{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:n"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:namespace/:name."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /:id/enable."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /:id/enable."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/380"}, "properties": {"repository": "kite-org/kite", "repoUrl": "https://github.com/kite-org/kite.git", "branch": "main"}, "results": [{"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12442, "scanner": "repobility-journey-contract", "fingerprint": "13fc292caa016082377d10ff9669f4a464f7571e553cf74a32fcb75a5cd1c96c", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1", "correlation_key": "fp|13fc292caa016082377d10ff9669f4a464f7571e553cf74a32fcb75a5cd1c96c", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/lib/api-client.ts"}, "region": {"startLine": 166}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12441, "scanner": "repobility-journey-contract", "fingerprint": "a771589bd585aba6d00646de16611d36ea0892b105d8d18f958a4e62b8a7200f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/ai/input/continue", "correlation_key": "fp|a771589bd585aba6d00646de16611d36ea0892b105d8d18f958a4e62b8a7200f", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/hooks/use-ai-chat.ts"}, "region": {"startLine": 741}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12440, "scanner": "repobility-journey-contract", "fingerprint": "66f65e3b2e3874fbd63472210fcbd7b2c60108f3755ae0edeb2eea8769ce8725", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/ai/execute/continue", "correlation_key": "fp|66f65e3b2e3874fbd63472210fcbd7b2c60108f3755ae0edeb2eea8769ce8725", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/hooks/use-ai-chat.ts"}, "region": {"startLine": 708}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12439, "scanner": "repobility-journey-contract", "fingerprint": "4461ef96dfd3641755562f2a38508d90aef30234f6c4028b264e83ea8a21676f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/ai/chat", "correlation_key": "fp|4461ef96dfd3641755562f2a38508d90aef30234f6c4028b264e83ea8a21676f", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/hooks/use-ai-chat.ts"}, "region": {"startLine": 464}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12438, "scanner": "repobility-journey-contract", "fingerprint": "46a4914cd664fd47e5f61ff3c56212abce34a067dce98acb9cb63acd3aff1b9f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/users/sidebar_preference", "correlation_key": "fp|46a4914cd664fd47e5f61ff3c56212abce34a067dce98acb9cb63acd3aff1b9f", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/contexts/sidebar-config-context.tsx"}, "region": {"startLine": 121}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12437, "scanner": "repobility-journey-contract", "fingerprint": "95cd9844af9f42071132cc9d3b917de6f3a1dac330f6615a00122e0ddfc6d260", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/namespaces/{param}/services/{param}:{param}/proxy", "correlation_key": "fp|95cd9844af9f42071132cc9d3b917de6f3a1dac330f6615a00122e0ddfc6d260", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/service-overview.tsx"}, "region": {"startLine": 332}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 12436, "scanner": "repobility-journey-contract", "fingerprint": "0480795d1fc2fd45096f2409cdaf46ae0ed3ef118656f2c85d2dd295e27e295f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/namespaces/{param}/pods/{param}:{param}/proxy", "correlation_key": "fp|0480795d1fc2fd45096f2409cdaf46ae0ed3ef118656f2c85d2dd295e27e295f", "backend_endpoint_count": 130}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/pod-overview-sidebar.tsx"}, "region": {"startLine": 243}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:namespace/:name."}, "properties": {"repobilityId": 12435, "scanner": "repobility-access-control", "fingerprint": "58dd5d539f9f8e4935cf00fe46903f7c3300cf64c919c3433a96a69fb3cfd180", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:namespace/:name", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|220|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 220}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /:namespace."}, "properties": {"repobilityId": 12434, "scanner": "repobility-access-control", "fingerprint": "6c21fa02a3eaf356b863e8f0e07eab4270c4e07e3788290ac4c3a488b8268190", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:namespace", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|219|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 219}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /_all/:name."}, "properties": {"repobilityId": 12433, "scanner": "repobility-access-control", "fingerprint": "e37c6069a533388c00b393c1521dfcbbf90b2596abf2009b66d6c7451222e74e", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/_all/:name", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|217|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 217}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /_all/:name."}, "properties": {"repobilityId": 12432, "scanner": "repobility-access-control", "fingerprint": "b56c54252e73ef29fb9e8f58bc45338019d074047ae6b74290cf505a66f99dc8", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/_all/:name", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|216|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 216}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /_all/:name/describe."}, "properties": {"repobilityId": 12431, "scanner": "repobility-access-control", "fingerprint": "33ce6920df123a5c9fde2eb94929995842a0ef7ae7c041654ba7ae7dbf44b2f9", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/_all/:name/describe", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|215|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 215}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /_all/:name."