{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `run_check_call` (list): `def run_check_call(... = []/{}/set())` \u2014 Python's defau", "shortDescription": {"text": "[MINED109] Mutable default argument in `run_check_call` (list): `def run_check_call(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def run_check_call(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Mount the database data directory to a named Docker volume or managed persistent disk, and document backup and restore testing."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `connect` image uses the latest tag", "shortDescription": {"text": "Compose service `connect` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `generate_overview` has cognitive complexity 19 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `generate_overview` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "Give the database a healthcheck and change the dependency to `depends_on: { db: { condition: service_healthy } }`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Add a database-native healthcheck such as pg_isready, mysqladmin ping, redis-cli ping, or the vendor's readiness command."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 2 more): Same pattern found in 2 additional files. ", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED081", "name": "[MINED081] Java Printstacktrace (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED081] Java Printstacktrace (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED073", "name": "[MINED073] Redos Greedy Quantifier: Pattern with nested quantifiers like (a+)+ applied to network/user data \u2014 denial of ", "shortDescription": {"text": "[MINED073] Redos Greedy Quantifier: Pattern with nested quantifiers like (a+)+ applied to network/user data \u2014 denial of service."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1333,CWE-400 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-java-on-azure-1.0-", "shortDescription": {"text": "[MINED134] Binary file `sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-java-on-azure-1.0-SNAPSHOT.jar` committed in source repo: `sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-j"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/open", "shortDescription": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so ever"}, "fullDescription": {"text": "Replace with: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `azure-sdk-for-java-codegen` pulled from URL/Git: `dependencies.azure-sdk-for-java-codegen` ", "shortDescription": {"text": "[MINED122] package.json dep `azure-sdk-for-java-codegen` pulled from URL/Git: `dependencies.azure-sdk-for-java-codegen` = `file:` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `azure/azure-sdk-actions` pinned to mutable ref `@main`: `uses: azure/azure-sdk-actions@main` resolves", "shortDescription": {"text": "[MINED115] Action `azure/azure-sdk-actions` pinned to mutable ref `@main`: `uses: azure/azure-sdk-actions@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files co"}, "fullDescription": {"text": "Replace with: `uses: azure/azure-sdk-actions@<40-char-sha>  # main` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_version_greater_than` of class `Tests` r", "shortDescription": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_version_greater_than` of class `Tests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribute"}, "fullDescription": {"text": "Initialize `self.assertEqual = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED102", "name": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command i", "shortDescription": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "fullDescription": {"text": "Use the list form of subprocess (e.g. subprocess.run([\"cmd\", arg1, arg2])) with shell=False. Never combine shell=True with string interpolation."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1196"}, "properties": {"repository": "Azure/azure-sdk-for-java", "repoUrl": "https://github.com/Azure/azure-sdk-for-java", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120351, "scanner": "repobility-ast-engine", "fingerprint": "f71739bd0e8b480163c2279755078f32a4aa1e1fcc32dc9d3638e6518d38adae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f71739bd0e8b480163c2279755078f32a4aa1e1fcc32dc9d3638e6518d38adae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/generate_utils.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `run_check_call` (list): `def run_check_call(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 120350, "scanner": "repobility-ast-engine", "fingerprint": "13c6cc53b1942c5f30652b27262e067dd3489b92c3f14872a0e2409d976a1022", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13c6cc53b1942c5f30652b27262e067dd3489b92c3f14872a0e2409d976a1022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/versioning/utils.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 120347, "scanner": "repobility-ast-engine", "fingerprint": "42605cfc5314cc4f583c7569f1136ad6738514eb931abf64eb7d4500ab0a718f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42605cfc5314cc4f583c7569f1136ad6738514eb931abf64eb7d4500ab0a718f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/versioning/update_versions.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 120337, "scanner": "repobility-docker", "fingerprint": "393ede80f3cd65189dda57e7a7e0de310cfbf8595cd9c5fc1244b02aa7c8ec77", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "connect", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|393ede80f3cd65189dda57e7a7e0de310cfbf8595cd9c5fc1244b02aa7c8ec77", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `connect` image uses the latest tag"}, "properties": {"repobilityId": 120335, "scanner": "repobility-docker", "fingerprint": "3e85535a1ea91fa3a38c69c393116969872235caa707ce63787f275e3f8df850", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "cosmosdb-kafka-connect:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3e85535a1ea91fa3a38c69c393116969872235caa707ce63787f275e3f8df850"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 120333, "scanner": "repobility-docker", "fingerprint": "5bf9a1de9c3a8843bfa8d61e10f13b201bcff9b5f0e1e3bc02ee4f844d464c8d", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "kafka-topics-ui", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|5bf9a1de9c3a8843bfa8d61e10f13b201bcff9b5f0e1e3bc02ee4f844d464c8d", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 120330, "scanner": "repobility-docker", "fingerprint": "801f6d54ea70914836e7db2417ad0724248524af15f636d765a0e99e539bfa0a", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "rest-proxy", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|801f6d54ea70914836e7db2417ad0724248524af15f636d765a0e99e539bfa0a", "expected_targets": ["/bitnami/kafka", "/var/lib/kafka/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 120322, "scanner": "repobility-docker", "fingerprint": "a5ac4f85d1bf1358a0bf3222834b56c6e39f09438799b2dee11eff1a1c4444d9", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "zookeeper", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|a5ac4f85d1bf1358a0bf3222834b56c6e39f09438799b2dee11eff1a1c4444d9", "expected_targets": ["/bitnami/zookeeper", "/data", "/datalog"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120320, "scanner": "repobility-docker", "fingerprint": "47180a8d124988d42f1b864e781b76174561e5301629aa2986873c73c37895ea", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/openjdk/jdk:21-mariner", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|47180a8d124988d42f1b864e781b76174561e5301629aa2986873c73c37895ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-share-stress/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120318, "scanner": "repobility-docker", "fingerprint": "e234d4855d8f30a63a16d45ede2725f08d10924cc2bce3d45515ac46fe16fd8c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/openjdk/jdk:21-mariner", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e234d4855d8f30a63a16d45ede2725f08d10924cc2bce3d45515ac46fe16fd8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-datalake-stress/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120316, "scanner": "repobility-docker", "fingerprint": "6b3de102f211fa9e3abdd0a24f36c55de8ea70f146014ad07b51e1f97e3fbd90", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/openjdk/jdk:21-mariner", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6b3de102f211fa9e3abdd0a24f36c55de8ea70f146014ad07b51e1f97e3fbd90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-blob-stress/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120314, "scanner": "repobility-docker", "fingerprint": "db0bea1599146f236ddadae63554bd87583c4e5e0bdf2a317b242fd2560f8df8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/openjdk/jdk:21-mariner", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|db0bea1599146f236ddadae63554bd87583c4e5e0bdf2a317b242fd2560f8df8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/servicebus/azure-messaging-servicebus-stress/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120312, "scanner": "repobility-docker", "fingerprint": "b4166bd87a66986e5244543dd0aa6e71faf6c34989ee165df58fc4bb39ea122e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "openjdk:17-oracle", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b4166bd87a66986e5244543dd0aa6e71faf6c34989ee165df58fc4bb39ea122e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/identity/live-test-apps/identity-test-container/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120310, "scanner": "repobility-docker", "fingerprint": "8cb9b199a80a14275cc258df9578d7c7f6b6de6b0c9f635439d0cecf8fa183ff", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/openjdk/jdk:21-mariner", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8cb9b199a80a14275cc258df9578d7c7f6b6de6b0c9f635439d0cecf8fa183ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/eventhubs/azure-messaging-eventhubs-stress/Dockerfile"}, "region": {"startLine": 34}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120308, "scanner": "repobility-docker", "fingerprint": "1e79908f874ef289ed63bc1bab6830e8474f6511462bac6f197ca4cf8a044ceb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "confluentinc/cp-kafka-connect:7.5.0", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1e79908f874ef289ed63bc1bab6830e8474f6511462bac6f197ca4cf8a044ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 120306, "scanner": "repobility-docker", "fingerprint": "ffb9196e99dcd0738642fcd88de4502f9e277c4aff30a9dd3fde3eb19ac2dbb6", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/mirror/docker/library/ubuntu:18.