{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `parse_wheel_filename` has cognitive complexity 15 (SonarSource scale). Co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `parse_wheel_filename` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and re"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage runs as root", "shortDescription": {"text": "Docker final stage runs as root"}, "fullDescription": {"text": "The final runtime stage explicitly uses root. A compromised app process would have root inside the container."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/configure-pages` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/configure-pages` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/configure-pages@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.compiler` used but never assigned in __init__", "shortDescription": {"text": "`self.compiler` used but never assigned in __init__"}, "fullDescription": {"text": "Method `build_extensions` of class `BuildExtension` reads `self.compiler`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKC001", "name": "Compose service runs privileged", "shortDescription": {"text": "Compose service runs privileged"}, "fullDescription": {"text": "Privileged containers receive broad host kernel capabilities and can bypass container isolation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1357"}, "properties": {"repository": "mjun0812/flash-attention-prebuild-wheels", "repoUrl": "https://github.com/mjun0812/flash-attention-prebuild-wheels", "branch": "main"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 138183, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_wheel_filename` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, if=6, nested_bonus=5, or=1."}, "properties": {"repobilityId": 138168, "scanner": "repobility-threat-engine", "fingerprint": "dae11462d6d17367ad8cc05f396d1cf5eeb51a92159ca86858249e7d4152b149", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_wheel_filename", "breakdown": {"if": 6, "or": 1, "elif": 1, "else": 2, "nested_bonus": 5}, "complexity": 15, "correlation_key": "fp|dae11462d6d17367ad8cc05f396d1cf5eeb51a92159ca86858249e7d4152b149"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 138119, "scanner": "repobility-ast-engine", "fingerprint": "824652bcbb0eaf44a1c6bbfe74f10d63751f3e218744a4962cf540b28009f23a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|824652bcbb0eaf44a1c6bbfe74f10d63751f3e218744a4962cf540b28009f23a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release/create_release_note.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 138189, "scanner": "repobility-docker", "fingerprint": "2dcc701dd42ec530f33cd0e464389780d5230bfae9066fe73d05c2896a001061", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "runner-arm", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2dcc701dd42ec530f33cd0e464389780d5230bfae9066fe73d05c2896a001061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 138188, "scanner": "repobility-docker", "fingerprint": "ec1d6242d50fb1ec2ff5f077cdea93790ac690465d61091638a05f445c9becbb", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "runner-arm", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ec1d6242d50fb1ec2ff5f077cdea93790ac690465d61091638a05f445c9becbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 138186, "scanner": "repobility-docker", "fingerprint": "4631cd1bff8cfd5298ff7dc97edebff2f39a4b3b510cd9b291e8e734df4a2f1f", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "runner", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4631cd1bff8cfd5298ff7dc97edebff2f39a4b3b510cd9b291e8e734df4a2f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 138185, "scanner": "repobility-docker", "fingerprint": "077ef270608feca6180dd27c49292dbff89ebd45686beb6e3a5b99cc96bbc56a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "runner", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|077ef270608feca6180dd27c49292dbff89ebd45686beb6e3a5b99cc96bbc56a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 138181, "scanner": "repobility-docker", "fingerprint": "91b0aa32bfa73c31a65421cdba9299240294d3d2e8d1d561680b2b0a1595f58b", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|91b0aa32bfa73c31a65421cdba9299240294d3d2e8d1d561680b2b0a1595f58b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/Dockerfile"}, "region": {"startLine": 53}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 138180, "scanner": "repobility-docker", "fingerprint": "51b2c58ed0384f167717386733c604bfc1a9fb645d92fcf446031df628848e15", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|51b2c58ed0384f167717386733c604bfc1a9fb645d92fcf446031df628848e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/Dockerfile"}, "region": {"startLine": 53}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `is_excluded_combination` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=5, nested_bonus=5."