}, "properties": {"repobilityId": 12430, "scanner": "repobility-access-control", "fingerprint": "20360cab6444aabb0ef0965f78c83c8ff22e7a311176852d1d3154e86770f92b", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/_all/:name", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|214|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 214}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /_all."}, "properties": {"repobilityId": 12429, "scanner": "repobility-access-control", "fingerprint": "c03a265b8e57fe8ba84a008e30ae03b57c29859f9b74578add477dcfde81e195", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/_all", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|token|213|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resources/handler.go"}, "region": {"startLine": 213}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /cluster."}, "properties": {"repobilityId": 12428, "scanner": "repobility-access-control", "fingerprint": "80ccea75c60e31776fccce455fc434bf1f18688d558a6393eb68ac8c3c67a1b3", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/cluster", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|pkg/ai/handler.go|335|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/ai/handler.go"}, "region": {"startLine": 335}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /X-Forwarded-Proto."}, "properties": {"repobilityId": 12427, "scanner": "repobility-access-control", "fingerprint": "2640d0bd61ed95049f21cfaab7d7a772bbfb3165df5b8bd120fcdc34421837c9", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/X-Forwarded-Proto", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|pkg/auth/login_handler.go|387|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/auth/login_handler.go"}, "region": {"startLine": 387}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /user."}, "properties": {"repobilityId": 12426, "scanner": "repobility-access-control", "fingerprint": "28b79c92b4ed9b5f3f22b80397d82f24af0cb2fbd66cb70d3d913d6ea67a13ca", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/user", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|53|cwe-285", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /."}, "properties": {"repobilityId": 12425, "scanner": "repobility-access-control", "fingerprint": "8082bc9445e7317e0e005d31079d90a6ab9e8469c7a3e7bc1b71af8e785506f9", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|76|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /."}, "properties": {"repobilityId": 12424, "scanner": "repobility-access-control", "fingerprint": "6a56305a77c5b98e6e3ba51993a4669e5077f4af83102b015e458dfd45a77f40", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|75|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 75}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 12423, "scanner": "repobility-access-control", "fingerprint": "39a8943351fcfbee6e770c2c1c95fd7a75c9bbde961ac6138fca66af60aa4ca7", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|72|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 72}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /:id."}, "properties": {"repobilityId": 12422, "scanner": "repobility-access-control", "fingerprint": "1bb74e69eb5640e1b43eab9ca89fecc47cee0c28acb36dda666685fca624cb5a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|71|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /:id."}, "properties": {"repobilityId": 12421, "scanner": "repobility-access-control", "fingerprint": "bf5a96180bee91019d24434eb439ba6d89c72788041419c1532a8f2c9b60a9ea", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|70|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 70}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /."}, "properties": {"repobilityId": 12420, "scanner": "repobility-access-control", "fingerprint": "5d0ac941fa6a8b1f8dd1bd44724a4e1068e14905101e3e8e42941f1aeb1e7ff3", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|69|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /."}, "properties": {"repobilityId": 12419, "scanner": "repobility-access-control", "fingerprint": "d287b119048ef9afb2bd2bb080f64878bbd170f9c4a0096e08039b75cc2db6c0", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|68|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /audit-logs."}, "properties": {"repobilityId": 12418, "scanner": "repobility-access-control", "fingerprint": "165eba33c6a18621cb35001fa300f7be63214b15fa4688e613f44d5610553858", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/audit-logs", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|65|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /sidebar_preference."}, "properties": {"repobilityId": 12417, "scanner": "repobility-access-control", "fingerprint": "6c5311f898c4c7fefa473939ebd59934cbc9a653657c25c8862539c8750ce1e1", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/sidebar_preference", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|58|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /metrics."}, "properties": {"repobilityId": 12416, "scanner": "repobility-access-control", "fingerprint": "5df7644579889bc88a8ea75e313a1d8822f08b76080abd63d3a0b111fbe1dae8", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/metrics", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|32|cwe-285", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 12405, "scanner": "repobility-access-control", "fingerprint": "c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 130, "correlation_key": "fp|c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "auth_visible_percent": 20.