{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.", "shortDescription": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `ghcr.io/mstorsjo/wine` unpinned: `container/services image: ghcr.io/mstors", "shortDescription": {"text": "[MINED126] Workflow container/services image `ghcr.io/mstorsjo/wine` unpinned: `container/services image: ghcr.io/mstorsjo/wine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the sa"}, "fullDescription": {"text": "Replace with `ghcr.io/mstorsjo/wine@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/882"}, "properties": {"repository": "FFmpeg/FFmpeg", "repoUrl": "https://github.com/FFmpeg/FFmpeg", "branch": "master"}, "results": [{"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8cdcd23c9ff2a37b7b3e75b5247103d71f25000df7cb8be0655248cd3d1de3f0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8cdcd23c9ff2a37b7b3e75b5247103d71f25000df7cb8be0655248cd3d1de3f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/sbrdsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a8bbc95d59585d90f516c4aee86544def0d07b9f8e2594c72074eb2ee9ccc8b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1a8bbc95d59585d90f516c4aee86544def0d07b9f8e2594c72074eb2ee9ccc8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mpegaudiodsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "014bc07cf7fa2ba7c9462f4e9c96ba806d3ad21c04ba7801710869f44f82704d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|014bc07cf7fa2ba7c9462f4e9c96ba806d3ad21c04ba7801710869f44f82704d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mpegaudiodec_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7eedfde7b923599a0649fcbc20505d5c5854afab9ea52b803255fe6aa94eb4b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|e7eedfde7b923599a0649fcbc20505d5c5854afab9ea52b803255fe6aa94eb4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mips/mpegaudiodsp_mips_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81196, "scanner": "repobility-ai-code-hygiene", "fingerprint": "137b7193dc5d43e708fb341ec91616d6c6ed88f46e16bcc2937920e89dacfbbd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|137b7193dc5d43e708fb341ec91616d6c6ed88f46e16bcc2937920e89dacfbbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mips/compute_antialias_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81195, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee3487bc441e3fb030bc4af0015328cee370f8e3e8d90e56a9ddbf0b0cf50582", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ee3487bc441e3fb030bc4af0015328cee370f8e3e8d90e56a9ddbf0b0cf50582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/dct32_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81194, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfdacd91cd61d5f5b20cdf9b328500984842362fb507af40a717e9470529ea6d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|cfdacd91cd61d5f5b20cdf9b328500984842362fb507af40a717e9470529ea6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/cbrt_data_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81193, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ce7750d83d5c7a9ba6e4ba033dba1f7de301998b3c1a4ccacdcfecf0da104d2", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5ce7750d83d5c7a9ba6e4ba033dba1f7de301998b3c1a4ccacdcfecf0da104d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/ac3enc_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81192, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8fbcc94fd9fef58bfbdc1d9b9a0a00cf80fae9dc3e9a0430967d995d334d772a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8fbcc94fd9fef58bfbdc1d9b9a0a00cf80fae9dc3e9a0430967d995d334d772a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/ac3dec_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81191, "scanner": "repobility-ai-code-hygiene", "fingerprint": "905025276b884936807b62c4bf03daceddc5c1f55c94445b70aad29fd0a63a91", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|905025276b884936807b62c4bf03daceddc5c1f55c94445b70aad29fd0a63a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacsbr_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81190, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd23f36056cd385f0783e8d88dbcf15d12cf6aefabb2b7f93fdf972ff3459a5f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|fd23f36056cd385f0783e8d88dbcf15d12cf6aefabb2b7f93fdf972ff3459a5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacpsdsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 81189, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e080e26afd83c74ede6bfa2ed75f318cb67c82e00a8f1042472c5cb8cc23f575", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|e080e26afd83c74ede6bfa2ed75f318cb67c82e00a8f1042472c5cb8cc23f575"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacps_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81185, "scanner": "repobility-ai-code-hygiene", "fingerprint": "76932497f9b6fb690efe3bdaa44a58add73d81c87ebc1b745f4575a1b9cc673b", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/aac/aacdec.c", "correlation_key": "fp|76932497f9b6fb690efe3bdaa44a58add73d81c87ebc1b745f4575a1b9cc673b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aac/aacdec_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81184, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39e385d44749e7a81909f058ebb9043d992a98eb2e9504ad846c573fc2e5ffa1", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/sbrdsp.c", "correlation_key": "fp|39e385d44749e7a81909f058ebb9043d992a98eb2e9504ad846c573fc2e5ffa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/sbrdsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81183, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ec84bfb4a1493839d6479980cf43d2838744cde4368ddcdc184fe0cad19f8ba", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/mpegaudiodsp.c", "correlation_key": "fp|7ec84bfb4a1493839d6479980cf43d2838744cde4368ddcdc184fe0cad19f8ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mpegaudiodsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81180, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c870127afe7ee6678023adf2d360cc8503fa89f21f19cc1faa0aa23107bddd2", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/cbrt_data.c", "correlation_key": "fp|0c870127afe7ee6678023adf2d360cc8503fa89f21f19cc1faa0aa23107bddd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/cbrt_data_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81179, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1515178dbc772d91994c8ea4a41a3d411e9f6bf57732dcc0d2ed6b10a33bbf83", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/ac3enc.c", "correlation_key": "fp|1515178dbc772d91994c8ea4a41a3d411e9f6bf57732dcc0d2ed6b10a33bbf83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/ac3enc_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81178, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38d600ba17a6dc1bb8a9e6db02301706017184a9461af71a048c8db9e0ab2dc6", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/ac3dec.c", "correlation_key": "fp|38d600ba17a6dc1bb8a9e6db02301706017184a9461af71a048c8db9e0ab2dc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/ac3dec_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81177, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c833ef2190598ecc098a005bf8f8fdf9ed2fe9cb5e7d656093dc4e9fd42d64e2", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/aacsbr.c", "correlation_key": "fp|c833ef2190598ecc098a005bf8f8fdf9ed2fe9cb5e7d656093dc4e9fd42d64e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacsbr_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 81175, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afb49d5495dbe87e6f96a512f1ae7b8d9239c05f2b37662ecc312a05f6591b10", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "libavcodec/aacps.c", "correlation_key": "fp|afb49d5495dbe87e6f96a512f1ae7b8d9239c05f2b37662ecc312a05f6591b10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacps_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=3, for=1, if=5, nested_bonus=6, ternary=1."}, "properties": {"repobilityId": 81158, "scanner": "repobility-threat-engine", "fingerprint": "35fbd88f1fa2be0ca7f6f38630bdcef8974945881bdff3398985ca7a368d6cc5", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 5, "for": 1, "except": 3, "ternary": 1, "nested_bonus": 6}, "complexity": 16, "correlation_key": "fp|35fbd88f1fa2be0ca7f6f38630bdcef8974945881bdff3398985ca7a368d6cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".forgejo/inject-pr-samples.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81222, "scanner": "repobility-ai-code-hygiene", "fingerprint": "933a2d1798e3b45c0caebaa3de6c7e6fc92e554d88b7f499fc1466a993648633", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/bsf/hevc_mp4toannexb.c", "duplicate_line": 41, "correlation_key": "fp|933a2d1798e3b45c0caebaa3de6c7e6fc92e554d88b7f499fc1466a993648633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/bsf/vvc_mp4toannexb.c"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81221, "scanner": "repobility-ai-code-hygiene", "fingerprint": "773998263f6a289aa7df4049115724cde83f28dd96d6f5422751e2c07db3c4d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/bsf/h264_metadata.c", "duplicate_line": 459, "correlation_key": "fp|773998263f6a289aa7df4049115724cde83f28dd96d6f5422751e2c07db3c4d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/bsf/lcevc_metadata.c"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81220, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3748ce0e105e9b34bb310e0db39598c0c555b00f207c60590e730c16cc1ff10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/bsf/h264_metadata.c", "duplicate_line": 91, "correlation_key": "fp|f3748ce0e105e9b34bb310e0db39598c0c555b00f207c60590e730c16cc1ff10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/bsf/h265_metadata.c"}, "region": {"startLine": 193}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81219, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0588b09eff6737bdd099953523b0efcf948bdec5f14d56cef64e54aa5465b1ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/avs2.c", "duplicate_line": 2, "correlation_key": "fp|0588b09eff6737bdd099953523b0efcf948bdec5f14d56cef64e54aa5465b1ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/avs3.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81218, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3c43b692f8ebdad0ce64118186cc02076f2073570243bfb413f4ddbfba247f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/vp9dsp_init_aarch64.c", "duplicate_line": 1, "correlation_key": "fp|d3c43b692f8ebdad0ce64118186cc02076f2073570243bfb413f4ddbfba247f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/vp9dsp_init_arm.