{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-69w3-r845-3855", "name": "transformers: GHSA-69w3-r845-3855", "shortDescription": {"text": "transformers: GHSA-69w3-r845-3855"}, "fullDescription": {"text": "HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jg22-mg44-37j8", "name": "aiohttp: GHSA-jg22-mg44-37j8", "shortDescription": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "fullDescription": {"text": "AIOHTTP is Vulnerable to Deserialization of Untrusted Data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hg6j-4rv6-33pg", "name": "aiohttp: GHSA-hg6j-4rv6-33pg", "shortDescription": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "fullDescription": {"text": "AIOHTTP is vulnerable to cross-origin redirect with per-request cookies"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `prometheus` image uses the latest tag", "shortDescription": {"text": "Compose service `prometheus` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `update_context` has cognitive complexity 25 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `update_context` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 25."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-142", "name": "urllib3: PYSEC-2026-142", "shortDescription": {"text": "urllib3: PYSEC-2026-142"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-141", "name": "urllib3: PYSEC-2026-141", "shortDescription": {"text": "urllib3: PYSEC-2026-141"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-217", "name": "transformers: PYSEC-2025-217", "shortDescription": {"text": "transformers: PYSEC-2025-217"}, "fullDescription": {"text": "Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28308."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `docker.nix-community.org/nixpkgs/nix-flakes (no tag)` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `docker.nix-community.org/nixpkgs/nix-flakes (no tag)` not pinned by digest"}, "fullDescription": {"text": "`FROM docker.nix-community.org/nixpkgs/nix-flakes (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `requests.get` inside async function `test_prometheus_metrics_collection_chat`", "shortDescription": {"text": "Blocking call `requests.get` inside async function `test_prometheus_metrics_collection_chat`"}, "fullDescription": {"text": "`requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_deterministic_seeding", "shortDescription": {"text": "Phantom test coverage: test_deterministic_seeding"}, "fullDescription": {"text": "Test function `test_deterministic_seeding` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._make_node` used but never assigned in __init__", "shortDescription": {"text": "`self._make_node` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_cancelled_count_in_failure_notification` of class `TestFailurePropagation` reads `self._make_node`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `http` used but not imported", "shortDescription": {"text": "Missing import: `http` used but not imported"}, "fullDescription": {"text": "The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1242"}, "properties": {"repository": "kubernetes-sigs/inference-perf", "repoUrl": "https://github.com/kubernetes-sigs/inference-perf", "branch": "main"}, "results": [{"ruleId": "GHSA-69w3-r845-3855", "level": "warning", "message": {"text": "transformers: GHSA-69w3-r845-3855"}, "properties": {"repobilityId": 125172, "scanner": "osv-scanner", "fingerprint": "37948cbd8e7f4597d31674e34eebc809f688208fe6889a084b4c1dda591c6f53", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1839"], "package": "transformers", "rule_id": "GHSA-69w3-r845-3855", "scanner": "osv-scanner", "correlation_key": "vuln|transformers|CVE-2026-1839|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 125170, "scanner": "osv-scanner", "fingerprint": "60aa2e276ec2543e3323ceca5927e9aba277e775fcbb700e5b7490c6c00507f8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg22-mg44-37j8", "level": "warning", "message": {"text": "aiohttp: GHSA-jg22-mg44-37j8"}, "properties": {"repobilityId": 125169, "scanner": "osv-scanner", "fingerprint": "93fccbde3c3b34f470358fabf307d60f2645a72a798648cd571bbcced92f70c8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34993"], "package": "aiohttp", "rule_id": "GHSA-jg22-mg44-37j8", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-34993|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hg6j-4rv6-33pg", "level": "warning", "message": {"text": "aiohttp: GHSA-hg6j-4rv6-33pg"}, "properties": {"repobilityId": 125168, "scanner": "osv-scanner", "fingerprint": "b05e76259f61b60e1055bc5334ccabb062837b2e52c40c7d23135ba037b5a343", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-47265"], "package": "aiohttp", "rule_id": "GHSA-hg6j-4rv6-33pg", "scanner": "osv-scanner", "correlation_key": "vuln|aiohttp|CVE-2026-47265|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 125163, "scanner": "repobility-docker", "fingerprint": "303ba19bbaa5f6257d7f056982bd65da4236dd9f0a4d2bc19bd0b2a98f7290cc", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|303ba19bbaa5f6257d7f056982bd65da4236dd9f0a4d2bc19bd0b2a98f7290cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `vllm-server` image uses the latest tag"}, "properties": {"repobilityId": 125160, "scanner": "repobility-docker", "fingerprint": "ec95fa26427afdc3b6123659715dc1cca4ed010ae8697bde33657c13d719430b", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "vllm/vllm-openai:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ec95fa26427afdc3b6123659715dc1cca4ed010ae8697bde33657c13d719430b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 125157, "scanner": "repobility-docker", "fingerprint": "14555af229a5512345e732d6dc9149dc2a5a4a4fc575acef2bf3add7ceae3c3f", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|14555af229a5512345e732d6dc9149dc2a5a4a4fc575acef2bf3add7ceae3c3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tgi/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 125152, "scanner": "repobility-docker", "fingerprint": "f11a6f6b534414977fab9726c14c9cf7dbb2902e67fa4f488109e951f0175132", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f11a6f6b534414977fab9726c14c9cf7dbb2902e67fa4f488109e951f0175132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sglang/docker-compose.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 125149, "scanner": "repobility-docker", "fingerprint": "82b671d50ac4aee2e26677a13ee98c1f44c10ec265b2f69dd1d52afe91936dd4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "docker.nix-community.org/nixpkgs/nix-flakes", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|82b671d50ac4aee2e26677a13ee98c1f44c10ec265b2f69dd1d52afe91936dd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.e2e-test"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 125148, "scanner": "repobility-docker", "fingerprint": "80ec961efa02d6558a70255328cd31ae6d0ffa9455b38bc546f076ebff894553", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "docker.nix-community.org/nixpkgs/nix-flakes", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|80ec961efa02d6558a70255328cd31ae6d0ffa9455b38bc546f076ebff894553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.e2e-test"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 125146, "scanner": "repobility-docker", "fingerprint": "792316051e29fea45827955633fd3b7baff50926101e12d46d67f75b3cec6b67", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12.11-alpine3.22", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|792316051e29fea45827955633fd3b7baff50926101e12d46d67f75b3cec6b67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 125143, "scanner": "repobility-threat-engine", "fingerprint": "be28ca52140625a64f0ff142d9ae1ef5d67e1e28a3fceb628b90776b159ed534", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|36|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_coverage_regression.