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 12404, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Gin"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 12403, "scanner": "repobility-docker", "fingerprint": "1010d4120276e5ef392c84ee8d2d1df8003fb40a74381c2b3b71e619491b293f", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "gcr.io/distroless/static", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1010d4120276e5ef392c84ee8d2d1df8003fb40a74381c2b3b71e619491b293f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.binary"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 12402, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 12401, "scanner": "repobility-docker", "fingerprint": "c03061af39904b3c929c0b00ffb2ac29786196d640ab5b58508695b284a972c5", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "gcr.io/distroless/static", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c03061af39904b3c929c0b00ffb2ac29786196d640ab5b58508695b284a972c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 12395, "scanner": "repobility-threat-engine", "fingerprint": "11bd5b244bca93675e4f1e3bd96dc2a554124911ce0e556522c9131b1ad3cd30", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|98|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/helm-install-dialog.tsx"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 12394, "scanner": "repobility-threat-engine", "fingerprint": "a85f9db830a40e6ac208c6946caf9f3d9babec5975ef0fd9a030a12b63a67fb5", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|82|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/yaml-editor.tsx"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 12393, "scanner": "repobility-threat-engine", "fingerprint": "3bcc21f06ef71f7458ca9947c4c49e591b64320918724a4dad56b45b2ba554c4", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|324|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/pages/helmrelease-detail.tsx"}, "region": {"startLine": 324}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 12385, "scanner": "repobility-agent-runtime", "fingerprint": "81742c3820bceb9b74930a4e27811aa17e5dbc551c6d4a57e5d409941f5430f7", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|81742c3820bceb9b74930a4e27811aa17e5dbc551c6d4a57e5d409941f5430f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/pages/helmrelease-auto-upgrade-dialog.tsx"}, "region": {"startLine": 47}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12384, "scanner": "repobility-agent-runtime", "fingerprint": "4fd817aa230899156263f598e204b81d34b4b517b4bc765fc2b4587e8492e34b", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|4fd817aa230899156263f598e204b81d34b4b517b4bc765fc2b4587e8492e34b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/ai-chat/ai-chat-state.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c754a349bdbcda3150b5e7cc9464c8871d9e0f614c27267fc72faa00904eca1b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/cronjob-overview.tsx", "duplicate_line": 484, "correlation_key": "fp|c754a349bdbcda3150b5e7cc9464c8871d9e0f614c27267fc72faa00904eca1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/pod-overview-sidebar.tsx"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a28e1e0b713561315f6b08d85585af5279812979b6c289b7bdd13d3aebda20e3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/node-monitoring.tsx", "duplicate_line": 33, "correlation_key": "fp|a28e1e0b713561315f6b08d85585af5279812979b6c289b7bdd13d3aebda20e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/pod-monitoring.tsx"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce8e54e4bb691dceaa97b2cc5ea669c984eba59c696817701cb399083026c5f5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/cronjob-overview.tsx", "duplicate_line": 64, "correlation_key": "fp|ce8e54e4bb691dceaa97b2cc5ea669c984eba59c696817701cb399083026c5f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/job-overview.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0210b533d274c0c93525837b6313e79e835b6621aa888f28eee29111a141b339", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/daemonset-overview.tsx", "duplicate_line": 15, "correlation_key": "fp|0210b533d274c0c93525837b6313e79e835b6621aa888f28eee29111a141b339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/job-overview.tsx"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a376b40f86e427f58438842de3f0b0d87273a42b7fa9df11c3243f80a86e77e7", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/delete-confirmation-dialog.tsx", "duplicate_line": 4, "correlation_key": "fp|a376b40f86e427f58438842de3f0b0d87273a42b7fa9df11c3243f80a86e77e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/helm-install-dialog.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e12abef07119d2e2160d94b21c7e24000bbdacae5f9faee28d910c2dcd4e69f9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/cronjob-overview.tsx", "duplicate_line": 64, "correlation_key": "fp|e12abef07119d2e2160d94b21c7e24000bbdacae5f9faee28d910c2dcd4e69f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/deployment-overview.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18d49618976fe5c38de9f534ae539b8b175b0f0d63b93e0d7180ab96674dfab9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/daemonset-overview.tsx", "duplicate_line": 17, "correlation_key": "fp|18d49618976fe5c38de9f534ae539b8b175b0f0d63b93e0d7180ab96674dfab9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/deployment-overview.