{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `cupy-cuda12x[ctk]` has no version pin: Unpinned pip requirement means every fresh install ", "shortDescription": {"text": "[MINED124] requirements.txt: `cupy-cuda12x[ctk]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproduc"}, "fullDescription": {"text": "Replace `cupy-cuda12x[ctk]` with `cupy-cuda12x[ctk]==` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `test_retrieval` (list): `def test_retrieval(... = []/{}/set())` \u2014 Python's defau", "shortDescription": {"text": "[MINED109] Mutable default argument in `test_retrieval` (list): `def test_retrieval(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def test_retrieval(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC115", "name": "[SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap \u2192 ", "shortDescription": {"text": "[SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap \u2192 memory/disk exhaustion DoS (10kb \u2192 4GB classic 'zip bomb')."}, "fullDescription": {"text": "Wrap reader with `io.LimitReader(r, MAX_BYTES)`. In Python, iterate `ZipFile.infolist()` and check each entry's `file_size`. Cap total uncompressed bytes (e.g. 100MB)."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n const u = new URL(serverUrl, location.href);\n if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `decorator` has cognitive complexity 11 (SonarSource scale). Cognitive com", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `decorator` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 11."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED089", "name": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature.", "shortDescription": {"text": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-561 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED030] Python Pickle Loads (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 23 more): Same pattern found in 23", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 4 more): Same pattern found in 4 additional files. ", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 24 more): Same pattern found in 24 additional files. Review if ne", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 93 more): Same pattern found in 93 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 93 more): Same pattern found in 93 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 60 more): Same pattern found in 60 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 60 more): Same pattern found in 60 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 87 more): Same pattern found in 87 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 87 more): Same pattern found in 87 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 101 more): Same pattern found in 101 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 101 more): Same pattern found in 101 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha> # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` not pinned by digest: `FROM pytorch/pytorch:2.8", "shortDescription": {"text": "[MINED118] Dockerfile FROM `pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` not pinned by digest: `FROM pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` resolves the tag at build time. The registry CAN re-push a different image for the same tag, s"}, "fullDescription": {"text": "Replace with: `FROM pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /predict has no auth: Handler `predict` is registered with router/app.post(...) but no Depends/S", "shortDescription": {"text": "[MINED112] FastAPI POST /predict has no auth: Handler `predict` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_include_keypoints_in_data_augmentation: Test function `test_include_keypoints_in_", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_include_keypoints_in_data_augmentation: Test function `test_include_keypoints_in_data_augmentation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds lin"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.evaluate` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads ", "shortDescription": {"text": "[MINED108] `self.evaluate` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self.evaluate`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError th"}, "fullDescription": {"text": "Initialize `self.evaluate = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC080", "name": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-", "shortDescription": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "fullDescription": {"text": "Add `filter='data'` (Python \u2265 3.12) or manually validate member paths against `os.path.abspath`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `stri", "shortDescription": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import string` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/811"}, "properties": {"repository": "tensorflow/models", "repoUrl": "https://github.com/tensorflow/models", "branch": "master"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `cupy-cuda12x[ctk]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70688, "scanner": "repobility-supply-chain", "fingerprint": "68f9f4503a6d1afc9dc666d9f9f919b86b81560f0f0a5f557ef6432e72bb0be1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|68f9f4503a6d1afc9dc666d9f9f919b86b81560f0f0a5f557ef6432e72bb0be1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/requirements.txt"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `cupy-cuda12x[cuda_dlls]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70687, "scanner": "repobility-supply-chain", "fingerprint": "46a42505e482c298cb65fccec021d215e60700f071b393f1949485a2367908c0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|46a42505e482c298cb65fccec021d215e60700f071b393f1949485a2367908c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/requirements.txt"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `mediapy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70685, "scanner": "repobility-supply-chain", "fingerprint": "6cfaf1fcb0812bca35dd1dc74d86d808d625919ad79c32d65f6f43ad9a7391fc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cfaf1fcb0812bca35dd1dc74d86d808d625919ad79c32d65f6f43ad9a7391fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/movinet/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `gin-config` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70684, "scanner": "repobility-supply-chain", "fingerprint": "6976bd54af7c1b6278019fedeb7269902a36711a3027f439bcf4474b773d007f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6976bd54af7c1b6278019fedeb7269902a36711a3027f439bcf4474b773d007f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/unified_detector/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `tf-nightly` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70683, "scanner": "repobility-supply-chain", "fingerprint": "309fadedba1316703a23f658b3f25bb001f9dcfc071407ac