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81217, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09b6ae92891853f6d7974957d96b7fd8a990266822fcaff8a22c3eb88941228f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/vp9dsp_init_16bpp_aarch64_template.c", "duplicate_line": 1, "correlation_key": "fp|09b6ae92891853f6d7974957d96b7fd8a990266822fcaff8a22c3eb88941228f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/vp9dsp_init_16bpp_arm_template.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81216, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24b4fc6f0c3df291d1af87a90309e27483655192d10a7552373067078a61932d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/vp8dsp_init_aarch64.c", "duplicate_line": 1, "correlation_key": "fp|24b4fc6f0c3df291d1af87a90309e27483655192d10a7552373067078a61932d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/vp8dsp_init_neon.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81215, "scanner": "repobility-ai-code-hygiene", "fingerprint": "427a37185b886c567184ecf5f2db29bd378cd5bb015e41c3cd4aae8a4e051b01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/vp8dsp.h", "duplicate_line": 1, "correlation_key": "fp|427a37185b886c567184ecf5f2db29bd378cd5bb015e41c3cd4aae8a4e051b01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/vp8dsp.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81214, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d949538f1cd127062e8b2c18595f78b706ef7984713563c133866d7c9f5b25c4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/vc1dsp_init_aarch64.c", "duplicate_line": 15, "correlation_key": "fp|d949538f1cd127062e8b2c18595f78b706ef7984713563c133866d7c9f5b25c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/vc1dsp_init_neon.c"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81213, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6145e3fbd33c798ea19f6c0f5b27ee1566a0853c1930c5f459b08d1eca5b3260", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/sbrdsp_init_aarch64.c", "duplicate_line": 1, "correlation_key": "fp|6145e3fbd33c798ea19f6c0f5b27ee1566a0853c1930c5f459b08d1eca5b3260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/sbrdsp_init_arm.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81212, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e12b2fd2bf5944a13b86d4e01e1c36c00645c480c7a7aeebb187a843127d9cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/neontest.c", "duplicate_line": 1, "correlation_key": "fp|2e12b2fd2bf5944a13b86d4e01e1c36c00645c480c7a7aeebb187a843127d9cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/neontest.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81211, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9224e29b4e7dca6bab65a80d7d8bc01bd3c4aa2aaa054b18df357e900139cf08", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/idctdsp_init_aarch64.c", "duplicate_line": 9, "correlation_key": "fp|9224e29b4e7dca6bab65a80d7d8bc01bd3c4aa2aaa054b18df357e900139cf08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/idctdsp_init_neon.c"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81210, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb207e37255e33315082a431a342adc4982af659183799ac789b48ace64f23d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/hpeldsp_init_aarch64.c", "duplicate_line": 55, "correlation_key": "fp|cb207e37255e33315082a431a342adc4982af659183799ac789b48ace64f23d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/hpeldsp_init_neon.c"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81209, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97a35dc05d76cf2b41373690e76a547a3c6ab7eb163afff0f52301c53b620965", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/h264qpel_init_aarch64.c", "duplicate_line": 1, "correlation_key": "fp|97a35dc05d76cf2b41373690e76a547a3c6ab7eb163afff0f52301c53b620965"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/h264qpel_init_arm.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81208, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a896162f47ff164634df3c26f0f441e67c7887062c69f1d74b9c8b5606808552", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/h264pred_init.c", "duplicate_line": 1, "correlation_key": "fp|a896162f47ff164634df3c26f0f441e67c7887062c69f1d74b9c8b5606808552"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/h264pred_init_arm.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81207, "scanner": "repobility-ai-code-hygiene", "fingerprint": "035f5ab25ceb099390e8cdaa4f77950d5ad23dfa2b4d116621ee7d9af28e7ac7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/h264dsp_init_aarch64.c", "duplicate_line": 36, "correlation_key": "fp|035f5ab25ceb099390e8cdaa4f77950d5ad23dfa2b4d116621ee7d9af28e7ac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/h264dsp_init_arm.c"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81206, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8b6f0b33645e8212c448d8c31484c2cf20b5fb654c6dacf3cb8d1e4f722076b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aarch64/h264chroma_init_aarch64.c", "duplicate_line": 1, "correlation_key": "fp|b8b6f0b33645e8212c448d8c31484c2cf20b5fb654c6dacf3cb8d1e4f722076b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/arm/h264chroma_init_arm.