}, "properties": {"repobilityId": 138170, "scanner": "repobility-threat-engine", "fingerprint": "f41281dbfdda40c0ad3a9a4499cada1c10aa85318cece2cfe8664d35f089a66b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "is_excluded_combination", "breakdown": {"if": 5, "for": 1, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|f41281dbfdda40c0ad3a9a4499cada1c10aa85318cece2cfe8664d35f089a66b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/coverage_matrix.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `normalize_platform_name` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=7, nested_bonus=3."}, "properties": {"repobilityId": 138169, "scanner": "repobility-threat-engine", "fingerprint": "d5dd977679b53ee0e17a83766f5b93ff362ae73cd4efc5a63230a788eb8a8d0e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "normalize_platform_name", "breakdown": {"if": 7, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|d5dd977679b53ee0e17a83766f5b93ff362ae73cd4efc5a63230a788eb8a8d0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138118, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c0c3e3cdf5fd6b0276a1467869603b208a5986b3811cfaf656cb559d851740e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/tools/check_missing_packages.py", "duplicate_line": 41, "correlation_key": "fp|4c0c3e3cdf5fd6b0276a1467869603b208a5986b3811cfaf656cb559d851740e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tools/fetch_all_assets.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 138179, "scanner": "repobility-threat-engine", "fingerprint": "c33304f84b88a20b21dd2bf1958c1c6b85e9397d7d7d12736b8906d9e661dcd9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c33304f84b88a20b21dd2bf1958c1c6b85e9397d7d7d12736b8906d9e661dcd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tools/fetch_all_assets.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 138178, "scanner": "repobility-threat-engine", "fingerprint": "6ceb6b8a72b20edc1b827dc6aa6569f0986b7dddfbb21375717ec73f07455b75", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ceb6b8a72b20edc1b827dc6aa6569f0986b7dddfbb21375717ec73f07455b75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_download_stats.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 138177, "scanner": "repobility-threat-engine", "fingerprint": "56317eca16bbbce64cd3e326ca5dd37b93bf2cb6ecab97019583015ea20233e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56317eca16bbbce64cd3e326ca5dd37b93bf2cb6ecab97019583015ea20233e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_docs_releases_json.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 138176, "scanner": "repobility-threat-engine", "fingerprint": "dcfe775fc2355eb1868b2a786db9dd71b6ebe13ee1cfe04f36048b486f74754d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dcfe775fc2355eb1868b2a786db9dd71b6ebe13ee1cfe04f36048b486f74754d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tools/fetch_all_assets.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 138175, "scanner": "repobility-threat-engine", "fingerprint": "04dcf0da02e2febf414382d981fa2f4ae972f77540861c8c0b89508e4cda10c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04dcf0da02e2febf414382d981fa2f4ae972f77540861c8c0b89508e4cda10c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_docs_releases_json.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 138174, "scanner": "repobility-threat-engine", "fingerprint": "99008aa6308b467572744906ebe91a1acdd9c666554afacff42d1a34afb92033", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|99008aa6308b467572744906ebe91a1acdd9c666554afacff42d1a34afb92033"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/tools/fetch_all_assets.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 138172, "scanner": "repobility-threat-engine", "fingerprint": "6e85fa02ca64715d290f7549e48405402f00b5411263e6dd380437d0cdc1e4a2", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|6e85fa02ca64715d290f7549e48405402f00b5411263e6dd380437d0cdc1e4a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_docs_releases_json.