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "922efa1205349d7803a9c569a13a951513e53989ddd5d08a7e7ae6ca2df50d30", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/cronjob-overview.tsx", "duplicate_line": 64, "correlation_key": "fp|922efa1205349d7803a9c569a13a951513e53989ddd5d08a7e7ae6ca2df50d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/daemonset-overview.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d5cd4136d8af308751d486cd6ddf22e72723322f12df5bb213dad867ed09b8a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/chart/disk-io-usage-chart.tsx", "duplicate_line": 1, "correlation_key": "fp|9d5cd4136d8af308751d486cd6ddf22e72723322f12df5bb213dad867ed09b8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/chart/network-usage-chart.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d965c5ce5152f3ef69a89c026285f481b6cc263a70e2a596061e03f3d0fb55ef", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ui/src/components/chart/cpu-usage-chart.tsx", "duplicate_line": 41, "correlation_key": "fp|d965c5ce5152f3ef69a89c026285f481b6cc263a70e2a596061e03f3d0fb55ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/chart/memory-usage-chart.tsx"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9514a9b87a7d93d29d12e9a473fce236417d4e01070c47520fa331a6ff71d203", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/handlers/helm_chart_handler.go", "duplicate_line": 491, "correlation_key": "fp|9514a9b87a7d93d29d12e9a473fce236417d4e01070c47520fa331a6ff71d203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/helmutil/source.go"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "793c59ce8d9fcc8064e4413b63f82eff3f40cf029ee2190371026b68016d5202", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/ai/anthropic.go", "duplicate_line": 101, "correlation_key": "fp|793c59ce8d9fcc8064e4413b63f82eff3f40cf029ee2190371026b68016d5202"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/ai/openai.go"}, "region": {"startLine": 101}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12388, "scanner": "repobility-threat-engine", "fingerprint": "bc092c82420c82bcbab8c42bde74d14bd0a917b8ed2f7baf19c7d2438af23e53", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = syaml.Marshal(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bc092c82420c82bcbab8c42bde74d14bd0a917b8ed2f7baf19c7d2438af23e53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/resource_apply_handler.go"}, "region": {"startLine": 136}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12387, "scanner": "repobility-threat-engine", "fingerprint": "e1ec2b4d1eb572b0b0f46124043321d4ae19b63277ac0cea56ac40f03c1f3748", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = conn.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1ec2b4d1eb572b0b0f46124043321d4ae19b63277ac0cea56ac40f03c1f3748"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/kubectl_terminal_handler.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12386, "scanner": "repobility-threat-engine", "fingerprint": "1502488d0fca159c37bb2540d2a9d16f7a3f477d58ad6ae46bf17582773856fb", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = watcher.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1502488d0fca159c37bb2540d2a9d16f7a3f477d58ad6ae46bf17582773856fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/config_watcher.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 12399, "scanner": "repobility-threat-engine", "fingerprint": "d0b2d9a40ba001747c01853ff24b7bb5bfafd196dc922cb675843b70cb8dcf5e", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|pkg/model/oauth.go|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/model/oauth.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12397, "scanner": "repobility-threat-engine", "fingerprint": "27e05f6c56900dfec1957818841972fbb7b1bef053b3d8fd9649318951226216", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('Token refresh failed:', error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|18|console.error token refresh failed: error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/contexts/auth-context.tsx"}, "region": {"startLine": 188}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 12396, "scanner": "repobility-threat-engine", "fingerprint": "be2661587707cce223851f35575b809f74d2cf91013a38d77faf261cb6e5960e", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|be2661587707cce223851f35575b809f74d2cf91013a38d77faf261cb6e5960e"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12392, "scanner": "repobility-threat-engine", "fingerprint": "4c92834f6061fc07fb1b798a14d40da9e382cd436b21615212a633f381a16e9c", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|612|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/ui/sidebar.tsx"}, "region": {"startLine": 612}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12391, "scanner": "repobility-threat-engine", "fingerprint": "7f85d45db3718d63663796370331898573eb787357c98ce814fb509862ecc1c1", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|249|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/resource-table.tsx"}, "region": {"startLine": 249}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12390, "scanner": "repobility-threat-engine", "fingerprint": "c56bba058066efeeae8efde2dcc785d2ed08e6d31a55f23a23178c2981c4dd44", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|ui/src/hooks/use-ai-chat.ts|32|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/hooks/use-ai-chat.