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81205, "scanner": "repobility-ai-code-hygiene", "fingerprint": "783ad870e49352c5e94f44820a5932b3e66dce1ff492c17f08eb8f33ce232c3b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/amfenc_h264.c", "duplicate_line": 443, "correlation_key": "fp|783ad870e49352c5e94f44820a5932b3e66dce1ff492c17f08eb8f33ce232c3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/amfenc_hevc.c"}, "region": {"startLine": 412}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81204, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8421d145a37f89f5c23f2c3d9f684a4df03f7b7f6da6050c3c9840ab38cc8455", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/amfenc_av1.c", "duplicate_line": 89, "correlation_key": "fp|8421d145a37f89f5c23f2c3d9f684a4df03f7b7f6da6050c3c9840ab38cc8455"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/amfenc_hevc.c"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81203, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a69d83157e58d5343b4a530162c4b7d0480050cf07e9f6122cca8b0781754fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/amfenc_av1.c", "duplicate_line": 89, "correlation_key": "fp|9a69d83157e58d5343b4a530162c4b7d0480050cf07e9f6122cca8b0781754fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/amfenc_h264.c"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c171b209649d17402719289009d8b6f50b9b9dab03a7abbf42a22ce887fc5cec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libavcodec/aacsbr_fixed.c", "duplicate_line": 380, "correlation_key": "fp|c171b209649d17402719289009d8b6f50b9b9dab03a7abbf42a22ce887fc5cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacsbr.c"}, "region": {"startLine": 220}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 81201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8252f8d2cbdda1588e92d721535d7c6674b64e4b9d7d19360d7b252529784a5d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compat/atomics/dummy/stdatomic.h", "duplicate_line": 4, "correlation_key": "fp|8252f8d2cbdda1588e92d721535d7c6674b64e4b9d7d19360d7b252529784a5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compat/atomics/win32/stdatomic.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81188, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dcc2b6e50639f404984244f176139947b51df8c78b52afebf3ab05e8f2e6470f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dcc2b6e50639f404984244f176139947b51df8c78b52afebf3ab05e8f2e6470f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavfilter/vf_copy.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81187, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2131e3ba706abd60fac85adab1fabcbd67bc2bfb257f85e061fb1998f27e6da3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2131e3ba706abd60fac85adab1fabcbd67bc2bfb257f85e061fb1998f27e6da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mips/mpegaudiodsp_mips_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81186, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3538f678bcd2dbef6198399888ae363df55792d644f3a2437c88712e22539e63", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3538f678bcd2dbef6198399888ae363df55792d644f3a2437c88712e22539e63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mips/compute_antialias_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81182, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a459d470e1fe838c69a51bdbe28717ab740c2f7bdddd00da5d31a63870c53d89", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a459d470e1fe838c69a51bdbe28717ab740c2f7bdddd00da5d31a63870c53d89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/mpegaudiodec_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81181, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b1d28718b8521b125a997df54d16d9011e3dac39173f8dc297ee6539a5cf0e6", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2b1d28718b8521b125a997df54d16d9011e3dac39173f8dc297ee6539a5cf0e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/dct32_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81176, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdec0993df33a5a2a2c79df8c53cf3e2a50a1a1fa4d006cd86367a4e84f2eeea", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cdec0993df33a5a2a2c79df8c53cf3e2a50a1a1fa4d006cd86367a4e84f2eeea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/aacpsdsp_fixed.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 81174, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbed7faaa9cd2970ccfcd36ceb924eb706775ce5167339a34fd12b29f746dfbb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cbed7faaa9cd2970ccfcd36ceb924eb706775ce5167339a34fd12b29f746dfbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compat/va_copy.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_fate_samples` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=2, for=1, if=2, nested_bonus=5."}, "properties": {"repobilityId": 81159, "scanner": "repobility-threat-engine", "fingerprint": "121d4b74c2cc87fc8562931ffab0ca868b79bf32a02b3e17c4450e138cc1de2d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_fate_samples", "breakdown": {"if": 2, "for": 1, "elif": 2, "break": 1, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|121d4b74c2cc87fc8562931ffab0ca868b79bf32a02b3e17c4450e138cc1de2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".forgejo/inject-pr-samples.