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 125140, "scanner": "repobility-threat-engine", "fingerprint": "44ef30a01d2f2785ecc85ad56c0059002c73e48b14b9cc5caa3dc6f569967129", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|128|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/config/datagen/replay.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 125138, "scanner": "repobility-threat-engine", "fingerprint": "6e0e46fb75cec3a0a97e383215309808b467a51d2899df6884564bc9620e61d9", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def new_session", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|161|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/base.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 125137, "scanner": "repobility-threat-engine", "fingerprint": "2a805122a48a0e27cd8da95e8144643f4a3347bf4745a7bc27b8184828f61314", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2a805122a48a0e27cd8da95e8144643f4a3347bf4745a7bc27b8184828f61314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/simple_breaker.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `update_context` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, break=1, else=1, if=7, nested_bonus=11, ternary=3, while=1."}, "properties": {"repobilityId": 125132, "scanner": "repobility-threat-engine", "fingerprint": "df4971b5546a29eacb57472568c718c0ebb827973e1eb2ece22c1f1c1f97e4ef", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 25 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update_context", "breakdown": {"if": 7, "and": 1, "else": 1, "break": 1, "while": 1, "ternary": 3, "nested_bonus": 11}, "complexity": 25, "correlation_key": "fp|df4971b5546a29eacb57472568c718c0ebb827973e1eb2ece22c1f1c1f97e4ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/user_session.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 125122, "scanner": "repobility-threat-engine", "fingerprint": "62f3a77a5da3bb2c5e29169c795c89562e3441aba7fff45236b4892fbe7b1958", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def save_report(self, reports: List[ReportFile]) -> None:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|62f3a77a5da3bb2c5e29169c795c89562e3441aba7fff45236b4892fbe7b1958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/filestorage/base.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 125121, "scanner": "repobility-threat-engine", "fingerprint": "fcd1cc5c0999702ea64920ba51f369ead4114c1df17074fa6804f89db38267a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def feed(self, metric: BaseModel) -> None:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fcd1cc5c0999702ea64920ba51f369ead4114c1df17074fa6804f89db38267a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/base.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 125120, "scanner": "repobility-threat-engine", "fingerprint": "8194c9cc8c6f5d344bea0e264f61868b1eeae84f97714af3efa22961c23ba7e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_api_type(self) -> APIType:\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8194c9cc8c6f5d344bea0e264f61868b1eeae84f97714af3efa22961c23ba7e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/base.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125113, "scanner": "repobility-ast-engine", "fingerprint": "e9bae98543e0ba58e223a3128c16bf69f1a8502a58ded8906f03e6a8b5e9bbb0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9bae98543e0ba58e223a3128c16bf69f1a8502a58ded8906f03e6a8b5e9bbb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/openai_client.py"}, "region": {"startLine": 399}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125055, "scanner": "repobility-ast-engine", "fingerprint": "5fbb7c2c70719b6ee619d19d5ef26e0a843cbbb90d3e6c2738756aa0abfbcaed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fbb7c2c70719b6ee619d19d5ef26e0a843cbbb90d3e6c2738756aa0abfbcaed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_license.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125054, "scanner": "repobility-ast-engine", "fingerprint": "cd2a67ae45309fb5e9452f63f653ddf073659db9ed4b5b5dcdd966217a03f567", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd2a67ae45309fb5e9452f63f653ddf073659db9ed4b5b5dcdd966217a03f567"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_coverage_regression.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125053, "scanner": "repobility-ast-engine", "fingerprint": "4d0a8bd15555836fe31d7c7ddb8a276d672fd0da6fda0c5a068241beb24b9352", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d0a8bd15555836fe31d7c7ddb8a276d672fd0da6fda0c5a068241beb24b9352"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_coverage_regression.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125165, "scanner": "repobility-docker", "fingerprint": "fcd18632c3ad11f8b07e79837148db06c871cd32aefcbe97496c6ac5ce05a335", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|fcd18632c3ad11f8b07e79837148db06c871cd32aefcbe97496c6ac5ce05a335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125164, "scanner": "repobility-docker", "fingerprint": "daf3ab2414bc03be69ed7849eaf0e1fc8e1545c164f09d90e18134dbe3487175", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|daf3ab2414bc03be69ed7849eaf0e1fc8e1545c164f09d90e18134dbe3487175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125162, "scanner": "repobility-docker", "fingerprint": "871c0806d1a52c61a948ea4f7541889523d241ed5bd22dcdcac6d2342e62ac51", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "vllm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|871c0806d1a52c61a948ea4f7541889523d241ed5bd22dcdcac6d2342e62ac51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125161, "scanner": "repobility-docker", "fingerprint": "793484cf66e430ab2d4ffe461ee596d15da4793f600f6827dcec52108ff9e90d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "vllm-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|793484cf66e430ab2d4ffe461ee596d15da4793f600f6827dcec52108ff9e90d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/vllm/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125159, "scanner": "repobility-docker", "fingerprint": "d189f13ac631f3b47102083e37e893ee06421b07008abfc4f60de59dbc7a5795", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d189f13ac631f3b47102083e37e893ee06421b07008abfc4f60de59dbc7a5795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tgi/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125158, "scanner": "repobility-docker", "fingerprint": "8ec539a23cdc2e1db3c6ce4513719054c676e85d25cbe21b55eaf22b797dc884", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8ec539a23cdc2e1db3c6ce4513719054c676e85d25cbe21b55eaf22b797dc884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tgi/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125156, "scanner": "repobility-docker", "fingerprint": "db68b4adbe219c64c0a6289c02537249dec62cbd8990fe6fdf4778ebe00a11cf", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "tgi-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|db68b4adbe219c64c0a6289c02537249dec62cbd8990fe6fdf4778ebe00a11cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tgi/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125155, "scanner": "repobility-docker", "fingerprint": "aee433dc2eb974b998d33b6a20094d2a71ce914d16b3479451db31ead06f73f1", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "tgi-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|aee433dc2eb974b998d33b6a20094d2a71ce914d16b3479451db31ead06f73f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tgi/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125154, "scanner": "repobility-docker", "fingerprint": "8a9045f1744b1ebf40144c0cdec60e17bb8cdf1a8c814160d8f52a54f37a0ef1", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8a9045f1744b1ebf40144c0cdec60e17bb8cdf1a8c814160d8f52a54f37a0ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sglang/docker-compose.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125153, "scanner": "repobility-docker", "fingerprint": "b93281f50376158357143d5d69fa37c9d9ac1fa15916711a914301dafab95073", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b93281f50376158357143d5d69fa37c9d9ac1fa15916711a914301dafab95073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sglang/docker-compose.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 125151, "scanner": "repobility-docker", "fingerprint": "f990a097c09a8587f06c08622cef83f756d08494876c38c8bd6f6ca3dcadf2a8", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "sglang-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f990a097c09a8587f06c08622cef83f756d08494876c38c8bd6f6ca3dcadf2a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sglang/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 125150, "scanner": "repobility-docker", "fingerprint": "182826ecfb62b190810280137afd87078881a128f3c2e855218ca869f9f6f44f", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "sglang-server", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|182826ecfb62b190810280137afd87078881a128f3c2e855218ca869f9f6f44f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/sglang/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 125147, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125052, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c71caeceee20373db6ecc9862d186c805af5ddb26b7f497c5ad46b7c2cb5e16", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/datagen/random_datagen.py", "duplicate_line": 24, "correlation_key": "fp|2c71caeceee20373db6ecc9862d186c805af5ddb26b7f497c5ad46b7c2cb5e16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/synthetic_datagen.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125051, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f3c7b80e59d420d07519b2f50997f852d5ae9d02ad3748614fff2144e93c855", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/datagen/multimodal_datagen.py", "duplicate_line": 102, "correlation_key": "fp|4f3c7b80e59d420d07519b2f50997f852d5ae9d02ad3748614fff2144e93c855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/shared_prefix_datagen.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125050, "scanner": "repobility-ai-code-hygiene", "fingerprint": "63b1cf628e00f9ddeadc79badb19a3ca22a277edc5c2c2b57fb69632012c41ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/datagen/hf_billsum_datagen.py", "duplicate_line": 59, "correlation_key": "fp|63b1cf628e00f9ddeadc79badb19a3ca22a277edc5c2c2b57fb69632012c41ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/infinity_instruct_datagen.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125049, "scanner": "repobility-ai-code-hygiene", "fingerprint": "84afe1f88fd6b7e2ed985e26887277c78b28eab00dc2af248b1c24ab749a453f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/datagen/cnn_dailymail_datagen.py", "duplicate_line": 62, "correlation_key": "fp|84afe1f88fd6b7e2ed985e26887277c78b28eab00dc2af248b1c24ab749a453f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/hf_sharegpt_datagen.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125048, "scanner": "repobility-ai-code-hygiene", "fingerprint": "26207f2aae946c01696447e64d9efafab905f6c72274cd6fc1fad7b376b34d4d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/apis/user_session.py", "duplicate_line": 162, "correlation_key": "fp|26207f2aae946c01696447e64d9efafab905f6c72274cd6fc1fad7b376b34d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/conversation_replay_datagen.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125047, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8056915c06ecf6c7893d40e6c448382a4d28c4829caec4eea982c10a438029da", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/sglang_client.py", "duplicate_line": 21, "correlation_key": "fp|8056915c06ecf6c7893d40e6c448382a4d28c4829caec4eea982c10a438029da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/vllm_client.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125046, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8a2a885bce01314454a0f1140a0ea0c23cba195cf7136bdfa655518cc571f4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/openai_client.py", "duplicate_line": 27, "correlation_key": "fp|b8a2a885bce01314454a0f1140a0ea0c23cba195cf7136bdfa655518cc571f4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/vllm_client.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125045, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a930e26c81405b432739660de363d63b67b17ff4a05a03f40bc17436dfc83d8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/mock_client.py", "duplicate_line": 119, "correlation_key": "fp|a930e26c81405b432739660de363d63b67b17ff4a05a03f40bc17436dfc83d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/tgi_client.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125044, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c74e9295ae1d6cefa41b961a0c293b2a3e74bf03069acb767973790e47f0c8c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/sglang_client.py", "duplicate_line": 10, "correlation_key": "fp|9c74e9295ae1d6cefa41b961a0c293b2a3e74bf03069acb767973790e47f0c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/tgi_client.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125043, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31e934e4c16fe9737cc19a0f28b3be95972fc8fe4df54c56a5194f639b659f1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/openai_client.py", "duplicate_line": 27, "correlation_key": "fp|31e934e4c16fe9737cc19a0f28b3be95972fc8fe4df54c56a5194f639b659f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/tgi_client.