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ffb9196e99dcd0738642fcd88de4502f9e277c4aff30a9dd3fde3eb19ac2dbb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-benchmark/ctl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120268, "scanner": "repobility-threat-engine", "fingerprint": "ad2f59bb560ab123103ec94347ca97808c4c3d5213ed2ea25283370d7711eda8", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|63|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents/src/samples/java/com/azure/ai/agents/hostedagents/SessionFilesSample.java"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120267, "scanner": "repobility-threat-engine", "fingerprint": "5f218bb4f8b2a08c9df782b9323535a32b1af68051f98c4e09e5824465cf8632", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|67|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents/src/samples/java/com/azure/ai/agents/hostedagents/SessionFilesAsyncSample.java"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 120266, "scanner": "repobility-threat-engine", "fingerprint": "2c8ef2b0e20ac39fd196486efc108e09fc70b303863d0ed3547fbe0fa967f8bd", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|23|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents/customizations/src/main/java/AgentsCustomizations.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 120255, "scanner": "repobility-threat-engine", "fingerprint": "97e07bc3d65d5a21cdb40a2231c962e65165194b528866a4258ee49b44789c59", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "location.href = getPackageUrl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|97e07bc3d65d5a21cdb40a2231c962e65165194b528866a4258ee49b44789c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/common/docgeneration/templates/matthews/styles/main.js"}, "region": {"startLine": 141}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 120254, "scanner": "repobility-threat-engine", "fingerprint": "305feec17d098ed9cb636d196acedb98f6bd99b53bcc5811871382b9d2f25f96", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"' + getPackageUrl(SELECTED_LANGUAGE, packageName, version) + '\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|151|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/common/docgeneration/templates/matthews/styles/main.js"}, "region": {"startLine": 151}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `generate_overview` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=4, if=6, nested_bonus=7."}, "properties": {"repobilityId": 120244, "scanner": "repobility-threat-engine", "fingerprint": "49a6a2d3cf7d7e7e6139e077241ad1971248f451dd483b2433dbb29f9cc47b4d", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "generate_overview", "breakdown": {"if": 6, "for": 4, "else": 2, "nested_bonus": 7}, "complexity": 19, "correlation_key": "fp|49a6a2d3cf7d7e7e6139e077241ad1971248f451dd483b2433dbb29f9cc47b4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/pipelines/scripts/generate_overview_from_readme.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `sdk_automation_autorest` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=8, nested_bonus=9, ternary=1."}, "properties": {"repobilityId": 120242, "scanner": "repobility-threat-engine", "fingerprint": "cf1e2e6bb41bdd94cd96ef0dd1777286eb9b2931ddc5a9889cc133d4f295534c", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "sdk_automation_autorest", "breakdown": {"if": 8, "for": 1, "else": 2, "ternary": 1, "nested_bonus": 9}, "complexity": 21, "correlation_key": "fp|cf1e2e6bb41bdd94cd96ef0dd1777286eb9b2931ddc5a9889cc133d4f295534c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120346, "scanner": "repobility-docker", "fingerprint": "eceb151677db732069328876b3e1233f1fd9da005e34c57b85286f995d1934aa", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "zoonavigator", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|eceb151677db732069328876b3e1233f1fd9da005e34c57b85286f995d1934aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 183}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120345, "scanner": "repobility-docker", "fingerprint": "423bd722afa9daaa256de12136d395203fa033c51890f1294ae738dd68459860", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "zoonavigator", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|423bd722afa9daaa256de12136d395203fa033c51890f1294ae738dd68459860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 183}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 120344, "scanner": "repobility-docker", "fingerprint": "ad7517d326c4ac466b65303a945a8eb137d591f67d0255ab87d6eda6a57db495", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "ksqldb-server", "dependency": "connect", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|ad7517d326c4ac466b65303a945a8eb137d591f67d0255ab87d6eda6a57db495", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 160}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120343, "scanner": "repobility-docker", "fingerprint": "627f26a09b476de9b06f1095dc219ef662f7eb9b761eaa4b3cd327b8ea59901c", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "ksqldb-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|627f26a09b476de9b06f1095dc219ef662f7eb9b761eaa4b3cd327b8ea59901c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 160}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120342, "scanner": "repobility-docker", "fingerprint": "c5108d25075ea6d863c7697b9f1960d931cab3ee5f571bc71298feaead1113b0", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "ksqldb-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c5108d25075ea6d863c7697b9f1960d931cab3ee5f571bc71298feaead1113b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 160}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 120341, "scanner": "repobility-docker", "fingerprint": "6ac9e67943879fb149a2f1e5c614546930bdf3a60179e160a549d9bef0998fb0", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "control-center", "dependency": "connect", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|6ac9e67943879fb149a2f1e5c614546930bdf3a60179e160a549d9bef0998fb0", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120340, "scanner": "repobility-docker", "fingerprint": "d080a79916d9b2ec8480a638f86d2bf469a5be9857604b5dbc5d70943d80e63c", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d080a79916d9b2ec8480a638f86d2bf469a5be9857604b5dbc5d70943d80e63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120339, "scanner": "repobility-docker", "fingerprint": "bbcd6272e903df0d3452fad1d7d655b721aff73433249d507cbebb3e76ee9d0c", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "control-center", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bbcd6272e903df0d3452fad1d7d655b721aff73433249d507cbebb3e76ee9d0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 120338, "scanner": "repobility-docker", "fingerprint": "9c5da910a0841479a4a530a150e1267c7d7ca5605520cc688877945ff1d03fbc", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "connect", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|9c5da910a0841479a4a530a150e1267c7d7ca5605520cc688877945ff1d03fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 120334, "scanner": "repobility-docker", "fingerprint": "0f1259bd4f4472e3a68492828f51670f356ab3764f1d8d6976b31ee6f007e470", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "kafka-topics-ui", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0f1259bd4f4472e3a68492828f51670f356ab3764f1d8d6976b31ee6f007e470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 