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 12389, "scanner": "repobility-threat-engine", "fingerprint": "9040d9cac70c784e21f3424795b6a64becb39e142099331d000004fda57c8126", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9040d9cac70c784e21f3424795b6a64becb39e142099331d000004fda57c8126"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 12446, "scanner": "repobility-journey-contract", "fingerprint": "59ed6d652cc324e039d0ab80298519ea1b18a74668bf420b5fd04ad1629337db", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|ui/src/pages/login.tsx|298|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/pages/login.tsx"}, "region": {"startLine": 298}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 12445, "scanner": "repobility-journey-contract", "fingerprint": "46da9c3b92b2e544b6694281f99a55a867546384779e497b41986b3cc6d45ccf", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|297|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/pages/initialization.tsx"}, "region": {"startLine": 297}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 12444, "scanner": "repobility-journey-contract", "fingerprint": "600eb871218b9d971b78fc9399d38e3c75b0e9eb809e8fc4aaa5233cad1bc116", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|249|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/pages/helm-chart-list-page.tsx"}, "region": {"startLine": 249}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 12443, "scanner": "repobility-journey-contract", "fingerprint": "4c1dd8c5b4d09e07d9a9296d19d73f9537947a4d23d42bf9f19fe60860207e51", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|706|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/src/components/settings/user-management.tsx"}, "region": {"startLine": 706}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /:id/enable."}, "properties": {"repobilityId": 12415, "scanner": "repobility-access-control", "fingerprint": "3d23edf36e9385edc8565f258d15dfeb07e703b9c9d9a85d75125c86219e0b55", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id/enable", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|100|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 100}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 12414, "scanner": "repobility-access-control", "fingerprint": "2c73d15a8827c260fd5401d7db5892b41a0c07386bbaf9cfe5601cd77f7f786b", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|98|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /:id."}, "properties": {"repobilityId": 12413, "scanner": "repobility-access-control", "fingerprint": "5ac4624c54ef7c53eb356ea082829918d3b652f5d26226bdb497d646a5675c55", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|97|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 97}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /:id/assign."}, "properties": {"repobilityId": 12412, "scanner": "repobility-access-control", "fingerprint": "10d3bb098bcd38b835c76dd993c5a52f7faf8d937681312380d57c1dd452817b", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id/assign", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|92|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /:id/assign."}, "properties": {"repobilityId": 12411, "scanner": "repobility-access-control", "fingerprint": "71fc7e07d749fe21276c59c2a5048815467faaedb016fdcc8f27651792d3b43c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id/assign", "method": "POST", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|91|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 91}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 12410, "scanner": "repobility-access-control", "fingerprint": "1e35fdb215288f9362208fe0b774f93ac2afb973953089abcc0170f5f3dc104b", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|90|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 90}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /:id."}, "properties": {"repobilityId": 12409, "scanner": "repobility-access-control", "fingerprint": "e44d2ed06bcbe514d94293edf5912d064d5574796a1a2462157ab109ee17ff80", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|89|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /:id."}, "properties": {"repobilityId": 12408, "scanner": "repobility-access-control", "fingerprint": "6599b9a96d5d33f334512875102c8668cb6ed316c408af4abad89de1be7d7681", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "GET", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|88|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /:id."}, "properties": {"repobilityId": 12407, "scanner": "repobility-access-control", "fingerprint": "f6369ddc898319d06a80fc1e26f0b743d53aa465b8a9c6a1240c0a24d030389a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|83|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 83}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /:id."}, "properties": {"repobilityId": 12406, "scanner": "repobility-access-control", "fingerprint": "e44e2a7b8cb7b5b56dab380815c2bab108695b6289abbfebcd0a84eafc4cfcd6", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/:id", "method": "PUT", "scanner": "repobility-access-control", "framework": "Gin", "correlation_key": "code|auth|routes.go|82|cwe-639", "identity_targets": ["unknown", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routes.go"}, "region": {"startLine": 82}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 12400, "scanner": "repobility-docker", "fingerprint": "fedd27ffab20c86e0d7fe81a3d5b06268cffbada9a2b555406b5db2ed2680a48", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fedd27ffab20c86e0d7fe81a3d5b06268cffbada9a2b555406b5db2ed2680a48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12398, "scanner": "repobility-threat-engine", "fingerprint": "f18f73b7e137186bf9d36bcf5aa279f9c3f9e5f98a46a250e1a602eff6d5beef", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://user:pass@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|30|postgresql://user:pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/handlers/template_handler.go"}, "region": {"startLine": 307}}}]}]}]}