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125042, "scanner": "repobility-ai-code-hygiene", "fingerprint": "187bcb6517158300cfa1e96e868339304db1d993eb6dd97a06219ae867e4f894", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/mock_client.py", "duplicate_line": 119, "correlation_key": "fp|187bcb6517158300cfa1e96e868339304db1d993eb6dd97a06219ae867e4f894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/sglang_client.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 125041, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0ed89f66c554339aba1e3e4f8133ba87c6e039beced09eda90a7af4781a1aaef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "inference_perf/client/modelserver/openai_client.py", "duplicate_line": 27, "correlation_key": "fp|0ed89f66c554339aba1e3e4f8133ba87c6e039beced09eda90a7af4781a1aaef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/modelserver/sglang_client.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 125145, "scanner": "repobility-threat-engine", "fingerprint": "abd5ec47b9066b86ae2744de2d09cdf2ad66ecf3bb8d48fb1757f859cb4809c7", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"Error: docs/cli_flags.md is out of sync with Config.\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|4|print error: docs/cli_flags.md is out of sync with config."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/sync_cli_flags_doc.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 125142, "scanner": "repobility-threat-engine", "fingerprint": "1ce607e55a6c9c47b500eecea8b46dde33120f91f841b12a779d2efa15b44eb1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ce607e55a6c9c47b500eecea8b46dde33120f91f841b12a779d2efa15b44eb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/replay_graph_types.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "properties": {"repobilityId": 125133, "scanner": "repobility-threat-engine", "fingerprint": "26623a4384c15353821760bd652659c8310cb263e68e02d0d97e21365c6a16f3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_sse_stream", "breakdown": {"if": 5, "for": 2, "break": 2, "while": 1, "except": 1, "continue": 1, "nested_bonus": 24}, "aggregated": true, "complexity": 36, "correlation_key": "fp|26623a4384c15353821760bd652659c8310cb263e68e02d0d97e21365c6a16f3", "aggregated_count": 27}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 125129, "scanner": "repobility-threat-engine", "fingerprint": "c2c36f72aae98a93db3f81b5e6a2e949df6f220dc5c36a691c3a0a8577c262e1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2c36f72aae98a93db3f81b5e6a2e949df6f220dc5c36a691c3a0a8577c262e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/server_metrics/base.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 125128, "scanner": "repobility-threat-engine", "fingerprint": "a9c625f8916592fb74be2c204b0919109b084d7cc647b289d1bd673173a6e7b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9c625f8916592fb74be2c204b0919109b084d7cc647b289d1bd673173a6e7b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/base.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 125127, "scanner": "repobility-threat-engine", "fingerprint": "7279be3bf1fcb1aa10ba0c2ac1be9be53dc68b6d651aeb9501d6be025f645add", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7279be3bf1fcb1aa10ba0c2ac1be9be53dc68b6d651aeb9501d6be025f645add", "aggregated_count": 13}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 125126, "scanner": "repobility-threat-engine", "fingerprint": "fdb81882defb6e50e75acca340d3b02e834c438b8768b6601ef8206665169641", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fdb81882defb6e50e75acca340d3b02e834c438b8768b6601ef8206665169641"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/simple_breaker.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 125125, "scanner": "repobility-threat-engine", "fingerprint": "98a4461e0a4ec1a2d541e11509e65cf993d0cff4f3088e441129f71e31ea9b07", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98a4461e0a4ec1a2d541e11509e65cf993d0cff4f3088e441129f71e31ea9b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/base.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 125124, "scanner": "repobility-threat-engine", "fingerprint": "6bf57a1c96eb6e5b013a998c07d8cea5671e365f5a211bcd3ce2cfc91262f6c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6bf57a1c96eb6e5b013a998c07d8cea5671e365f5a211bcd3ce2cfc91262f6c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/base.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 125123, "scanner": "repobility-threat-engine", "fingerprint": "6bd7eff5686ccc74a94accbb531effb24caca3914b4cc34b18a072e5032dd3e3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6bd7eff5686ccc74a94accbb531effb24caca3914b4cc34b18a072e5032dd3e3"}}}, {"ruleId": "PYSEC-2026-142", "level": "error", "message": {"text": "urllib3: PYSEC-2026-142"}, "properties": {"repobilityId": 125174, "scanner": "osv-scanner", "fingerprint": "bdc198363f617b13b2f9836dbe83d4ce4de753f53b00917d1660d8459f94dc88", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44432", "GHSA-mf9v-mfxr-j63j"], "package": "urllib3", "rule_id": "PYSEC-2026-142", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44432|pdm.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mf9v-mfxr-j63j", "PYSEC-2026-142"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["61ec3475e1a9622e57f0071960beb6a8c8fad4b69cc492ad5d16b46ea3963323", "bdc198363f617b13b2f9836dbe83d4ce4de753f53b00917d1660d8459f94dc88"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-141", "level": "error", "message": {"text": "urllib3: PYSEC-2026-141"}, "properties": {"repobilityId": 125173, "scanner": "osv-scanner", "fingerprint": "a2c0c7777bf1a36fbc2adbe026f2e69f91dc779c89fcd2e72f814a3bacd8eab6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44431", "GHSA-qccp-gfcp-xxvc"], "package": "urllib3", "rule_id": "PYSEC-2026-141", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44431|pdm.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qccp-gfcp-xxvc", "PYSEC-2026-141"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5660a684ec1ad537cc8e3b8ba972375bf06b705f99d89857dbe87504ab8f0f08", "a2c0c7777bf1a36fbc2adbe026f2e69f91dc779c89fcd2e72f814a3bacd8eab6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-217", "level": "error", "message": {"text": "transformers: PYSEC-2025-217"}, "properties": {"repobilityId": 125171, "scanner": "osv-scanner", "fingerprint": "03ed5d4aca4f46b036e0c647b3bde2f7330b22ebadabe4515bc4d9be9ad8e468", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-14929"], "package": "transformers", "rule_id": "PYSEC-2025-217", "scanner": "osv-scanner", "correlation_key": "vuln|transformers|CVE-2025-14929|pdm.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pdm.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 125144, "scanner": "repobility-threat-engine", "fingerprint": "4171f65b90065fbb63903d8cebfb76e43e026fac0c39bede18cc4b859e93e6fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4171f65b90065fbb63903d8cebfb76e43e026fac0c39bede18cc4b859e93e6fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_coverage_regression.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 125141, "scanner": "repobility-threat-engine", "fingerprint": "444303d34803b0bc5e4d8389d6b180f46766726920d1494fcf80282bb88a91ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|444303d34803b0bc5e4d8389d6b180f46766726920d1494fcf80282bb88a91ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/multimodal_sampling.