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 138171, "scanner": "repobility-threat-engine", "fingerprint": "ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_wheel_filename", "breakdown": {"if": 6, "or": 1, "elif": 1, "else": 2, "nested_bonus": 5}, "aggregated": true, "complexity": 15, "correlation_key": "fp|ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 138167, "scanner": "repobility-threat-engine", "fingerprint": "391485301d7ace2836275d5ebec40a471b6a316d7e1a1b15bedb2a1af6a7bca6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|391485301d7ace2836275d5ebec40a471b6a316d7e1a1b15bedb2a1af6a7bca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 138163, "scanner": "repobility-threat-engine", "fingerprint": "8f2cb3aba0de3dcadf3020d829d19909fbfaca85c0e78d8a37270bbc615fa8be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f2cb3aba0de3dcadf3020d829d19909fbfaca85c0e78d8a37270bbc615fa8be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build_linux.sh"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 138182, "scanner": "repobility-docker", "fingerprint": "941a1b1519c5091cbd3937e68f280445250755b477e7091a9412d7cbb867cfc6", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|941a1b1519c5091cbd3937e68f280445250755b477e7091a9412d7cbb867cfc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/Dockerfile"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 138173, "scanner": "repobility-threat-engine", "fingerprint": "c26b5d1a6c69288848f903433a915c48a87592500b131f0b2f6df0cd36245430", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c26b5d1a6c69288848f903433a915c48a87592500b131f0b2f6df0cd36245430"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_download_stats.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 138166, "scanner": "repobility-threat-engine", "fingerprint": "291554acc767ef9112e67f9f922049901a4ad205df2044a1742d20869d008493", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"/releases/download/([^/]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|scripts/common.py|79|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 138165, "scanner": "repobility-threat-engine", "fingerprint": "8e82358835e53e8bb2f6223dfdcca2dce3e023d983e6bc187f08674a4a589cd6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(l", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e82358835e53e8bb2f6223dfdcca2dce3e023d983e6bc187f08674a4a589cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/maintenance/update_readme_coverage.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 138164, "scanner": "repobility-threat-engine", "fingerprint": "09fb9236823a0bcf4ec27d2a1568826dbb89ea336fa72d81936e4f9ab393e8ad", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09fb9236823a0bcf4ec27d2a1568826dbb89ea336fa72d81936e4f9ab393e8ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/configure-pages` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 138162, "scanner": "repobility-supply-chain", "fingerprint": "9f37aba0981e65d4ac2e8b5ce6823768597fc6ab46b546fa6506d4af80c1fbf0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f37aba0981e65d4ac2e8b5ce6823768597fc6ab46b546fa6506d4af80c1fbf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138161, "scanner": "repobility-supply-chain", "fingerprint": "fb53be6a5ad2f8de4058c638c47ec6d2bf96a5fa224bcee9e112b71415f665e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb53be6a5ad2f8de4058c638c47ec6d2bf96a5fa224bcee9e112b71415f665e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138160, "scanner": "repobility-supply-chain", "fingerprint": "ab8ff3bd4dcc35df479ee16d69697882946d86449a825266db2cb62bbe00c52d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab8ff3bd4dcc35df479ee16d69697882946d86449a825266db2cb62bbe00c52d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_arm_self_host.yml"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 138159, "scanner": "repobility-supply-chain", "fingerprint": "6b0a1d63a97a4e02f94e81c37ca243226c82e82a181dc77dd6ded0c6bab60c16", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b0a1d63a97a4e02f94e81c37ca243226c82e82a181dc77dd6ded0c6bab60c16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-docs-releases-json.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138158, "scanner": "repobility-supply-chain", "fingerprint": "628ea645b9a5c0d6afa33166d09a5848b6a57980f55a1b29017389623f2d15e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|628ea645b9a5c0d6afa33166d09a5848b6a57980f55a1b29017389623f2d15e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-docs-releases-json.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 138157, "scanner": "repobility-supply-chain", "fingerprint": "c8ada66e24fbfa273b0c1f12810171330f9a5ce0f831400c5171d608194f74e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c8ada66e24fbfa273b0c1f12810171330f9a5ce0f831400c5171d608194f74e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-download-stats.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138156, "scanner": "repobility-supply-chain", "fingerprint": "b44fdd721869a75be74fa7b7868c6f0e9528090100f93c52467e7be950e0b023", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b44fdd721869a75be74fa7b7868c6f0e9528090100f93c52467e7be950e0b023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-download-stats.