120331, "scanner": "repobility-docker", "fingerprint": "832a7872332c7dbe10b1ba3caa65acb21e9145b499b24fac370dbfac373168b2", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "rest-proxy", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|832a7872332c7dbe10b1ba3caa65acb21e9145b499b24fac370dbfac373168b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120328, "scanner": "repobility-docker", "fingerprint": "8c96a17cbd06359fa3415c725b22ff7b1b598981dd98e3a2715398169985ced5", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "schema-registry-ui", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8c96a17cbd06359fa3415c725b22ff7b1b598981dd98e3a2715398169985ced5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120327, "scanner": "repobility-docker", "fingerprint": "7fcc4e205a61fb772d07ee883e61fa8a71838f13266534c9ac5bffe0924456ed", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "schema-registry-ui", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7fcc4e205a61fb772d07ee883e61fa8a71838f13266534c9ac5bffe0924456ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120326, "scanner": "repobility-docker", "fingerprint": "10978c16055480a28ecfc83691bb9d7ce52958462c103f90c044c7465a073b44", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "schema-registry", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|10978c16055480a28ecfc83691bb9d7ce52958462c103f90c044c7465a073b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120325, "scanner": "repobility-docker", "fingerprint": "53c4cebdba491d306e1be95ad14eb1bda839cc30640f38ca38902837e17d8e66", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "schema-registry", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|53c4cebdba491d306e1be95ad14eb1bda839cc30640f38ca38902837e17d8e66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120324, "scanner": "repobility-docker", "fingerprint": "cf00ecbc0544f336125a2fe57a3e71ceea20158de39897a19e584a2b08fe3ff6", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "broker", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cf00ecbc0544f336125a2fe57a3e71ceea20158de39897a19e584a2b08fe3ff6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 120323, "scanner": "repobility-docker", "fingerprint": "f9b2f5535ba05971c21ea06210867f2a13f9ea54a4d1e60bfa2e3159aae7ef28", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "zookeeper", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f9b2f5535ba05971c21ea06210867f2a13f9ea54a4d1e60bfa2e3159aae7ef28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 120307, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 120305, "scanner": "repobility-docker", "fingerprint": "dfa75ccde6fd902112e0d86ebeedb14d3a98bd7e112083744d7b31f961ee6e7d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dfa75ccde6fd902112e0d86ebeedb14d3a98bd7e112083744d7b31f961ee6e7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-benchmark/ctl/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 120304, "scanner": "repobility-docker", "fingerprint": "bad1466599946aee2ee6553ba623382014df2206ac680739797cf9a5bc17475a", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bad1466599946aee2ee6553ba623382014df2206ac680739797cf9a5bc17475a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-benchmark/ctl/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120302, "scanner": "repobility-ai-code-hygiene", "fingerprint": "362e9e2fae98a769f5b24f9f04e7f8ccfc2f1727e2db5b2f914c66e90d4d0677", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|362e9e2fae98a769f5b24f9f04e7f8ccfc2f1727e2db5b2f914c66e90d4d0677"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/SolutionInner.java"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120301, "scanner": "repobility-ai-code-hygiene", "fingerprint": "823a14e079dc8ecfbb6a07dd8c18743fd72acd24708c8e5572a0d811927f936b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 23, "correlation_key": "fp|823a14e079dc8ecfbb6a07dd8c18743fd72acd24708c8e5572a0d811927f936b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/SolutionInner.java"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120300, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca2ecae85b7dfa01343a71abd264be231c70842c6694416b497e74f4b051a8d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|ca2ecae85b7dfa01343a71abd264be231c70842c6694416b497e74f4b051a8d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateLinkResourceInner.java"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120299, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8aebd4e67c8bede66bacc87351e84a14bc0c32124315d9d720835f2b3c22dce3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 26, "correlation_key": "fp|8aebd4e67c8bede66bacc87351e84a14bc0c32124315d9d720835f2b3c22dce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateLinkResourceInner.java"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120298, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f34c2001b8cd8ce9044fd487623f7e700ec3c1d2ebb4f782f9f4b82e6a775eb5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsExtensionInner.java", "duplicate_line": 21, "correlation_key": "fp|f34c2001b8cd8ce9044fd487623f7e700ec3c1d2ebb4f782f9f4b82e6a775eb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateLinkResourceInner.java"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120297, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a1b5f6e1778f358ad10c7c944bb3aabe769a231e1e348304686d8c40db5a291", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|6a1b5f6e1778f358ad10c7c944bb3aabe769a231e1e348304686d8c40db5a291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateEndpointConnectionInner.java"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120296, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fec226f5a375c70130b93586d552c1de1ffb50ba02bc30398ec2e38a1e421441", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 26, "correlation_key": "fp|fec226f5a375c70130b93586d552c1de1ffb50ba02bc30398ec2e38a1e421441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateEndpointConnectionInner.java"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120295, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b031e0c5d95213d7dcf7d15cb8aae520cdc5ccf7b95207f872285813b9b338fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsExtensionInner.java", "duplicate_line": 21, "correlation_key": "fp|b031e0c5d95213d7dcf7d15cb8aae520cdc5ccf7b95207f872285813b9b338fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/PrivateEndpointConnectionInner.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120294, "scanner": "repobility-ai-code-hygiene", "fingerprint": "618c5c4e8868ae673ba83be22adf244e653e1aadc210e901ca48cfe27184e024", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|618c5c4e8868ae673ba83be22adf244e653e1aadc210e901ca48cfe27184e024"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsSolutionInner.java"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120293, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bdb0a84332a5c25df0612b5d47c004f3c419dfef3c450d7bcde2a7fea953e7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 26, "correlation_key": "fp|2bdb0a84332a5c25df0612b5d47c004f3c419dfef3c450d7bcde2a7fea953e7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsSolutionInner.java"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "76b8aabf5e3b6b4031cf8917dd6a2a0a0f7f05a08783a704b34b0d8062963368", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|76b8aabf5e3b6b4031cf8917dd6a2a0a0f7f05a08783a704b34b0d8062963368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsInner.java"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4fb7f1a2d89494b01229c9d98564909d44ac9c42685a4f5f880671a20bde4b22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 26, "correlation_key": "fp|4fb7f1a2d89494b01229c9d98564909d44ac9c42685a4f5f880671a20bde4b22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsInner.java"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d98ccdbd0fac071ed677a81f729920a9bcc2f470b537eb5cb266baad475c34c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsExtensionInner.java", "duplicate_line": 21, "correlation_key": "fp|d98ccdbd0fac071ed677a81f729920a9bcc2f470b537eb5cb266baad475c34c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsInner.java"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b59ca3f45c09717a6686ba1f63f5ef6253daf4847aa4a5b87e3fd2039d820c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|5b59ca3f45c09717a6686ba1f63f5ef6253daf4847aa4a5b87e3fd2039d820c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsExtensionInner.java"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e79f7cd76161ecbf4cfc9e30ec12cf41bbd802fce33d6b1fd6c1dfc27c21b128", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java", "duplicate_line": 26, "correlation_key": "fp|e79f7cd76161ecbf4cfc9e30ec12cf41bbd802fce33d6b1fd6c1dfc27c21b128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/FarmBeatsExtensionInner.java"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120287, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ba52df62122fc0692238541eb60cdf1ddd8e989df1f63b67e9abd2d76fb4fad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 21, "correlation_key": "fp|8ba52df62122fc0692238541eb60cdf1ddd8e989df1f63b67e9abd2d76fb4fad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/fluent/models/ExtensionInner.