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 125139, "scanner": "repobility-threat-engine", "fingerprint": "7217ffeb6fba0bedd614c00b99a5eefec27e03b6347463d281c6ceee1a85090b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7217ffeb6fba0bedd614c00b99a5eefec27e03b6347463d281c6ceee1a85090b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/client/server_metrics/prometheus_client/google_managed_prometheus_client.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 125136, "scanner": "repobility-threat-engine", "fingerprint": "a51c52f0b4e74d4a3ac8699bc4d842a09a7136843d036dc5ef1a46ee6c0476de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a51c52f0b4e74d4a3ac8699bc4d842a09a7136843d036dc5ef1a46ee6c0476de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/simple_breaker.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 125135, "scanner": "repobility-threat-engine", "fingerprint": "df42b0bda03e9379d1ddf22254b0033b3d9503ef731fd30374319897e808cd8f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "img.save(buf, format=\"JPEG\", quality=quality)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|df42b0bda03e9379d1ddf22254b0033b3d9503ef731fd30374319897e808cd8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/mediagen/synthesis.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 125134, "scanner": "repobility-threat-engine", "fingerprint": "ddac8d0a8e4c01b07a4cbf89837155baa28576e7b661a4b6fde894156d268019", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "t.update(hit_sample)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ddac8d0a8e4c01b07a4cbf89837155baa28576e7b661a4b6fde894156d268019"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/circuit_breaker/simple_breaker.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `to_request_body` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=2, else=2, if=5, nested_bonus=13, recursion=1, ternary=2, while=1."}, "properties": {"repobilityId": 125131, "scanner": "repobility-threat-engine", "fingerprint": "8985e468ec831afef250a034ba03c0d73500e72576e39abc47069cb465519ca8", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 26 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "to_request_body", "breakdown": {"if": 5, "and": 2, "else": 2, "while": 1, "ternary": 2, "recursion": 1, "nested_bonus": 13}, "complexity": 26, "correlation_key": "fp|8985e468ec831afef250a034ba03c0d73500e72576e39abc47069cb465519ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/user_session.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_sse_stream` has cognitive complexity 36 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, continue=1, except=1, for=2, if=5, nested_bonus=24, while=1."}, "properties": {"repobilityId": 125130, "scanner": "repobility-threat-engine", "fingerprint": "6bc5be9e1ff926737cebbdf29fe70838d4ace92533a283844d5b9ed03e71935f", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 36 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_sse_stream", "breakdown": {"if": 5, "for": 2, "break": 2, "while": 1, "except": 1, "continue": 1, "nested_bonus": 24}, "complexity": 36, "correlation_key": "fp|6bc5be9e1ff926737cebbdf29fe70838d4ace92533a283844d5b9ed03e71935f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/apis/streaming_parser.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `docker.nix-community.org/nixpkgs/nix-flakes (no tag)` not pinned by digest"}, "properties": {"repobilityId": 125119, "scanner": "repobility-supply-chain", "fingerprint": "5fca6813a9bc4be76ee3e8e02da3e9aeca27daeefebd2130538b90766f4fc52e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5fca6813a9bc4be76ee3e8e02da3e9aeca27daeefebd2130538b90766f4fc52e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.e2e-test"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12.11-alpine3.22` not pinned by digest"}, "properties": {"repobilityId": 125118, "scanner": "repobility-supply-chain", "fingerprint": "1e9069d2a9a29db8685ec457fc5f46cf8500222675f2c6c2a3841f6250a616d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e9069d2a9a29db8685ec457fc5f46cf8500222675f2c6c2a3841f6250a616d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12.11-alpine3.22` not pinned by digest"}, "properties": {"repobilityId": 125117, "scanner": "repobility-supply-chain", "fingerprint": "0c027e76449c8e20dee1a48720466eed86774d24d6fcc1f146c20ff812e2a066", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c027e76449c8e20dee1a48720466eed86774d24d6fcc1f146c20ff812e2a066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `requests.get` inside async function `test_prometheus_metrics_collection_chat`"}, "properties": {"repobilityId": 125116, "scanner": "repobility-ast-engine", "fingerprint": "03ede5fffc62abc4399164fe524575f415b6c0110704a701e9e53ad298549916", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03ede5fffc62abc4399164fe524575f415b6c0110704a701e9e53ad298549916"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/tests/test_prometheus.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `requests.get` inside async function `test_prometheus_metrics_collection`"}, "properties": {"repobilityId": 125115, "scanner": "repobility-ast-engine", "fingerprint": "1fccd192b797cb2afeb4d9d0c45dfebac3016c3769dc7e7ff752d32d294557bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fccd192b797cb2afeb4d9d0c45dfebac3016c3769dc7e7ff752d32d294557bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/tests/test_prometheus.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deterministic_seeding"}, "properties": {"repobilityId": 125106, "scanner": "repobility-ast-engine", "fingerprint": "a9b4933db9a8ecc84db96cb2236dcc9b7cacb333733e13d9edc5188ec337365f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9b4933db9a8ecc84db96cb2236dcc9b7cacb333733e13d9edc5188ec337365f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/utils/test_distribution.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_lognormal_negative_mean_raises"}, "properties": {"repobilityId": 125105, "scanner": "repobility-ast-engine", "fingerprint": "3c40f708b382e6ee6104c12ffa129b6d9e3ad90ea3b1390d07077ce950457346", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c40f708b382e6ee6104c12ffa129b6d9e3ad90ea3b1390d07077ce950457346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/utils/test_distribution.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_print_session_summary_tables_skipped_when_no_session_reports"}, "properties": {"repobilityId": 125104, "scanner": "repobility-ast-engine", "fingerprint": "72adaf84e711f492a14d0b1e7e8c3a98de85e1e90128fe5cc1a74437aca0fbc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72adaf84e711f492a14d0b1e7e8c3a98de85e1e90128fe5cc1a74437aca0fbc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/utils/test_cli_summary.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_print_summary_table_empty"}, "properties": {"repobilityId": 125103, "scanner": "repobility-ast-engine", "fingerprint": "a13e311bc1cd702d9063a5c099571561326fa445b49a009b67de951c58ea30ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a13e311bc1cd702d9063a5c099571561326fa445b49a009b67de951c58ea30ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/utils/test_cli_summary.