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 81173, "scanner": "repobility-threat-engine", "fingerprint": "05eba201a2753274c4d0847358e526bf2e9f5a077957cc9a109c5b4498360e54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05eba201a2753274c4d0847358e526bf2e9f5a077957cc9a109c5b4498360e54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavfilter/vf_bwdif_cuda.cu"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 81172, "scanner": "repobility-threat-engine", "fingerprint": "7896859457d976c10abdbe6e5347202fa7edc4ba356dd42ab824377302899e55", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7896859457d976c10abdbe6e5347202fa7edc4ba356dd42ab824377302899e55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavfilter/ocio_wrapper.cpp"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 81171, "scanner": "repobility-threat-engine", "fingerprint": "2d5e0278bc22ddfac0f97b26698d2a93ca41ba04d16ba125961f0a27e1af96b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d5e0278bc22ddfac0f97b26698d2a93ca41ba04d16ba125961f0a27e1af96b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavfilter/metal/utils.m"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 81170, "scanner": "repobility-threat-engine", "fingerprint": "06f461c8cbe6f4ca5f59164783f1184ca15ea71a6588bd42fb8f6b20488a187d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06f461c8cbe6f4ca5f59164783f1184ca15ea71a6588bd42fb8f6b20488a187d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/vaapi_encode_vp9.c"}, "region": {"startLine": 321}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 81169, "scanner": "repobility-threat-engine", "fingerprint": "97144c75452a51b3921c2c733b940790d3a894b5d478b79288c1f12089bd389b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97144c75452a51b3921c2c733b940790d3a894b5d478b79288c1f12089bd389b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/vaapi_encode_vp8.c"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 81168, "scanner": "repobility-threat-engine", "fingerprint": "81445654835eedd7f62bf7861de8379bc2c6731590bc5959a864aaadb296dd54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81445654835eedd7f62bf7861de8379bc2c6731590bc5959a864aaadb296dd54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/rv20enc.c"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 81167, "scanner": "repobility-threat-engine", "fingerprint": "3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 81163, "scanner": "repobility-threat-engine", "fingerprint": "4d1d52de6ce7421d236fdf2ec6ea9cf490d33353483086fc6a538cc2bede6c81", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d1d52de6ce7421d236fdf2ec6ea9cf490d33353483086fc6a538cc2bede6c81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/ttmlenc.h"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 81162, "scanner": "repobility-threat-engine", "fingerprint": "636d99e4786ad2d7ec0726c5e6ddea9ea0eea505d276704a2b10c9629d1e492f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|636d99e4786ad2d7ec0726c5e6ddea9ea0eea505d276704a2b10c9629d1e492f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fftools/textformat/tf_xml.c"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 81161, "scanner": "repobility-threat-engine", "fingerprint": "cb2d8b9e2d31643975546d1e8906613367e117604a303c17cfb021d985d62781", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb2d8b9e2d31643975546d1e8906613367e117604a303c17cfb021d985d62781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/avio_http_serve_files.c"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 81160, "scanner": "repobility-threat-engine", "fingerprint": "1558a84f95c228e2e68f23717ddb2991dae496c22504617efa7d9e10a0ce49f9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1558a84f95c228e2e68f23717ddb2991dae496c22504617efa7d9e10a0ce49f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".forgejo/labeler/labeler.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `ghcr.io/mstorsjo/wine` unpinned: `container/services image: ghcr.io/mstorsjo/wine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 81237, "scanner": "repobility-supply-chain", "fingerprint": "45d9951be31c6887ff22df1547ce97fc01d553b76f0edb6d81c04ff7052e1da7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45d9951be31c6887ff22df1547ce97fc01d553b76f0edb6d81c04ff7052e1da7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81236, "scanner": "repobility-supply-chain", "fingerprint": "d1dfcea71cd6f455ff04338752fcee0b16a0f96a8f877556de3eb302e0ee952d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1dfcea71cd6f455ff04338752fcee0b16a0f96a8f877556de3eb302e0ee952d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81235, "scanner": "repobility-supply-chain", "fingerprint": "11dd3b72b7f1f0855f9da3a5b12b731c1a48e2da29b905ed5adea5b08380c5a6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11dd3b72b7f1f0855f9da3a5b12b731c1a48e2da29b905ed5adea5b08380c5a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81234, "scanner": "repobility-supply-chain", "fingerprint": "edaff8524e2472e4f335f2a70d8da7b501b44cc7f375b6a2cf58a23ba537285e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edaff8524e2472e4f335f2a70d8da7b501b44cc7f375b6a2cf58a23ba537285e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81233, "scanner": "repobility-supply-chain", "fingerprint": "c3e889ff0495e047974cc24622c69afcbcbd39db428fbe08261b2957ecce6cca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c3e889ff0495e047974cc24622c69afcbcbd39db428fbe08261b2957ecce6cca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81232, "scanner": "repobility-supply-chain", "fingerprint": "1ada6702ce4a683d7b8ab3048f6813df5f8aa59188e7586166d6ce5bd21f95d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1ada6702ce4a683d7b8ab3048f6813df5f8aa59188e7586166d6ce5bd21f95d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`: `uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81231, "scanner": "repobility-supply-chain", "fingerprint": "a7fe4f167a4faac3f3603e458de6ce7ae5aec8270320f09fb23072a90d53187a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a7fe4f167a4faac3f3603e458de6ce7ae5aec8270320f09fb23072a90d53187a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81230, "scanner": "repobility-supply-chain", "fingerprint": "36bddf8a4eee3572332fbae34508be9f07af2f5d72b89d99ba5877c8546eb203", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36bddf8a4eee3572332fbae34508be9f07af2f5d72b89d99ba5877c8546eb203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81229, "scanner": "repobility-supply-chain", "fingerprint": "b87f1648bda346a2e70fa10f3e8f5b020c4d3b4cbe41507d9c76caa295ad4e6c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b87f1648bda346a2e70fa10f3e8f5b020c4d3b4cbe41507d9c76caa295ad4e6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`: `uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81228, "scanner": "repobility-supply-chain", "fingerprint": "ec7bb5ba422a64289f764836bb4211326d9f6c8150286eada9bf7192af70a9d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec7bb5ba422a64289f764836bb4211326d9f6c8150286eada9bf7192af70a9d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81227, "scanner": "repobility-supply-chain", "fingerprint": "1bdb7cab0c3a19436d815dd2a553c079e1ddf51b0b36c14f6f61c500faa298ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1bdb7cab0c3a19436d815dd2a553c079e1ddf51b0b36c14f6f61c500faa298ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81226, "scanner": "repobility-supply-chain", "fingerprint": "e885b6b0c61e533eaa49044b73078e4450c911a6f087ddd48f379c78bee61efb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e885b6b0c61e533eaa49044b73078e4450c911a6f087ddd48f379c78bee61efb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`: `uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81225, "scanner": "repobility-supply-chain", "fingerprint": "b79b747b8ae45dfaea140a866db5735304e57da9cf0ca65fe126b7f9577414d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b79b747b8ae45dfaea140a866db5735304e57da9cf0ca65fe126b7f9577414d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81224, "scanner": "repobility-supply-chain", "fingerprint": "3a2617821e19d329b1ae05a6f12f73b11909bafb844b9938e046ee7049b40487", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a2617821e19d329b1ae05a6f12f73b11909bafb844b9938e046ee7049b40487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`: `uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 81223, "scanner": "repobility-supply-chain", "fingerprint": "37f6081772dcabcaa99f06c890b0817ec401bf3a5f290114a30939636ef7ca96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37f6081772dcabcaa99f06c890b0817ec401bf3a5f290114a30939636ef7ca96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/checkasm/ext/.github/workflows/build.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 81166, "scanner": "repobility-threat-engine", "fingerprint": "ee17d95e0276dec6c38cd8768de771b17493c92d446f9d225efef1874142995e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee17d95e0276dec6c38cd8768de771b17493c92d446f9d225efef1874142995e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/h274.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 81165, "scanner": "repobility-threat-engine", "fingerprint": "9a1348a3aa1090afa82669a8e6e42d301b87cb3d31e5883f8412216bc0e120cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9a1348a3aa1090afa82669a8e6e42d301b87cb3d31e5883f8412216bc0e120cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libavcodec/flac.c"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 81164, "scanner": "repobility-threat-engine", "fingerprint": "50698e97e5529af4aa1c97c5f13d5d0293ebe70a1ac365277312ebd1eba3a9e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50698e97e5529af4aa1c97c5f13d5d0293ebe70a1ac365277312ebd1eba3a9e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "doc/examples/filter_audio.c"}, "region": {"startLine": 212}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 81157, "scanner": "repobility-threat-engine", "fingerprint": "f5cf1b23d537cc8851c0856244b53f5ac39f60b6d22c60625af569927b530b73", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "h.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5cf1b23d537cc8851c0856244b53f5ac39f60b6d22c60625af569927b530b73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".forgejo/inject-pr-samples.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 81156, "scanner": "repobility-threat-engine", "fingerprint": "6ec9ee9483752d97f6745be297bfb88d17a76dce5b683da979f1344ea8777de1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6ec9ee9483752d97f6745be297bfb88d17a76dce5b683da979f1344ea8777de1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".forgejo/inject-pr-samples.py"}, "region": {"startLine": 57}}}]}]}]}