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138155, "scanner": "repobility-supply-chain", "fingerprint": "fc18945a18120c40be018a03853216e43ddf0dc9b41e0d8598b51ad1aa228a54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fc18945a18120c40be018a03853216e43ddf0dc9b41e0d8598b51ad1aa228a54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `microsoft/setup-msbuild` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 138154, "scanner": "repobility-supply-chain", "fingerprint": "3235b4e06ef55b6427a68291125c605f75fde821005e50c3945e4ce101dad207", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3235b4e06ef55b6427a68291125c605f75fde821005e50c3945e4ce101dad207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `TheMrMilchmann/setup-msvc-dev` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 138153, "scanner": "repobility-supply-chain", "fingerprint": "3ef32353e81b56ba68da73bfe60b1fa95eea9d4a1d35f6422743b9fe0e2eb4f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ef32353e81b56ba68da73bfe60b1fa95eea9d4a1d35f6422743b9fe0e2eb4f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mjun0812/setup-cuda` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 138152, "scanner": "repobility-supply-chain", "fingerprint": "3b31f75b3911c70150bc474739e8ca8406c3e548cae33c09dd5539f55cbf09bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b31f75b3911c70150bc474739e8ca8406c3e548cae33c09dd5539f55cbf09bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 138151, "scanner": "repobility-supply-chain", "fingerprint": "4d185b6638fbdc6f0452fcb4da8ccd6e9f90add56992db3e301ec382261b24b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d185b6638fbdc6f0452fcb4da8ccd6e9f90add56992db3e301ec382261b24b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138150, "scanner": "repobility-supply-chain", "fingerprint": "b3ba539357730a4b7c24937365a2d5767306d79fc634568c28554678b871114c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3ba539357730a4b7c24937365a2d5767306d79fc634568c28554678b871114c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_self_host.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mjun0812/setup-cuda` pinned to mutable ref `@v1.3.0`"}, "properties": {"repobilityId": 138149, "scanner": "repobility-supply-chain", "fingerprint": "4a1100b616fa5ac614b2d85038cf3d1572727b3a01d2e561b644027c992ee18e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a1100b616fa5ac614b2d85038cf3d1572727b3a01d2e561b644027c992ee18e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_no_container.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 138148, "scanner": "repobility-supply-chain", "fingerprint": "f997e402a7eaf194134ef71a5dffc58eeb644158ecbffd6098a9ea796bae756f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f997e402a7eaf194134ef71a5dffc58eeb644158ecbffd6098a9ea796bae756f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_no_container.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138147, "scanner": "repobility-supply-chain", "fingerprint": "0706cab1057706eb7c187996e61cb12eb8aea1abfd121cab1561bcd6c837c2d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0706cab1057706eb7c187996e61cb12eb8aea1abfd121cab1561bcd6c837c2d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_no_container.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138146, "scanner": "repobility-supply-chain", "fingerprint": "c049b3101cf372f2021653af7a9ccf64afdd9d827e52c75cbe9bbf2bd6cbdf5a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c049b3101cf372f2021653af7a9ccf64afdd9d827e52c75cbe9bbf2bd6cbdf5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `microsoft/setup-msbuild` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 138145, "scanner": "repobility-supply-chain", "fingerprint": "622e063eb611e95ad561107ab45de28bf3f690849390973995910c801591cb2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|622e063eb611e95ad561107ab45de28bf3f690849390973995910c801591cb2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `TheMrMilchmann/setup-msvc-dev` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 138144, "scanner": "repobility-supply-chain", "fingerprint": "67740045508cc8c6b27c60d6d961090428fdabbed22f8a1e99950d1dab1fbd63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67740045508cc8c6b27c60d6d961090428fdabbed22f8a1e99950d1dab1fbd63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mjun0812/setup-cuda` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 138143, "scanner": "repobility-supply-chain", "fingerprint": "ae66d2a4ede5b2418d7710664e834d78be306dc6e1550271046d54371ce93a41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae66d2a4ede5b2418d7710664e834d78be306dc6e1550271046d54371ce93a41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 138142, "scanner": "repobility-supply-chain", "fingerprint": "8ed1d58335b65e02ff73bb40044323e011d25a342535c599bc3d3bb02314ff4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ed1d58335b65e02ff73bb40044323e011d25a342535c599bc3d3bb02314ff4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138141, "scanner": "repobility-supply-chain", "fingerprint": "b03a13dfd166cf2eaa92b35f7362d5c57313ff0d5aa25a80818be515e8934343", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b03a13dfd166cf2eaa92b35f7362d5c57313ff0d5aa25a80818be515e8934343"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_windows_code_build.