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_timer"}, "properties": {"repobilityId": 125102, "scanner": "repobility-ast-engine", "fingerprint": "fc1aab5a4416643793f178869788eee6b623cbd3ab1c5be3deeb106ab3ef6893", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc1aab5a4416643793f178869788eee6b623cbd3ab1c5be3deeb106ab3ef6893"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/loadgen/test_load_generator.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_union_rejects_unknown_kind"}, "properties": {"repobilityId": 125101, "scanner": "repobility-ast-engine", "fingerprint": "acdd0d4b4242d907f45ac34eba7cee92b265306c47724699d2db3e05ed357069", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|acdd0d4b4242d907f45ac34eba7cee92b265306c47724699d2db3e05ed357069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/payloads/test_spec_unions.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_video_union_discriminates_on_kind"}, "properties": {"repobilityId": 125100, "scanner": "repobility-ast-engine", "fingerprint": "c19ab9f253c44c206236543045df33de5e8697f44857b304814e3aa4d10d4bc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c19ab9f253c44c206236543045df33de5e8697f44857b304814e3aa4d10d4bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/payloads/test_spec_unions.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_audio_union_discriminates_on_kind"}, "properties": {"repobilityId": 125099, "scanner": "repobility-ast-engine", "fingerprint": "0afd993cee887eb28ad008d96865ca65ce5e9d66db72c54f754ede8b0162fc38", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0afd993cee887eb28ad008d96865ca65ce5e9d66db72c54f754ede8b0162fc38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/payloads/test_spec_unions.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_image_union_discriminates_on_kind"}, "properties": {"repobilityId": 125098, "scanner": "repobility-ast-engine", "fingerprint": "5304f78da718843c9872dc58d96792a421e4c6243c3f8ba62a2f82328c2510a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5304f78da718843c9872dc58d96792a421e4c6243c3f8ba62a2f82328c2510a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/required/payloads/test_spec_unions.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_node` used but never assigned in __init__"}, "properties": {"repobilityId": 125097, "scanner": "repobility-ast-engine", "fingerprint": "cd346af2ea992ee6d95ef29bc93a17e5ac85d3e3561116b3826a66359d8d2c54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd346af2ea992ee6d95ef29bc93a17e5ac85d3e3561116b3826a66359d8d2c54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 975}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_node` used but never assigned in __init__"}, "properties": {"repobilityId": 125096, "scanner": "repobility-ast-engine", "fingerprint": "f333144193c57199f8c422fbb28559bc93fcb6e934ce65b16421549f7c1c0efb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f333144193c57199f8c422fbb28559bc93fcb6e934ce65b16421549f7c1c0efb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 944}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_node` used but never assigned in __init__"}, "properties": {"repobilityId": 125095, "scanner": "repobility-ast-engine", "fingerprint": "28355f8d123ce8617cc83a61220c895225c802834de0d693850b73b28f89061a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28355f8d123ce8617cc83a61220c895225c802834de0d693850b73b28f89061a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 943}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125094, "scanner": "repobility-ast-engine", "fingerprint": "29f074ec46ef7b17d0611d45a4714b8d1bc9ee713f81dbdca72c1d66112f2a74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29f074ec46ef7b17d0611d45a4714b8d1bc9ee713f81dbdca72c1d66112f2a74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 369}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125093, "scanner": "repobility-ast-engine", "fingerprint": "eb74dc4b661b062b330a2e58961b5e184034ca09c419f5fa32156077f27e9e08", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb74dc4b661b062b330a2e58961b5e184034ca09c419f5fa32156077f27e9e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 347}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125092, "scanner": "repobility-ast-engine", "fingerprint": "fd004368b00b372718e52356788dde6cef5e4dd33e0c585de94084adc75bff3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd004368b00b372718e52356788dde6cef5e4dd33e0c585de94084adc75bff3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 336}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125091, "scanner": "repobility-ast-engine", "fingerprint": "64dcd4d365ce686827732c5936b914cae61ce058ff5f22c744aad1971fe36641", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64dcd4d365ce686827732c5936b914cae61ce058ff5f22c744aad1971fe36641"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 310}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125090, "scanner": "repobility-ast-engine", "fingerprint": "8bb69eacedec7a181e6cf63299ef282e53d708b8fe205f5acc9fe95840cea2b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb69eacedec7a181e6cf63299ef282e53d708b8fe205f5acc9fe95840cea2b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_record_failure_wakes_waiter_with_error"}, "properties": {"repobilityId": 125088, "scanner": "repobility-ast-engine", "fingerprint": "415ce74cc250d947c4fa1f3fea67f3e4fd04a8aa9e192d2ca67144a685fd8880", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|415ce74cc250d947c4fa1f3fea67f3e4fd04a8aa9e192d2ca67144a685fd8880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_double_record_raises_error"}, "properties": {"repobilityId": 125087, "scanner": "repobility-ast-engine", "fingerprint": "d5f3d5b7f211ff0c6cd0b76aceb0ea079cf0911117c4c0c1dfee65eaf4bdfc0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f3d5b7f211ff0c6cd0b76aceb0ea079cf0911117c4c0c1dfee65eaf4bdfc0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_require_async_timeout"}, "properties": {"repobilityId": 125086, "scanner": "repobility-ast-engine", "fingerprint": "cc2fefcfdf573d36bae7fb7a7c6cfe22473e2dd8e75b55fda4f0d50cd4f9a814", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc2fefcfdf573d36bae7fb7a7c6cfe22473e2dd8e75b55fda4f0d50cd4f9a814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_setup_logging_invalid_level"}, "properties": {"repobilityId": 125085, "scanner": "repobility-ast-engine", "fingerprint": "e2f3decb1d98d40fdcaba5527f539c52ba1e3acacebd3e6932eb8d75e9916610", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2f3decb1d98d40fdcaba5527f539c52ba1e3acacebd3e6932eb8d75e9916610"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_logger.