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120286, "scanner": "repobility-ai-code-hygiene", "fingerprint": "13a72778551ae210115ffb1afb657292c8cec83f84893033d86adf70d2fc844e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/AdvisorManager.java", "duplicate_line": 67, "correlation_key": "fp|13a72778551ae210115ffb1afb657292c8cec83f84893033d86adf70d2fc844e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/AgriFoodManager.java"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120285, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1bae92e9e569e54b18760a5f0dcdddb5ac2dd19644b9f61dc8efd07d2197c55", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/OperationEntityListResult.java", "duplicate_line": 27, "correlation_key": "fp|b1bae92e9e569e54b18760a5f0dcdddb5ac2dd19644b9f61dc8efd07d2197c55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/SuppressionContractListResult.java"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120284, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ccf587c885eaf01d984a89d8b466a9825e0e9a4e288c77f079bb6fa48a317b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/OperationEntityListResult.java", "duplicate_line": 27, "correlation_key": "fp|1ccf587c885eaf01d984a89d8b466a9825e0e9a4e288c77f079bb6fa48a317b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/ResourceRecommendationBaseListResult.java"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f857bbacccd6ab8f4b8fda95635a3aa0d885f1659ab84b83310477f7ef357b4c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/ConfigurationListResult.java", "duplicate_line": 27, "correlation_key": "fp|f857bbacccd6ab8f4b8fda95635a3aa0d885f1659ab84b83310477f7ef357b4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/models/MetadataEntityListResult.java"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3aa08f0941fbd21980a493741f68b779b6bb39529f506cd2990abf3ee313dbcb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/OperationsClientImpl.java", "duplicate_line": 112, "correlation_key": "fp|3aa08f0941fbd21980a493741f68b779b6bb39529f506cd2990abf3ee313dbcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/SuppressionsClientImpl.java"}, "region": {"startLine": 353}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "70d6cf8bcd92a7e43c7f3d4d93428364b4a1744050da70c9108ba322fedbf9e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/ConfigDataImpl.java", "duplicate_line": 14, "correlation_key": "fp|70d6cf8bcd92a7e43c7f3d4d93428364b4a1744050da70c9108ba322fedbf9e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/SuppressionContractImpl.java"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c066aa113c78997c2af8d0d39f1f7a0f9261d1cae355c3fd11c43c5b465625e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/ResourceRecommendationBaseImpl.java", "duplicate_line": 17, "correlation_key": "fp|6c066aa113c78997c2af8d0d39f1f7a0f9261d1cae355c3fd11c43c5b465625e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/SuppressionContractImpl.java"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3fdbd03c08daf8f95a2270125ba24bdaea110d4b9846a59370262c3c160bf5e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/ConfigDataImpl.java", "duplicate_line": 14, "correlation_key": "fp|3fdbd03c08daf8f95a2270125ba24bdaea110d4b9846a59370262c3c160bf5e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/ResourceRecommendationBaseImpl.java"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec2b4f6105e31d9df3c2aaa57243dcb9f0adeafc5a2cb60bdaa8111f2ca7d966", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/OperationsClientImpl.java", "duplicate_line": 112, "correlation_key": "fp|ec2b4f6105e31d9df3c2aaa57243dcb9f0adeafc5a2cb60bdaa8111f2ca7d966"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/RecommendationsClientImpl.java"}, "region": {"startLine": 309}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc341889bfb2ca5c75cb3854bc16f1541399f2e6ec49ad66f9aef6baa8164093", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/OperationsClientImpl.java", "duplicate_line": 112, "correlation_key": "fp|fc341889bfb2ca5c75cb3854bc16f1541399f2e6ec49ad66f9aef6baa8164093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/implementation/RecommendationMetadatasClientImpl.java"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42964488d1702d10957c1ef9d1a33e654eb03e56a20323c38aa3f20e57fbda69", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 20, "correlation_key": "fp|42964488d1702d10957c1ef9d1a33e654eb03e56a20323c38aa3f20e57fbda69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/SuppressionContractInner.java"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "526e87b661bf510b7bd5b036a315dff02d6637ef10a146202dad11be6b8bda8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ConfigDataInner.java", "duplicate_line": 20, "correlation_key": "fp|526e87b661bf510b7bd5b036a315dff02d6637ef10a146202dad11be6b8bda8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/advisor/azure-resourcemanager-advisor/src/main/java/com/azure/resourcemanager/advisor/fluent/models/ResourceRecommendationBaseInner.java"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "273d162165746652f16b3c8032ba56957051ed88c41ba87bb11dee63cce446f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "eng/automation/generate.py", "duplicate_line": 61, "correlation_key": "fp|273d162165746652f16b3c8032ba56957051ed88c41ba87bb11dee63cce446f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87affe4467851e7532c483c08afacef2f50a4bff3585665e1a0891469a54e7c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "eng/automation/generate.py", "duplicate_line": 349, "correlation_key": "fp|87affe4467851e7532c483c08afacef2f50a4bff3585665e1a0891469a54e7c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/generate_data.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 120271, "scanner": "repobility-threat-engine", "fingerprint": "a28b06db1b3841dfe4234618d8a12a68372bd5a060c4eda9ccdf1f2a6ebf98ce", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Deleted index: \" + indexName + \", version: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a28b06db1b3841dfe4234618d8a12a68372bd5a060c4eda9ccdf1f2a6ebf98ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-projects/src/samples/java/com/azure/ai/projects/IndexesAsyncSample.java"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 120270, "scanner": "repobility-threat-engine", "fingerprint": "bd7a87ff5a985e9c989b6d43ca60e020ca00631fca65a800709bc911bec25cdc", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Deleted dataset: \" + datasetName + \", version: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd7a87ff5a985e9c989b6d43ca60e020ca00631fca65a800709bc911bec25cdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-projects/src/samples/java/com/azure/ai/projects/DatasetsSample.java"}, "region": {"startLine": 118}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 120269, "scanner": "repobility-threat-engine", "fingerprint": "0073320851a75b0af6e97ebbd91c8033d94128ceeac27051bb3f6e03a43f85c5", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Deleted dataset: \" + datasetName + \", version: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0073320851a75b0af6e97ebbd91c8033d94128ceeac27051bb3f6e03a43f85c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-projects/src/samples/java/com/azure/ai/projects/DatasetsAsyncSample.java"}, "region": {"startLine": 122}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=6, nested_bonus=3."}, "properties": {"repobilityId": 120243, "scanner": "repobility-threat-engine", "fingerprint": "e2eb3e3837164fb981bfbea93b666816181411452aa61a63c5305a08451cf1c9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "else": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|e2eb3e3837164fb981bfbea93b666816181411452aa61a63c5305a08451cf1c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120319, "scanner": "repobility-docker", "fingerprint": "7fba6704ac615f5530d2ca181c8e7b25ce1d15a8485f2222b7035b6d1741dae7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}/java/jdk-mariner-mvn:jdk11-latest", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7fba6704ac615f5530d2ca181c8e7b25ce1d15a8485f2222b7035b6d1741dae7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-share-stress/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120317, "scanner": "repobility-docker", "fingerprint": "fa60c72648eb151f274da8b68d084b37ebdfc389169c7a2ba2d4d9a24e17644e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}/java/jdk-mariner-mvn:jdk11-latest", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fa60c72648eb151f274da8b68d084b37ebdfc389169c7a2ba2d4d9a24e17644e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-datalake-stress/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120315, "scanner": "repobility-docker", "fingerprint": "02232125cf136cb0900590d586dd13901e147242813d646c7a0978ab94d98b04", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}/java/jdk-mariner-mvn:jdk11-latest", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|02232125cf136cb0900590d586dd13901e147242813d646c7a0978ab94d98b04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-blob-stress/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120313, "scanner": "repobility-docker", "fingerprint": "4cb81e405ed06063bad9c52c622cc87f6b76b3bc963ec7a9617dce281dca4674", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}/java/jdk-mariner-mvn:jdk11-latest", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4cb81e405ed06063bad9c52c622cc87f6b76b3bc963ec7a9617dce281dca4674"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/servicebus/azure-messaging-servicebus-stress/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120311, "scanner": "repobility-docker", "fingerprint": "c857f0883847d4a90261ac4eeb6f92be4801ec2a5ab312405b0489af1d927719", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}alpine:3.19", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|c857f0883847d4a90261ac4eeb6f92be4801ec2a5ab312405b0489af1d927719"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/identity/live-test-apps/identity-test-container/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120309, "scanner": "repobility-docker", "fingerprint": "c3d3f1f487dab24907f7b552c9e98777edd628bcd39542ebd412717fc92a9272", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${REGISTRY}/java/jdk-mariner-mvn:jdk11-latest", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|c3d3f1f487dab24907f7b552c9e98777edd628bcd39542ebd412717fc92a9272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/eventhubs/azure-messaging-eventhubs-stress/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120272, "scanner": "repobility-threat-engine", "fingerprint": "802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 