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138140, "scanner": "repobility-supply-chain", "fingerprint": "ad0b7b58c2030fa1ea0f4a44ef49c28e1777589383cdfa63f0769046969a5d46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad0b7b58c2030fa1ea0f4a44ef49c28e1777589383cdfa63f0769046969a5d46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_self_host.yml"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138139, "scanner": "repobility-supply-chain", "fingerprint": "e4016b8a9da255ace48f3a431fa40363652937e3ac48312d001aa73b89070a51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4016b8a9da255ace48f3a431fa40363652937e3ac48312d001aa73b89070a51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux_self_host.yml"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 138138, "scanner": "repobility-supply-chain", "fingerprint": "625a93e4af0c639fcaed496501eb25e5b65b26765a490a147051b63bff62845f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|625a93e4af0c639fcaed496501eb25e5b65b26765a490a147051b63bff62845f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/_build_linux.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138137, "scanner": "repobility-ast-engine", "fingerprint": "e20b7977f544b635ce595752f30b7dbf9271825f6761f5b38bb2baf2926cfd82", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e20b7977f544b635ce595752f30b7dbf9271825f6761f5b38bb2baf2926cfd82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 907}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138136, "scanner": "repobility-ast-engine", "fingerprint": "d48c074d33b1f9de80eef83103b0c245aba7f058b1f1e6339271379f5b284f09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d48c074d33b1f9de80eef83103b0c245aba7f058b1f1e6339271379f5b284f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 898}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_temp` used but never assigned in __init__"}, "properties": {"repobilityId": 138135, "scanner": "repobility-ast-engine", "fingerprint": "4f98cd1d293b3f318c23f132f43d8274199aa47f13769baaa1fcd6c2b98d3a40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f98cd1d293b3f318c23f132f43d8274199aa47f13769baaa1fcd6c2b98d3a40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 898}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_temp` used but never assigned in __init__"}, "properties": {"repobilityId": 138134, "scanner": "repobility-ast-engine", "fingerprint": "00f5d8b6add494a65ee0aa49b426312c213b4b1d1c0b7f8910ffae2d97bfbc6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00f5d8b6add494a65ee0aa49b426312c213b4b1d1c0b7f8910ffae2d97bfbc6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 919}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.build_temp` used but never assigned in __init__"}, "properties": {"repobilityId": 138133, "scanner": "repobility-ast-engine", "fingerprint": "32b69d1bd1ffcdc6a279f55f0727ea2cb2031b92d3f42f58e118b72eee5448c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32b69d1bd1ffcdc6a279f55f0727ea2cb2031b92d3f42f58e118b72eee5448c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 881}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138132, "scanner": "repobility-ast-engine", "fingerprint": "236f25e9b7eb12f5a8393843a472be434551a4ff992089902e4ce94cd04fa05c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|236f25e9b7eb12f5a8393843a472be434551a4ff992089902e4ce94cd04fa05c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 867}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138131, "scanner": "repobility-ast-engine", "fingerprint": "a2b1dc27f7d8f0cb3f5b499429ca877ad81b9aee5a38ad28f9a641d16491005f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2b1dc27f7d8f0cb3f5b499429ca877ad81b9aee5a38ad28f9a641d16491005f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 929}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138130, "scanner": "repobility-ast-engine", "fingerprint": "eade0b88997d85a7172682b735994a6a89a6fc9248f49c28d0c690f144692c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eade0b88997d85a7172682b735994a6a89a6fc9248f49c28d0c690f144692c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 917}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138129, "scanner": "repobility-ast-engine", "fingerprint": "12771ccb4ff7b3150967cb7d4bb60505baf329d88a733fa6c26f352d2750d091", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12771ccb4ff7b3150967cb7d4bb60505baf329d88a733fa6c26f352d2750d091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 