_type_values` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120875, "scanner": "repobility-ast-engine", "fingerprint": "924ce93a646d6a5f9e018c4898ca046f9986a6af9a8ea403841cacd37b0ec954", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|924ce93a646d6a5f9e018c4898ca046f9986a6af9a8ea403841cacd37b0ec954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_construct_conversion_config` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120874, "scanner": "repobility-ast-engine", "fingerprint": "cadbc90d7dce589eb6d725a0bf1ee9f3a0013fd275d3c48379c1e65986795e1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cadbc90d7dce589eb6d725a0bf1ee9f3a0013fd275d3c48379c1e65986795e1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_construct_conversion_config` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120873, "scanner": "repobility-ast-engine", "fingerprint": "4a285e1694dc2355d966d23c12762e30391ef299bc7ea54b96b11dd8c2d04917", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a285e1694dc2355d966d23c12762e30391ef299bc7ea54b96b11dd8c2d04917"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_construct_conversion_config` of class `ConverterWrapperTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120872, "scanner": "repobility-ast-engine", "fingerprint": "e87b17f395707c521f1a217fe97c15d56f83ec57aed6b296d5de7b72cad9a469", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e87b17f395707c521f1a217fe97c15d56f83ec57aed6b296d5de7b72cad9a469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/converter_wrapper_test.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 120827, "scanner": "repobility-threat-engine", "fingerprint": "290776e0f234764c638793b51151fafd8349b3551d246a78c0dba976e44a0a60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|290776e0f234764c638793b51151fafd8349b3551d246a78c0dba976e44a0a60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/delegates/coreml/coreml_delegate_kernel.mm"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 120826, "scanner": "repobility-threat-engine", "fingerprint": "79a901d2233daeca0ca852dc0b870e3616210fd53915e16b2eea9abf34982c13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79a901d2233daeca0ca852dc0b870e3616210fd53915e16b2eea9abf34982c13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/quantization/lite/quantize_model.h"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 120825, "scanner": "repobility-threat-engine", "fingerprint": "c96ec146fe395bc87ff17fff6b6dbcd94476f6ec1373188e75c842ee8477c227", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c96ec146fe395bc87ff17fff6b6dbcd94476f6ec1373188e75c842ee8477c227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/quantization/common/quantization_lib/quantization_config.h"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 120824, "scanner": "repobility-threat-engine", "fingerprint": "ffc09d8a5ce2b7abb27c505afb6af84816bad2751cc2a21c241b99c7e20360c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ffc09d8a5ce2b7abb27c505afb6af84816bad2751cc2a21c241b99c7e20360c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/converter/python/converter_python_api.h"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 120815, "scanner": "repobility-threat-engine", "fingerprint": "42cda992136de0b3e3ebb1f80a2b2c615cff11f7aa3aa8a1f488737ae7890c01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42cda992136de0b3e3ebb1f80a2b2c615cff11f7aa3aa8a1f488737ae7890c01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/src/environment.rs"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 120814, "scanner": "repobility-threat-engine", "fingerprint": "626cf4a4d49e3cd5ae05406074f2770301b5801bd25932b9b6596ce0a9e2acfb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|626cf4a4d49e3cd5ae05406074f2770301b5801bd25932b9b6596ce0a9e2acfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/rust/example/segmentation_main.rs"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 120807, "scanner": "repobility-threat-engine", "fingerprint": "236ab7f5a9bdb615df6e77a598c6b9238cc1ae4a5b197cb68d7c0a42fd97e3d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|236ab7f5a9bdb615df6e77a598c6b9238cc1ae4a5b197cb68d7c0a42fd97e3d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/aot_compile.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 120806, "scanner": "repobility-threat-engine", "fingerprint": "77082e74d19d45e1e79527ba62d80afe316cef3d585f479a1d9df9ffe05aa1c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|77082e74d19d45e1e79527ba62d80afe316cef3d585f479a1d9df9ffe05aa1c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/kotlin/src/main/kotlin/com/google/ai/edge/litert/deployment/AiPackModelProvider.kt"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120800, "scanner": "repobility-threat-engine", "fingerprint": "38c2a3be82aecc60943941ea70f06d482da4d9527d9961127f0ff92893ce1177", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "liteRtModel.