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_raw_call` used but never assigned in __init__"}, "properties": {"repobilityId": 125084, "scanner": "repobility-ast-engine", "fingerprint": "3fc8be4f00668f40cd995478c45af4940783dc5e8aff94fc5b2141df9599b3e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3fc8be4f00668f40cd995478c45af4940783dc5e8aff94fc5b2141df9599b3e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_raw_call` used but never assigned in __init__"}, "properties": {"repobilityId": 125083, "scanner": "repobility-ast-engine", "fingerprint": "07d38aad4ffd08d64fee83549fbe5a5a2136ddcd252d884121d277acde5ca74b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07d38aad4ffd08d64fee83549fbe5a5a2136ddcd252d884121d277acde5ca74b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_raw_call` used but never assigned in __init__"}, "properties": {"repobilityId": 125082, "scanner": "repobility-ast-engine", "fingerprint": "3ec80aa574d413d5fc7944f005cffca1bf5c998dbc28b843d62ec700caf379ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ec80aa574d413d5fc7944f005cffca1bf5c998dbc28b843d62ec700caf379ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 459}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_raw_call` used but never assigned in __init__"}, "properties": {"repobilityId": 125081, "scanner": "repobility-ast-engine", "fingerprint": "fa918d7500a7d7e5d317ce32f30403d6ad82d0a7aa605f11660735c864c5ba9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa918d7500a7d7e5d317ce32f30403d6ad82d0a7aa605f11660735c864c5ba9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 458}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125080, "scanner": "repobility-ast-engine", "fingerprint": "a3a007a34b6e94dc284e37b66f59025515dfb568cff250d9b7c9a7e5c2526924", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3a007a34b6e94dc284e37b66f59025515dfb568cff250d9b7c9a7e5c2526924"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 407}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125079, "scanner": "repobility-ast-engine", "fingerprint": "685417b1c9b3f9b88880c88af9a36afd50e66cec2b81a5960c632d26150416b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|685417b1c9b3f9b88880c88af9a36afd50e66cec2b81a5960c632d26150416b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125078, "scanner": "repobility-ast-engine", "fingerprint": "255b53baa51d303d954534b7facc99a89f3d23d970b032c093e518a1507430ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|255b53baa51d303d954534b7facc99a89f3d23d970b032c093e518a1507430ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125077, "scanner": "repobility-ast-engine", "fingerprint": "08cc2f8ad3849e6446529a4d96b18aaed0cc8b2dacac2966f8c0ee0c4cc532b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08cc2f8ad3849e6446529a4d96b18aaed0cc8b2dacac2966f8c0ee0c4cc532b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 324}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125076, "scanner": "repobility-ast-engine", "fingerprint": "72617fede93a146cc6113daf07f089772de333f097717bf841ddf085dbf506da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72617fede93a146cc6113daf07f089772de333f097717bf841ddf085dbf506da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125075, "scanner": "repobility-ast-engine", "fingerprint": "089cdd0158ea9a8680789e9c2e8336009a93bfc9e03e8736d16a8cde99a2ceaf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|089cdd0158ea9a8680789e9c2e8336009a93bfc9e03e8736d16a8cde99a2ceaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125074, "scanner": "repobility-ast-engine", "fingerprint": "23db4cbf4d1f3c2bdcc9fce74e68e8dcfb132e14221fd8e9b0d486611fb5f6a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23db4cbf4d1f3c2bdcc9fce74e68e8dcfb132e14221fd8e9b0d486611fb5f6a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125073, "scanner": "repobility-ast-engine", "fingerprint": "8cc994d27b71316154d1ca487a5ddf2d35e928ee5b662e34c14c81ae70196c16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cc994d27b71316154d1ca487a5ddf2d35e928ee5b662e34c14c81ae70196c16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125072, "scanner": "repobility-ast-engine", "fingerprint": "98c257a55c74834d2e4652512c60471e27979688f79ba7fabe7c5220aebd3fb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98c257a55c74834d2e4652512c60471e27979688f79ba7fabe7c5220aebd3fb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 207}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125071, "scanner": "repobility-ast-engine", "fingerprint": "67886f7017c6a558b371a217f07b9cb0144b6a1984f5803675a03f3a99f94c3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67886f7017c6a558b371a217f07b9cb0144b6a1984f5803675a03f3a99f94c3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125070, "scanner": "repobility-ast-engine", "fingerprint": "cf8f6bb0c23c9ee48c44e607f59542e7c539e38581189fbc0924cd77b75fb8a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf8f6bb0c23c9ee48c44e607f59542e7c539e38581189fbc0924cd77b75fb8a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125069, "scanner": "repobility-ast-engine", "fingerprint": "c0468d80f8ef88c5e2b9717c1c6b8e3f32ba3d5a3ae4b73996063b1a7fff9135", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0468d80f8ef88c5e2b9717c1c6b8e3f32ba3d5a3ae4b73996063b1a7fff9135"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_api_data` used but never assigned in __init__"}, "properties": {"repobilityId": 125068, "scanner": "repobility-ast-engine", "fingerprint": "59437d24b67d791fa0c2b2533424d36fec6874fef24a2c627ab437c8fc8f9dd8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59437d24b67d791fa0c2b2533424d36fec6874fef24a2c627ab437c8fc8f9dd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_tool_call_capture.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_simple_storage_service_config_rejects_invalid_addressing_style"}, "properties": {"repobilityId": 125067, "scanner": "repobility-ast-engine", "fingerprint": "c13250c6d82000f97737413ec7fd136ad0844a5f2e471deedef16e1ba818b2e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c13250c6d82000f97737413ec7fd136ad0844a5f2e471deedef16e1ba818b2e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_distribution_both_variance_and_std_dev_error"}, "properties": {"repobilityId": 125066, "scanner": "repobility-ast-engine", "fingerprint": "f611760c4a3c327ed23b12a90bd96c1d74ebafc15d493afbcbe285db16c60472", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f611760c4a3c327ed23b12a90bd96c1d74ebafc15d493afbcbe285db16c60472"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_shared_prefix_ambiguous_distribution_error"}, "properties": {"repobilityId": 125065, "scanner": "repobility-ast-engine", "fingerprint": "ac450d37fea599f50a5bafce66e2ff039613f0a03c9ec36516b12c29ba8c65b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac450d37fea599f50a5bafce66e2ff039613f0a03c9ec36516b12c29ba8c65b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_prometheus_client_config_validation"}, "properties": {"repobilityId": 125064, "scanner": "repobility-ast-engine", "fingerprint": "8cd13a247a3314b319264f9a437bf8d812073dd182af75861e8d90f68989a77c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cd13a247a3314b319264f9a437bf8d812073dd182af75861e8d90f68989a77c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_load_config_validation"}, "properties": {"repobilityId": 125063, "scanner": "repobility-ast-engine", "fingerprint": "c90f95d3e25fb3bc9a8ec903bfbcd7ad834ab6b35b8b538fe0261d15766252f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c90f95d3e25fb3bc9a8ec903bfbcd7ad834ab6b35b8b538fe0261d15766252f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_standard_load_stage_validation"}, "properties": {"repobilityId": 125062, "scanner": "repobility-ast-engine", "fingerprint": "0d85649cfba17f6ea048f352b04255c9b8a807c4c8c19f2e38e89d66bb054633", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d85649cfba17f6ea048f352b04255c9b8a807c4c8c19f2e38e89d66bb054633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_requires_conversation_replay_config"}, "properties": {"repobilityId": 125061, "scanner": "repobility-ast-engine", "fingerprint": "d8a2460794e7dfbeaedaf4fbcef0b35169bd3ff5d2303419d16ea9457ecee8c2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8a2460794e7dfbeaedaf4fbcef0b35169bd3ff5d2303419d16ea9457ecee8c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_conversation_replay_datagen.