120265, "scanner": "repobility-threat-engine", "fingerprint": "b33b9fa30193bee8937fded79de0a89e3cbc0227353c6d1fa8988e662e74e331", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b33b9fa30193bee8937fded79de0a89e3cbc0227353c6d1fa8988e662e74e331"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 120264, "scanner": "repobility-threat-engine", "fingerprint": "3120a643b2077eba63677fea1b709a5fc733a3ee8088180095e023766995a8d4", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|61|sec118", "duplicate_count": 2, "duplicate_rule_ids": ["SEC118"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["0c8645f8fd113e002bcf7e4faa55afde5fed4163b21484e4cc3966e1abd1a6fd", "3120a643b2077eba63677fea1b709a5fc733a3ee8088180095e023766995a8d4", "6c15151821fc4c5d4303bd5bd98729f140b5f7abdd27bdae2978ed8a52a91c62"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents-persistent/src/main/java/com/azure/ai/agents/persistent/implementation/MultipartFormDataHelper.java"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 120263, "scanner": "repobility-threat-engine", "fingerprint": "719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 120256, "scanner": "repobility-threat-engine", "fingerprint": "91763d857517fe595f103850dbc893d1eac1ef3e259a572c4185beb2bf0b32d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91763d857517fe595f103850dbc893d1eac1ef3e259a572c4185beb2bf0b32d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/common/docgeneration/templates/matthews/styles/main.js"}, "region": {"startLine": 226}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 120253, "scanner": "repobility-threat-engine", "fingerprint": "648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d"}}}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 120249, "scanner": "repobility-threat-engine", "fingerprint": "2eedcdec5adf053abc4bf396e00cba61d478c13e711675908ce91342788a1fb3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2eedcdec5adf053abc4bf396e00cba61d478c13e711675908ce91342788a1fb3", "aggregated_count": 2}}}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 120248, "scanner": "repobility-threat-engine", "fingerprint": "8c8246ba22316a5bb5569c4f14937e3f21188ffee6a9a00131c5495a1681b255", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c8246ba22316a5bb5569c4f14937e3f21188ffee6a9a00131c5495a1681b255"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "samples/azure-samples-graalvm-spring-storageexplorer/src/main/java/com/azure/samples/graalvm/spring/storageexplorer/StorageServiceController.java"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 120247, "scanner": "repobility-threat-engine", "fingerprint": "6567e985ecc287dc2bf9c851401a1de15800ed13426cfaf7b71c08910bbd27c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6567e985ecc287dc2bf9c851401a1de15800ed13426cfaf7b71c08910bbd27c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/bomgenerator/src/main/java/com/azure/tools/bomgenerator/models/BOMReport.java"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 120246, "scanner": "repobility-threat-engine", "fingerprint": "651307f2908a4f9dd87b4e37928954284ca5295922bae3ae2226a5a25d7ab039", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|651307f2908a4f9dd87b4e37928954284ca5295922bae3ae2226a5a25d7ab039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/bomgenerator/src/main/java/com/azure/tools/bomgenerator/Main.java"}, "region": {"startLine": 35}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 120245, "scanner": "repobility-threat-engine", "fingerprint": "29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "sdk_automation_autorest", "breakdown": {"if": 8, "for": 1, "else": 2, "ternary": 1, "nested_bonus": 9}, "aggregated": true, "complexity": 21, "correlation_key": "fp|29306b5028b90ab8087937c717cb745fd7e07ab4ccb4b2237f19cccb49788ca3", "aggregated_count": 9}}}, {"ruleId": "MINED073", "level": "none", "message": {"text": "[MINED073] Redos Greedy Quantifier: Pattern with nested quantifiers like (a+)+ applied to network/user data \u2014 denial of service."}, "properties": {"repobilityId": 120241, "scanner": "repobility-threat-engine", "fingerprint": "9e11a95d430eb61159813757b97c61addcfe9ba378f9760d2d2133b6a15e945d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "redos-greedy-quantifier", "owasp": "A06:2021", "cwe_ids": ["CWE-1333", "CWE-400"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348072+00:00", "triaged_in_corpus": 12, "observations_count": 12702, "ai_coder_pattern_id": 35}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e11a95d430eb61159813757b97c61addcfe9ba378f9760d2d2133b6a15e945d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 120237, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120236, "scanner": "repobility-threat-engine", "fingerprint": "c2d840054268f1cd77adfe0ab1ce45713533e538755c0751fe1672191705eb53", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2d840054268f1cd77adfe0ab1ce45713533e538755c0751fe1672191705eb53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/scripts/linting_suppression_generator.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120235, "scanner": "repobility-threat-engine", "fingerprint": "b0230b830ea117090923c5cd1f897321d19b3ed754696e9942f689ff02270df2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0230b830ea117090923c5cd1f897321d19b3ed754696e9942f689ff02270df2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/precommit_local_build.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120234, "scanner": "repobility-threat-engine", "fingerprint": "c7ca6bac9b9cd1b823e2ca32f74675fd4cfc2a764ed4a6bcf2f6f4f6046b97bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7ca6bac9b9cd1b823e2ca32f74675fd4cfc2a764ed4a6bcf2f6f4f6046b97bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/parameters.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 120233, "scanner": "repobility-threat-engine", "fingerprint": "d75239158550e419ab14282686a6e34b5110843c36807983f696cf6bf5b7c767", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d75239158550e419ab14282686a6e34b5110843c36807983f696cf6bf5b7c767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "samples/azure-samples-graalvm-spring-storageexplorer/src/main/java/com/azure/samples/graalvm/spring/storageexplorer/storage/azure/AzureBlobStorageService.java"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 120232, "scanner": "repobility-threat-engine", "fingerprint": "b9afe32f5832ea642d306a993d9467e02c5c83b9208e220b06739629696924c6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9afe32f5832ea642d306a993d9467e02c5c83b9208e220b06739629696924c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/bomgenerator/src/main/java/com/azure/tools/bomgenerator/Main.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 120231, "scanner": "repobility-threat-engine", "fingerprint": "25a5127b2fed4011e6d52a1ce9abadb9346a603120efbc96b3b2e2c918f22f88", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25a5127b2fed4011e6d52a1ce9abadb9346a603120efbc96b3b2e2c918f22f88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog/src/main/java/com/azure/resourcemanager/tools/changelog/Main.java"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 120228, "scanner": "repobility-threat-engine", "fingerprint": "7600e69f05d6f61bd4affa9ac566dc491ec4649c5103a031d8b7ed7050f58358", "category": "path_traversal", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'abspath' detected on same line", "evidence": {"match": "os.path.join(os.path.dirname(sys.argv", "reason": "Safe pattern 'abspath' detected on same line", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|path_traversal|eng/automation/changelog.py|28|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-java-on-azure-1.0-SNAPSHOT.jar` committed in source repo: `sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-java-on-azure-1.0-SNAPSHOT.jar` is a .jar binary (27,198,217 bytes) committed to a repo that otherwise has 105318 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binar"}, "properties": {"repobilityId": 120394, "scanner": "repobility-supply-chain", "fingerprint": "14862ea4eada0de3cd494ee5ffc705a0d72c8d2f1667f21f26b1a03f27add4d5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14862ea4eada0de3cd494ee5ffc705a0d72c8d2f1667f21f26b1a03f27add4d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/resourcemanager/azure-resourcemanager-samples/src/main/resources/todo-app-java-on-azure-1.0-SNAPSHOT.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `eng/automation/changelog/src/test/resources/new.jar` committed in source repo: `eng/automation/changelog/src/test/resources/new.jar` is a .jar binary (313,644 bytes) committed to a repo that otherwise has 105318 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120393, "scanner": "repobility-supply-chain", "fingerprint": "cc5f39c9280c75229a6008476b9c348643197958a7202acbe84355979fb8a640", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc5f39c9280c75229a6008476b9c348643197958a7202acbe84355979fb8a640"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog/src/test/resources/new.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `eng/automation/changelog/src/test/resources/new-enum.jar` committed in source repo: `eng/automation/changelog/src/test/resources/new-enum.jar` is a .jar binary (1,293 bytes) committed to a repo that otherwise has 105318 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120392, "scanner": "repobility-supply-chain", "fingerprint": "47a8fec94d0574def68f9b330aa7e939aaea642e9c25c5b88ac0deab4f8d6473", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47a8fec94d0574def68f9b330aa7e939aaea642e9c25c5b88ac0deab4f8d6473"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog/src/test/resources/new-enum.