886}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138128, "scanner": "repobility-ast-engine", "fingerprint": "36b2a47eec6b4f333990bc44986a747f7d00f4c30028177b584392c483d44961", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36b2a47eec6b4f333990bc44986a747f7d00f4c30028177b584392c483d44961"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 877}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138127, "scanner": "repobility-ast-engine", "fingerprint": "e564520a9c4cbe29404a61d2686e382e0a647c31b2622cd654b162178cd98bba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e564520a9c4cbe29404a61d2686e382e0a647c31b2622cd654b162178cd98bba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 866}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138126, "scanner": "repobility-ast-engine", "fingerprint": "430f158fb82fee0d1b45b79fe9be453867113daea881c764e73c9edd4cf854c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|430f158fb82fee0d1b45b79fe9be453867113daea881c764e73c9edd4cf854c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 923}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.compiler` used but never assigned in __init__"}, "properties": {"repobilityId": 138125, "scanner": "repobility-ast-engine", "fingerprint": "656d6a8a08c1badf91905dd2ba45d7a33e94c3f8e1decb27b517ce5d97b7c527", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|656d6a8a08c1badf91905dd2ba45d7a33e94c3f8e1decb27b517ce5d97b7c527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 830}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wheel_dist_name` used but never assigned in __init__"}, "properties": {"repobilityId": 138124, "scanner": "repobility-ast-engine", "fingerprint": "4a26dd1d6e3e505a71545369f7d4a662d9cfe0de8dd996603af5f1bbb146d2d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a26dd1d6e3e505a71545369f7d4a662d9cfe0de8dd996603af5f1bbb146d2d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 817}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.dist_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 138123, "scanner": "repobility-ast-engine", "fingerprint": "ff48995c271ce2b630e402e492db4b911ba22ba43a2e41f1138686fbdc0d8b4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff48995c271ce2b630e402e492db4b911ba22ba43a2e41f1138686fbdc0d8b4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 814}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.dist_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 138122, "scanner": "repobility-ast-engine", "fingerprint": "0e80fe2f18d33d752657d6a49238b56e13bb703f9ba0d80332eb7fa143592348", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e80fe2f18d33d752657d6a49238b56e13bb703f9ba0d80332eb7fa143592348"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 813}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.dist_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 138121, "scanner": "repobility-ast-engine", "fingerprint": "2929b5db478b457692727ecb950d37dae031d1dc7ef14258b543ac3148c1fee1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2929b5db478b457692727ecb950d37dae031d1dc7ef14258b543ac3148c1fee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 819}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_tag` used but never assigned in __init__"}, "properties": {"repobilityId": 138120, "scanner": "repobility-ast-engine", "fingerprint": "2ea94f526e90f4d1d8e3b105e90102c36ba87e19d148e2c561ec2edc62f60b84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ea94f526e90f4d1d8e3b105e90102c36ba87e19d148e2c561ec2edc62f60b84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "patches/fa3/setup.py"}, "region": {"startLine": 816}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 138117, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 138187, "scanner": "repobility-docker", "fingerprint": "6d7b1ce22fb5b3be2d62b134711133fc94895af2451b8051b3f77876a72a6b86", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "runner-arm", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6d7b1ce22fb5b3be2d62b134711133fc94895af2451b8051b3f77876a72a6b86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKC001", "level": "error", "message": {"text": "Compose service runs privileged"}, "properties": {"repobilityId": 138184, "scanner": "repobility-docker", "fingerprint": "f347f8ebdfe3acf8a1074c3eb6d924520d1f224dba43bc39960aee124c99013c", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "privileged: true was set on the service.", "evidence": {"rule_id": "DKC001", "scanner": "repobility-docker", "service": "runner", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f347f8ebdfe3acf8a1074c3eb6d924520d1f224dba43bc39960aee124c99013c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "self-hosted-runner/compose.yml"}, "region": {"startLine": 1}}}]}]}]}