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_requires_tokenizer"}, "properties": {"repobilityId": 125060, "scanner": "repobility-ast-engine", "fingerprint": "d59fc675f9ce8b74ec03aab03a3f02f309d9fffa06b9ad5fadd976aaac777ca6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d59fc675f9ce8b74ec03aab03a3f02f309d9fffa06b9ad5fadd976aaac777ca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_conversation_replay_datagen.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_record_response_metrics_with_error"}, "properties": {"repobilityId": 125059, "scanner": "repobility-ast-engine", "fingerprint": "ee98ee0a8bcbcde92f8b899d15484c7b510c3dabdcd0b72397e4274a367b9b5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee98ee0a8bcbcde92f8b899d15484c7b510c3dabdcd0b72397e4274a367b9b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_instrumentation.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_record_response_metrics_with_data"}, "properties": {"repobilityId": 125058, "scanner": "repobility-ast-engine", "fingerprint": "f974c08a61cb962b6021c8308f18d8a274c844302c3ade3f19262db9773bf2a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f974c08a61cb962b6021c8308f18d8a274c844302c3ade3f19262db9773bf2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_instrumentation.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_trace_llm_request_with_data"}, "properties": {"repobilityId": 125057, "scanner": "repobility-ast-engine", "fingerprint": "0edb6a4877d3559bd4b1201fbf24cbcd3e6c2cb13564ae6cc4e778b0b29299da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0edb6a4877d3559bd4b1201fbf24cbcd3e6c2cb13564ae6cc4e778b0b29299da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_instrumentation.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_record_response_metrics_disabled"}, "properties": {"repobilityId": 125056, "scanner": "repobility-ast-engine", "fingerprint": "1a3b7cf39705110be25ef2170ada0e9943f4c421480e42d1eccfe5dc8b0b2220", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a3b7cf39705110be25ef2170ada0e9943f4c421480e42d1eccfe5dc8b0b2220"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_instrumentation.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125167, "scanner": "gitleaks", "fingerprint": "0eb1b51b7ccb1cc541cf7391312d15cf98b0bc454d343439c35f8e845d3fa513", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "card_token=''", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|38|card_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/otel/test_traces/advanced/code_review_workflow.json"}, "region": {"startLine": 385}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125166, "scanner": "gitleaks", "fingerprint": "b7124aee75b2cc9a943f9c4cf55b467e8d601dfd14bd8ac5997acaeadbd2e5a9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "card_token=''", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|35|card_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/otel/test_traces/advanced/code_review_workflow.json"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `http` used but not imported"}, "properties": {"repobilityId": 125114, "scanner": "repobility-ast-engine", "fingerprint": "0be101bf39a824352a2da99586443ff79b51a3df1c33019224b7753a42a60de0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0be101bf39a824352a2da99586443ff79b51a3df1c33019224b7753a42a60de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/utils/llm_d_inference_sim.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 125112, "scanner": "repobility-ast-engine", "fingerprint": "a63bd705872a09a65f85e46be62663cc1d1c26f03ba5307b4eebdca859011019", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a63bd705872a09a65f85e46be62663cc1d1c26f03ba5307b4eebdca859011019"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/otel_trace_to_replay_graph.py"}, "region": {"startLine": 1198}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `gc` used but not imported"}, "properties": {"repobilityId": 125111, "scanner": "repobility-ast-engine", "fingerprint": "8594ebdb1aeab5f9795315caf3f10a78fb9bc4dc2a75031c9b63318c11eb841a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8594ebdb1aeab5f9795315caf3f10a78fb9bc4dc2a75031c9b63318c11eb841a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/otel_trace_to_replay_graph.py"}, "region": {"startLine": 1129}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 125110, "scanner": "repobility-ast-engine", "fingerprint": "96d23a9d94cdc26e8507280eca2ba2c054c98864130b14fc150448da912fbd7a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96d23a9d94cdc26e8507280eca2ba2c054c98864130b14fc150448da912fbd7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/replay_graph_session_datagen.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `gc` used but not imported"}, "properties": {"repobilityId": 125109, "scanner": "repobility-ast-engine", "fingerprint": "aa60de7930f6a365e6e6d7cb46abc7e381edeb28a38efe33e3461343b8cc0a39", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa60de7930f6a365e6e6d7cb46abc7e381edeb28a38efe33e3461343b8cc0a39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/datagen/replay_graph_session_datagen.py"}, "region": {"startLine": 979}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 125108, "scanner": "repobility-ast-engine", "fingerprint": "6b842a24771b1861ed183a915ded3060857df1da32d98762a69fac8922b61181", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b842a24771b1861ed183a915ded3060857df1da32d98762a69fac8922b61181"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/utils/request_queue.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 125107, "scanner": "repobility-ast-engine", "fingerprint": "a7ba596df5fce1d355bcefaafb01436129440c2cb73994c802ebd850752830ac", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7ba596df5fce1d355bcefaafb01436129440c2cb73994c802ebd850752830ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "inference_perf/loadgen/load_generator.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `gc` used but not imported"}, "properties": {"repobilityId": 125089, "scanner": "repobility-ast-engine", "fingerprint": "ea767cd2fedc1459ae19206c66ff8ec9d2f3782e884361a701306468cde7da39", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea767cd2fedc1459ae19206c66ff8ec9d2f3782e884361a701306468cde7da39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_otel_replay_datagen.py"}, "region": {"startLine": 740}}}]}]}]}