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|38c2a3be82aecc60943941ea70f06d482da4d9527d9961127f0ff92893ce1177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/selfie_multiclass/src/index.ts"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120799, "scanner": "repobility-threat-engine", "fingerprint": "66a80776d9662a91f76f09b9da7ba73bc42c2bf74588ddbcdcad3206dcee4acd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "gpuInputTensor.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|66a80776d9662a91f76f09b9da7ba73bc42c2bf74588ddbcdcad3206dcee4acd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/real_esrgan/src/upscaler.ts"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120798, "scanner": "repobility-threat-engine", "fingerprint": "b4bd4e9a9763b937c9f7b27e0bc301cf2d4baa5ab1d5a534b405776a19f3895b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "inputTensor.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b4bd4e9a9763b937c9f7b27e0bc301cf2d4baa5ab1d5a534b405776a19f3895b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/src/depth_estimator.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 120796, "scanner": "repobility-threat-engine", "fingerprint": "b02dd406f000e25488f5eacbd0073f5230f0da9b3d5c195ad2dc11ce6bb7cf32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b02dd406f000e25488f5eacbd0073f5230f0da9b3d5c195ad2dc11ce6bb7cf32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/convert_model.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 120791, "scanner": "repobility-threat-engine", "fingerprint": "4a389b1e84f0d04a71593c54fc7e8d610a229ccd1fad83a754450b7b027beae8", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|39|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/convert_model.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120785, "scanner": "repobility-threat-engine", "fingerprint": "522bc6d7aee92deb2f850d7278428854ddc49100c92997966abe13760c1cedcd", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|522bc6d7aee92deb2f850d7278428854ddc49100c92997966abe13760c1cedcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/mobilenetv2/src/index.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120784, "scanner": "repobility-threat-engine", "fingerprint": "376ca4e793439f4746c7a948af68107dac3c25bf52e5dd41cb4113c024484aad", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|376ca4e793439f4746c7a948af68107dac3c25bf52e5dd41cb4113c024484aad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/demos/depth_anything/src/index.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120783, "scanner": "repobility-threat-engine", "fingerprint": "4bd1f8d0b1531d54dcb059c2c785c630e9f4cea19a288c7f21c5439814792a9e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(b", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4bd1f8d0b1531d54dcb059c2c785c630e9f4cea19a288c7f21c5439814792a9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/js/apps/model_tester/src/download.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 120769, "scanner": "repobility-threat-engine", "fingerprint": "7b402a3f518b8be061be8e8964a4f75c1e7dd21f0621f716ec93168631daedde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b402a3f518b8be061be8e8964a4f75c1e7dd21f0621f716ec93168631daedde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/vendors/intel_openvino/intel_openvino_backend.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 120768, "scanner": "repobility-threat-engine", "fingerprint": "5c3afce5d15a722567554b46681d24a2dcb2b9e47c02037e06aa98c275ccb057", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c3afce5d15a722567554b46681d24a2dcb2b9e47c02037e06aa98c275ccb057"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/aot/core/apply_plugin.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 120767, "scanner": "repobility-threat-engine", "fingerprint": "04ca2bb5f1a3706064a0f7299dcffd3e79fba12cb3ec6bb0e92390f187110221", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04ca2bb5f1a3706064a0f7299dcffd3e79fba12cb3ec6bb0e92390f187110221"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/intel/ai_edge_litert_sdk_intel/__init__.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `_download_and_extract` has cognitive complexity 52 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=4, elif=2, else=4, except=3, for=2, if=13, nested_bonus=24."}, "properties": {"repobilityId": 120763, "scanner": "repobility-threat-engine", "fingerprint": "3282586b70eeeebebed8ebf4a8e0cc0ad5a49eea6460a116886fbbe6ce0c4c3c", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 52 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_download_and_extract", "breakdown": {"if": 13, "for": 2, "elif": 2, "else": 4, "except": 3, "continue": 4, "nested_bonus": 24}, "complexity": 52, "correlation_key": "fp|3282586b70eeeebebed8ebf4a8e0cc0ad5a49eea6460a116886fbbe6ce0c4c3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/setup.