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `eng/automation/changelog/src/test/resources/old.jar` committed in source repo: `eng/automation/changelog/src/test/resources/old.jar` is a .jar binary (312,248 bytes) committed to a repo that otherwise has 105318 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120391, "scanner": "repobility-supply-chain", "fingerprint": "74c1d27e5f578058d200629ab10feb0704ad252f8debe404aea7e569e442cd91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74c1d27e5f578058d200629ab10feb0704ad252f8debe404aea7e569e442cd91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog/src/test/resources/old.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `eng/automation/changelog/src/test/resources/old-enum.jar` committed in source repo: `eng/automation/changelog/src/test/resources/old-enum.jar` is a .jar binary (1,312 bytes) committed to a repo that otherwise has 105318 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 120390, "scanner": "repobility-supply-chain", "fingerprint": "3497f2ddb88b9de8a5f624d9f19d48eb3ff1f5524cfe5e496537ff14ae2c748a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3497f2ddb88b9de8a5f624d9f19d48eb3ff1f5524cfe5e496537ff14ae2c748a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog/src/test/resources/old-enum.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120389, "scanner": "repobility-supply-chain", "fingerprint": "c5697a5a8fd167831cd9945a4d045e58f628d853406351b4f7a4517231705c67", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c5697a5a8fd167831cd9945a4d045e58f628d853406351b4f7a4517231705c67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-blob-stress/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120388, "scanner": "repobility-supply-chain", "fingerprint": "6a0b8c0a3ec790db42df3574a18ca41107e0ddcced1866e7bfdd459fa5217389", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a0b8c0a3ec790db42df3574a18ca41107e0ddcced1866e7bfdd459fa5217389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-datalake-stress/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120387, "scanner": "repobility-supply-chain", "fingerprint": "dd201c7e6d63c13914fef85c97ed0eee1de0cdf11f4527ff0abfe4f37607e5bf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd201c7e6d63c13914fef85c97ed0eee1de0cdf11f4527ff0abfe4f37607e5bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/storage/azure-storage-file-share-stress/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120386, "scanner": "repobility-supply-chain", "fingerprint": "7f55ea7bdeb2362c026319003ba6efd571445924dc2d76fd2ff4ee5103d547bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f55ea7bdeb2362c026319003ba6efd571445924dc2d76fd2ff4ee5103d547bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/eventhubs/azure-messaging-eventhubs-stress/Dockerfile"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `confluentinc/cp-kafka-connect:7.5.0` not pinned by digest: `FROM confluentinc/cp-kafka-connect:7.5.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120385, "scanner": "repobility-supply-chain", "fingerprint": "663bb53cb7d9c25aab5cbfdde02dcf1940dcc2fb7ebac4c06372b53c866d3c5b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|663bb53cb7d9c25aab5cbfdde02dcf1940dcc2fb7ebac4c06372b53c866d3c5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/mirror/docker/library/ubuntu:18.04` not pinned by digest: `FROM mcr.microsoft.com/mirror/docker/library/ubuntu:18.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120384, "scanner": "repobility-supply-chain", "fingerprint": "4055cf55f87abc363d2d34776eb62c8ebb95b6b247a7b5635cbce6288d59ebf3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4055cf55f87abc363d2d34776eb62c8ebb95b6b247a7b5635cbce6288d59ebf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-benchmark/ctl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `openjdk:17-oracle` not pinned by digest: `FROM openjdk:17-oracle` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120383, "scanner": "repobility-supply-chain", "fingerprint": "ccc285ab42ccb1410ccf1a0d1f2a638fd4a14a30b691060344415c393e28d650", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccc285ab42ccb1410ccf1a0d1f2a638fd4a14a30b691060344415c393e28d650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/identity/live-test-apps/identity-test-container/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/openjdk/jdk:21-mariner` not pinned by digest: `FROM mcr.microsoft.com/openjdk/jdk:21-mariner` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 120382, "scanner": "repobility-supply-chain", "fingerprint": "60dca7d2ccefe3b23dec3c1f6ae61fb1b32601bf195979a13e72145387880842", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60dca7d2ccefe3b23dec3c1f6ae61fb1b32601bf195979a13e72145387880842"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/servicebus/azure-messaging-servicebus-stress/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `azure-sdk-for-java-codegen` pulled from URL/Git: `dependencies.azure-sdk-for-java-codegen` = `file:` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 120381, "scanner": "repobility-supply-chain", "fingerprint": "4ecb8662264eefac2c28a83fa5b08cc94eafd27143863c9dc1b189a665dfce70", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ecb8662264eefac2c28a83fa5b08cc94eafd27143863c9dc1b189a665dfce70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/batch/microsoft-azure-batch/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `azure/azure-sdk-actions` pinned to mutable ref `@main`: `uses: azure/azure-sdk-actions@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120380, "scanner": "repobility-supply-chain", "fingerprint": "7ab921d5ec0c17083ec4a5384599f6cc6f96effd1688aa4c0427d3bda9af6690", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ab921d5ec0c17083ec4a5384599f6cc6f96effd1688aa4c0427d3bda9af6690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/event.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120379, "scanner": "repobility-supply-chain", "fingerprint": "8f975f0a48086bec226ddeb0e79fd655dc3864c2e419d89cd99bbcd3fb4d7ba6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f975f0a48086bec226ddeb0e79fd655dc3864c2e419d89cd99bbcd3fb4d7ba6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/scheduled-event-processor.yml"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120378, "scanner": "repobility-supply-chain", "fingerprint": "9019199b6aa088a468dd4bab4363c7d3ebd0312054c3b85c843ac933d4dce25b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9019199b6aa088a468dd4bab4363c7d3ebd0312054c3b85c843ac933d4dce25b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/post-apiview.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120377, "scanner": "repobility-supply-chain", "fingerprint": "40788849b48955b69373dc896866c659e24bf63f93810f1454940471f499249f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|40788849b48955b69373dc896866c659e24bf63f93810f1454940471f499249f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120376, "scanner": "repobility-supply-chain", "fingerprint": "a377b47df5d1e6a4f30545a93d777fb443d269ecf77d5993e761af4f6ab6f005", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a377b47df5d1e6a4f30545a93d777fb443d269ecf77d5993e761af4f6ab6f005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/event-processor.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `azure/login` pinned to mutable ref `@v3`: `uses: azure/login@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 120375, "scanner": "repobility-supply-chain", "fingerprint": "62c4361cfc963e7846075c4fa7410c146c126a50e93dccde0b8c039882d1e509", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|62c4361cfc963e7846075c4fa7410c146c126a50e93dccde0b8c039882d1e509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/event-processor.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_version_greater_than` of class `Tests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120374, "scanner": "repobility-ast-engine", "fingerprint": "2106f4ac4b9d1707bcc8cd38d1dfe857ed9a8255467510ffc222e005aabdeee1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2106f4ac4b9d1707bcc8cd38d1dfe857ed9a8255467510ffc222e005aabdeee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/version_util.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.error` used but never assigned in __init__: Method `log_level_test` of class `Log` reads `self.error`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120373, "scanner": "repobility-ast-engine", "fingerprint": "35cac28f8641b9b80c1b477c5d73c7c759d7841ed8536efedee45fbab0b292f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35cac28f8641b9b80c1b477c5d73c7c759d7841ed8536efedee45fbab0b292f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/log.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.warn` used but never assigned in __init__: Method `log_level_test` of class `Log` reads `self.warn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120372, "scanner": "repobility-ast-engine", "fingerprint": "cd7f9fc1dfcdf2aaa164ac19cbff5a61daebb9886f63eb41436638387d1e8c92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd7f9fc1dfcdf2aaa164ac19cbff5a61daebb9886f63eb41436638387d1e8c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/log.