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 120761, "scanner": "repobility-threat-engine", "fingerprint": "119568f539233773f181626bce2cdc1d818d901239d0e723f4b63c3654611747", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(path=target_dir, members=members_to_extract)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|119568f539233773f181626bce2cdc1d818d901239d0e723f4b63c3654611747"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/qualcomm/setup.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 120760, "scanner": "repobility-threat-engine", "fingerprint": "f72efba3895879cefaa989b04b724f96ecf564ba1b3a4f5d3376a70ae289011d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(path=target_dir, members=members_to_extract)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f72efba3895879cefaa989b04b724f96ecf564ba1b3a4f5d3376a70ae289011d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/mediatek/setup.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 120759, "scanner": "repobility-threat-engine", "fingerprint": "7616cc62dedbb413671e1d7624b14213836839e46fc1ec9ba1f4c8cea5df7954", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(path=target_dir, members=members_to_extract)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7616cc62dedbb413671e1d7624b14213836839e46fc1ec9ba1f4c8cea5df7954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ci/tools/python/vendor_sdk/google_tensor/setup.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120943, "scanner": "repobility-ast-engine", "fingerprint": "e77faf98d6fef56f14f8f6bcd812c4f06263576dc9f52e1b63acfc44e3913943", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e77faf98d6fef56f14f8f6bcd812c4f06263576dc9f52e1b63acfc44e3913943"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/lite_v2_test.py"}, "region": {"startLine": 1524}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120937, "scanner": "repobility-ast-engine", "fingerprint": "8f7e134c8f0d99678a5d99b78d0c38739bd3e6cfb4c96d404b94d85235258a09", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f7e134c8f0d99678a5d99b78d0c38739bd3e6cfb4c96d404b94d85235258a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/util.py"}, "region": {"startLine": 1033}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120936, "scanner": "repobility-ast-engine", "fingerprint": "d7e59885feae3cd6ae28cc93694c69687a4a573e8af746040568c54a6a0beb87", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7e59885feae3cd6ae28cc93694c69687a4a573e8af746040568c54a6a0beb87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tflite/python/util.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120909, "scanner": "repobility-ast-engine", "fingerprint": "0f3cb6b328cd98a784a7c788cb9823c333198a1dae8cbfcdef9cb1cff4331939", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f3cb6b328cd98a784a7c788cb9823c333198a1dae8cbfcdef9cb1cff4331939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/python/litert_wrapper/tensor_buffer_wrapper/tensor_buffer.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 120871, "scanner": "repobility-ast-engine", "fingerprint": "8bb4442b48ead5f61995a964c90604845042475b3f31b1252acd136f4e781438", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb4442b48ead5f61995a964c90604845042475b3f31b1252acd136f4e781438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tensor/examples/gemma3/gemma3_safetensor_quantizer.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 120776, "scanner": "repobility-threat-engine", "fingerprint": "129b01b0dacf937f7b6d2b34accdc5d36d6a03fd41c895313df760cf9dca6969", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|129b01b0dacf937f7b6d2b34accdc5d36d6a03fd41c895313df760cf9dca6969"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/internal/scoped_file_win.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 120775, "scanner": "repobility-threat-engine", "fingerprint": "e7124125a7e933a5a21b890eea41e7f232553cdb10d2799f612bd743e0628ec0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7124125a7e933a5a21b890eea41e7f232553cdb10d2799f612bd743e0628ec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/internal/scoped_file_posix.h"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 120774, "scanner": "repobility-threat-engine", "fingerprint": "d23c66bf6ba2b6ff6f853c29d1fa185bc3f0d6c91270a44f827b8d94a46411d2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d23c66bf6ba2b6ff6f853c29d1fa185bc3f0d6c91270a44f827b8d94a46411d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litert/cc/internal/litert_shared_library_test.cc"}, "region": {"startLine": 93}}}]}]}]}