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.info` used but never assigned in __init__: Method `log_level_test` of class `Log` reads `self.info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120371, "scanner": "repobility-ast-engine", "fingerprint": "fe6973dcb56f41f1aba41849032b21778ba0350fa183da623b74312c218caf70", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe6973dcb56f41f1aba41849032b21778ba0350fa183da623b74312c218caf70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/log.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.debug` used but never assigned in __init__: Method `log_level_test` of class `Log` reads `self.debug`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120370, "scanner": "repobility-ast-engine", "fingerprint": "c1c12615be07b59e31bf3afd6c116df7d746da62f82442944f6174590a087e85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1c12615be07b59e31bf3afd6c116df7d746da62f82442944f6174590a087e85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/log.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_milestone_release` used but never assigned in __init__: Method `get_url` of class `Pom` reads `self.is_milestone_release`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120369, "scanner": "repobility-ast-engine", "fingerprint": "b5d8c39cb2249128e5def99e38db3ab421ec0d8c3bb7b17ad76a7e16755ccfeb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5d8c39cb2249128e5def99e38db3ab421ec0d8c3bb7b17ad76a7e16755ccfeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/pom.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_url` used but never assigned in __init__: Method `to_url` of class `Pom` reads `self.get_url`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120368, "scanner": "repobility-ast-engine", "fingerprint": "89a92843567a6ba714b0a0cf6a7e84ae7754d69852ebd73d6679c2fd03d58475", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89a92843567a6ba714b0a0cf6a7e84ae7754d69852ebd73d6679c2fd03d58475"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/spring/scripts/pom.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_stable_missing_not_added` of class `TestUpdateRevapiSkip` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120367, "scanner": "repobility-ast-engine", "fingerprint": "4d11da036290c29688b19f5508120cfa442e913cc0b3eed311e767069c9363a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d11da036290c29688b19f5508120cfa442e913cc0b3eed311e767069c9363a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertNotIn` used but never assigned in __init__: Method `test_stable_missing_not_added` of class `TestUpdateRevapiSkip` reads `self.assertNotIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120366, "scanner": "repobility-ast-engine", "fingerprint": "bb2ef6f261531b3971f6bf5c3ec325ae50a664dc87be79e7a656e949d280c4c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb2ef6f261531b3971f6bf5c3ec325ae50a664dc87be79e7a656e949d280c4c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_stable_missing_not_added` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120365, "scanner": "repobility-ast-engine", "fingerprint": "11653ffb320a2f6500800db6d70caaad4eb700d204ccd3c6704669a1d42b38cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11653ffb320a2f6500800db6d70caaad4eb700d204ccd3c6704669a1d42b38cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_stable_already_false_no_change` of class `TestUpdateRevapiSkip` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120364, "scanner": "repobility-ast-engine", "fingerprint": "872adf853772454e6cf6808c69abbf4a835c035bb29d37c28df8413b3f311ae0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|872adf853772454e6cf6808c69abbf4a835c035bb29d37c28df8413b3f311ae0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_stable_already_false_no_change` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120363, "scanner": "repobility-ast-engine", "fingerprint": "68a5a98eb60c136bfe8457207e179a8d08fad8404fe2b7373f946c068b905cd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68a5a98eb60c136bfe8457207e179a8d08fad8404fe2b7373f946c068b905cd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertNotIn` used but never assigned in __init__: Method `test_stable_true_flipped_to_false` of class `TestUpdateRevapiSkip` reads `self.assertNotIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120362, "scanner": "repobility-ast-engine", "fingerprint": "0c23435a66810c140b2d6b0a49462d8cd2d0ffc13927ed200e3894841dae57b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c23435a66810c140b2d6b0a49462d8cd2d0ffc13927ed200e3894841dae57b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_stable_true_flipped_to_false` of class `TestUpdateRevapiSkip` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120361, "scanner": "repobility-ast-engine", "fingerprint": "68e660c79cd3e2c625f046d483a5b7d16abea7b05ff31eaa1bdc903b2adeeb17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68e660c79cd3e2c625f046d483a5b7d16abea7b05ff31eaa1bdc903b2adeeb17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_stable_true_flipped_to_false` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120360, "scanner": "repobility-ast-engine", "fingerprint": "8146968bc98eddae81022b3e14b738f7c845d0c876efb34571b96db5ecb402f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8146968bc98eddae81022b3e14b738f7c845d0c876efb34571b96db5ecb402f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_beta_missing_added_true` of class `TestUpdateRevapiSkip` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120359, "scanner": "repobility-ast-engine", "fingerprint": "e1e2199cdc043448dbec7aba57746fce5175ee884e43e394ee693519ae63918c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1e2199cdc043448dbec7aba57746fce5175ee884e43e394ee693519ae63918c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_beta_missing_added_true` of class `TestUpdateRevapiSkip` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120358, "scanner": "repobility-ast-engine", "fingerprint": "86490d6b3d2ded1e76e5b1f5879ce6759e1cee596d1061884e6df13ff6622aca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86490d6b3d2ded1e76e5b1f5879ce6759e1cee596d1061884e6df13ff6622aca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_beta_missing_added_true` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120357, "scanner": "repobility-ast-engine", "fingerprint": "077acd1b8004adc4836f747d166471e19d7e2923327355eae4dd8beafb7e0256", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|077acd1b8004adc4836f747d166471e19d7e2923327355eae4dd8beafb7e0256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertNotIn` used but never assigned in __init__: Method `test_beta_false_flipped_to_true` of class `TestUpdateRevapiSkip` reads `self.assertNotIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120356, "scanner": "repobility-ast-engine", "fingerprint": "74177d9e32b9bfd19c8e82815fa6d2d96ec7671acdaa6ca528eaf8839b06a454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74177d9e32b9bfd19c8e82815fa6d2d96ec7671acdaa6ca528eaf8839b06a454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_beta_false_flipped_to_true` of class `TestUpdateRevapiSkip` reads `self.assertIn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120355, "scanner": "repobility-ast-engine", "fingerprint": "0fbd7cb1a61a1d98fc68c9c4b117e077687e143e146f91320116de148c093cc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fbd7cb1a61a1d98fc68c9c4b117e077687e143e146f91320116de148c093cc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_beta_false_flipped_to_true` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120354, "scanner": "repobility-ast-engine", "fingerprint": "b081b2ae822262785f74a348aecf3e33aba082bfe00091de96c066414320b7a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b081b2ae822262785f74a348aecf3e33aba082bfe00091de96c066414320b7a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_beta_already_true_no_change` of class `TestUpdateRevapiSkip` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120353, "scanner": "repobility-ast-engine", "fingerprint": "bbd36830e047f918960583456acbe06792e5b3fc3be32f44cfafd27082bf4aed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bbd36830e047f918960583456acbe06792e5b3fc3be32f44cfafd27082bf4aed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._write_and_update` used but never assigned in __init__: Method `test_beta_already_true_no_change` of class `TestUpdateRevapiSkip` reads `self._write_and_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120352, "scanner": "repobility-ast-engine", "fingerprint": "00494f00c2372da03511bb52300145b0a44317df0b2bb01fdfeb255702f02042", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00494f00c2372da03511bb52300145b0a44317df0b2bb01fdfeb255702f02042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/test_generate.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.value` used but never assigned in __init__: Method `__str__` of class `BuildType` reads `self.value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120349, "scanner": "repobility-ast-engine", "fingerprint": "b870bcb1c51532842076407f6f236b7e34479c64df6b5ce7b63b053b184738be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b870bcb1c51532842076407f6f236b7e34479c64df6b5ce7b63b053b184738be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/versioning/utils.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.value` used but never assigned in __init__: Method `__str__` of class `UpdateType` reads `self.value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 120348, "scanner": "repobility-ast-engine", "fingerprint": "429317d7350229d8200b31d048299d5ade0a2b00c68fbb05f755ae370cd44121", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|429317d7350229d8200b31d048299d5ade0a2b00c68fbb05f755ae370cd44121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/versioning/utils.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 120336, "scanner": "repobility-docker", "fingerprint": "3a5bf109e3f5da957d5c8209fe92e292480cd7aa6ac64a402043b458fd53c264", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8083:8083", "target": "8083", "host_ip": "", "published": "8083"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "connect", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|3a5bf109e3f5da957d5c8209fe92e292480cd7aa6ac64a402043b458fd53c264"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 120332, "scanner": "repobility-docker", "fingerprint": "eadff1243d69d9ba4506f11608494d5bc554d48ed4ac1cac441da31add2fa506", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9000:8000", "target": "8000", "host_ip": "", "published": "9000"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "kafka-topics-ui", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|eadff1243d69d9ba4506f11608494d5bc554d48ed4ac1cac441da31add2fa506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 120329, "scanner": "repobility-docker", "fingerprint": "c4a1c8ea167ca23b792daaed3c13aced6615e4574f77ea829ffa23c58669b992", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "8082:8082", "target": "8082", "host_ip": "", "published": "8082"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "rest-proxy", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|c4a1c8ea167ca23b792daaed3c13aced6615e4574f77ea829ffa23c58669b992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 120321, "scanner": "repobility-docker", "fingerprint": "d85eb6cd8261094857535db0de070453f524670013e926d64aac70d09083c9d4", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "2181:2181", "target": "2181", "host_ip": "", "published": "2181"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "zookeeper", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|d85eb6cd8261094857535db0de070453f524670013e926d64aac70d09083c9d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/cosmos/azure-cosmos-kafka-connect/src/docker/docker-compose.yml"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR015", "level": "error", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 120303, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": true, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": "sdk/storage/azure-storage-internal-avro/src/test/resources/query_large.avro", "size_mb": 15.6}, {"path": "sdk/formrecognizer/azure-ai-formrecognizer/src/test/resources/sample_files/Test/businessCard.png", "size_mb": 4.3}, {"path": "sdk/formrecognizer/azure-ai-formrecognizer/src/test/resources/sample_files/Test/contoso-receipt.png", "size_mb": 1.2}, {"path": "sdk/formrecognizer/azure-ai-formrecognizer/src/test/resources/sample_files/Test/ErrorImage.tiff", "size_mb": 1.1}, {"path": "sdk/formrecognizer/azure-ai-formrecognizer/src/test/resources/sample_files/Test/w2-multiple.png", "size_mb": 0.9}], "included_files": 50000, "context_size_mb": 362.8, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120262, "scanner": "repobility-threat-engine", "fingerprint": "c771bcb96e92ae463a383d98779c7a9a936947e98484e7f8148c91287ed269ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "conversationService.delete(conversationId);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c771bcb96e92ae463a383d98779c7a9a936947e98484e7f8148c91287ed269ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents/src/samples/java/com/azure/ai/agents/CreateResponseWithConversation.java"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120261, "scanner": "repobility-threat-engine", "fingerprint": "85e7cdcd8f257ac3d9a68bc4490d1e3c2ce95204b84ef6028c4a89b9325a3a80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.delete(resourceGroupName, farmBeatsResourceName, privateEndpointConnectionName, Context", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|85e7cdcd8f257ac3d9a68bc4490d1e3c2ce95204b84ef6028c4a89b9325a3a80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/agrifood/azure-resourcemanager-agrifood/src/main/java/com/azure/resourcemanager/agrifood/implementation/PrivateEndpointConnectionsImpl.java"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120260, "scanner": "repobility-threat-engine", "fingerprint": "d0dd6ef9831c004fbfb355fbfbb67a7180585d8ed1116801f2be081dfadf0129", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "blobClient.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0dd6ef9831c004fbfb355fbfbb67a7180585d8ed1116801f2be081dfadf0129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "samples/azure-samples-graalvm-spring-storageexplorer/src/main/java/com/azure/samples/graalvm/spring/storageexplorer/storage/azure/AzureBlobStorageService.java"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 120258, "scanner": "repobility-threat-engine", "fingerprint": "83400a49e99806159d964d8abce85cf0ea8c74f4b5a6863dc449fd2bcbf05d73", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|83400a49e99806159d964d8abce85cf0ea8c74f4b5a6863dc449fd2bcbf05d73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/scripts/linting_suppression_generator.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 120257, "scanner": "repobility-threat-engine", "fingerprint": "ce9efeba66a67ddeaa15ece1dc523620161107b41b52af35c882a34266bb621f", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "subprocess.run(f'mvn clean verify \"-Dcodesnippet.skip=true\" \"-Dspotless.skip=true\" -DskipTests \"-Dma", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|token|50|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/scripts/linting_suppression_generator.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120252, "scanner": "repobility-threat-engine", "fingerprint": "2bd5ae661779f5a1facaa519c6aee0407400e85eece7183c01e103eca3fc9873", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2bd5ae661779f5a1facaa519c6aee0407400e85eece7183c01e103eca3fc9873"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/ai/azure-ai-agents/src/main/java/com/azure/ai/agents/models/A2APreviewTool.java"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120251, "scanner": "repobility-threat-engine", "fingerprint": "d5e397ef2f9b21b2d0b89bbf39f867b4624596727d81aa57b48355c454d19c50", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d5e397ef2f9b21b2d0b89bbf39f867b4624596727d81aa57b48355c454d19c50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/common/docgeneration/templates/matthews/styles/main.js"}, "region": {"startLine": 141}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120250, "scanner": "repobility-threat-engine", "fingerprint": "d1d7f508d03c13527fa882020411446f83236a88f494ae9ddd37a1a5581484e9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "HttpClient.newHttpClient()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d1d7f508d03c13527fa882020411446f83236a88f494ae9ddd37a1a5581484e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/bomgenerator/src/main/java/com/azure/tools/bomgenerator/Utils.java"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 120240, "scanner": "repobility-threat-engine", "fingerprint": "f432759710886eb0f3317c5472b281cd90206f894e127133ac16b6f0820c8647", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f432759710886eb0f3317c5472b281cd90206f894e127133ac16b6f0820c8647"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/precommit_local_build.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 120239, "scanner": "repobility-threat-engine", "fingerprint": "a0949da57cfd34f60e7ceacaaf03f38cb52e7c6daa7992a5ebfe4c0217e71838", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a0949da57cfd34f60e7ceacaaf03f38cb52e7c6daa7992a5ebfe4c0217e71838"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 120238, "scanner": "repobility-threat-engine", "fingerprint": "ff5b736efbcb3c4b4f83059c2b4b40f5857eb83a966e4a0ae4680211726999e6", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"tag: (package-resources-\\S+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|186|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 120230, "scanner": "repobility-threat-engine", "fingerprint": "69c95760947e75bbc6880ab51028b6e43e9cfaa1808d4fb77d488519823dfc79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69c95760947e75bbc6880ab51028b6e43e9cfaa1808d4fb77d488519823dfc79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/changelog.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 120229, "scanner": "repobility-threat-engine", "fingerprint": "41e5676045c7e0a9cd98a3b9c8dda0050bd2d1e3c0aeaf999820f62d164abf25", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|137|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/automation/sdk_generate.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED102", "level": "error", "message": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "properties": {"repobilityId": 120259, "scanner": "repobility-threat-engine", "fingerprint": "2d8ad1e970f093df2ae63b1f91990987e11ea49a31b9c4e20037bff4316adecf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "shell-injection-format", "owasp": "A03:2021", "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 1, "observations_count": 175, "ai_coder_pattern_id": 11}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d8ad1e970f093df2ae63b1f91990987e11ea49a31b9c4e20037bff4316adecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eng/scripts/linting_suppression_generator.py"}, "region": {"startLine": 50}}}]}]}]}