9e108d454b1f686e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|309fadedba1316703a23f658b3f25bb001f9dcfc071407ac9e108d454b1f686e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/unified_detector/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `soundfile` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70678, "scanner": "repobility-supply-chain", "fingerprint": "878ccc03c01539a15ac6e4e457feeda913d5837d40f92b3fe58251e06942d1d5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|878ccc03c01539a15ac6e4e457feeda913d5837d40f92b3fe58251e06942d1d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `six` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70677, "scanner": "repobility-supply-chain", "fingerprint": "77c2645f797a7dc3ee6f902f448c12aca12be32f2f5bdd0099b7bac7f1af3c8e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77c2645f797a7dc3ee6f902f448c12aca12be32f2f5bdd0099b7bac7f1af3c8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `tf_slim` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70676, "scanner": "repobility-supply-chain", "fingerprint": "309ed430da645f70d2cd6173e88c7bd660cae6f3c7ffceb1f51b69705915ab32", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|309ed430da645f70d2cd6173e88c7bd660cae6f3c7ffceb1f51b69705915ab32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `tensorflow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70675, "scanner": "repobility-supply-chain", "fingerprint": "8ba8abfe5e0bc55d834b2bcd1c5443def61788f67200471398cc01aeda1002a7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ba8abfe5e0bc55d834b2bcd1c5443def61788f67200471398cc01aeda1002a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `resampy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70674, "scanner": "repobility-supply-chain", "fingerprint": "90d3d78163859173405bf929bae05a1fbae0ee430490d91ade859c15177127cc", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90d3d78163859173405bf929bae05a1fbae0ee430490d91ade859c15177127cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70673, "scanner": "repobility-supply-chain", "fingerprint": "3ed3a3d57cf0ab79766a24d58b945ff571a712af2137dbc00f2649dfd04fce67", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ed3a3d57cf0ab79766a24d58b945ff571a712af2137dbc00f2649dfd04fce67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/audioset/vggish/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `immutabledict` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70672, "scanner": "repobility-supply-chain", "fingerprint": "f19ed6093af37936d73558cb58a1bb92c156db4ca59dcc8c4e217a6a4e740cf4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f19ed6093af37936d73558cb58a1bb92c156db4ca59dcc8c4e217a6a4e740cf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sacrebleu` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70671, "scanner": "repobility-supply-chain", "fingerprint": "6cc313308aec21f572896a946423d0ccd8d570bc0d2bc939aab9fb02bdf507a6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cc313308aec21f572896a946423d0ccd8d570bc0d2bc939aab9fb02bdf507a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `sentencepiece` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70670, "scanner": "repobility-supply-chain", "fingerprint": "e1db9538372695c0ff9918ed65e61235870f840bd5c50b5b98cfa6f8f597adb2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1db9538372695c0ff9918ed65e61235870f840bd5c50b5b98cfa6f8f597adb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `seqeval` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70669, "scanner": "repobility-supply-chain", "fingerprint": "ebbf3cef98f7c7affcabfe9810ad61421e0c275debb432a8edd405df8092bf09", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ebbf3cef98f7c7affcabfe9810ad61421e0c275debb432a8edd405df8092bf09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pycocotools` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70668, "scanner": "repobility-supply-chain", "fingerprint": "a66a9f1d1847ba2c9b09ec2b4e7c7f45d01ff01870ccd5616a691b31fd89be2c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a66a9f1d1847ba2c9b09ec2b4e7c7f45d01ff01870ccd5616a691b31fd89be2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70667, "scanner": "repobility-supply-chain", "fingerprint": "705bec1b27e3bab62b4128b5f02aa6c4fb5fab57ca569028eacc9acd916a6491", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|705bec1b27e3bab62b4128b5f02aa6c4fb5fab57ca569028eacc9acd916a6491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `opencv-python-headless` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70666, "scanner": "repobility-supply-chain", "fingerprint": "70405f039fd26ca267d9c09fe2a526f1b6ce19078098ce7b9a9e63a1194de4c9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70405f039fd26ca267d9c09fe2a526f1b6ce19078098ce7b9a9e63a1194de4c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `matplotlib` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70665, "scanner": "repobility-supply-chain", "fingerprint": "09cf4dd5f7c8ba6b5f5a6858e2a7b24319eb5f09a37b2e6eb8801c69a6affd9e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|09cf4dd5f7c8ba6b5f5a6858e2a7b24319eb5f09a37b2e6eb8801c69a6affd9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Cython` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70664, "scanner": "repobility-supply-chain", "fingerprint": "e752982da909dd4616a7d5ed259b48370cd2c47273694a59d80d081d56439a97", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e752982da909dd4616a7d5ed259b48370cd2c47273694a59d80d081d56439a97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `gin-config` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70663, "scanner": "repobility-supply-chain", "fingerprint": "6c404f1d938091631897625c041d7b793fc438e47e5f5fe62fa48334bfc32521", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6c404f1d938091631897625c041d7b793fc438e47e5f5fe62fa48334bfc32521"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `tensorflow-datasets` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70662, "scanner": "repobility-supply-chain", "fingerprint": "5746def63311d8a511f6ff11010ca069a3778be222eb66d8376f3221903cd769", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5746def63311d8a511f6ff11010ca069a3778be222eb66d8376f3221903cd769"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `oauth2client` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70661, "scanner": "repobility-supply-chain", "fingerprint": "e7bd0967957d877b7db126673047ec91af80cca2387910142df258b763db348b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e7bd0967957d877b7db126673047ec91af80cca2387910142df258b763db348b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `six` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 70660, "scanner": "repobility-supply-chain", "fingerprint": "9602c137bb5cc7500a8ec3f89cf35c1877445f1278b3d437aceac786daadc270", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9602c137bb5cc7500a8ec3f89cf35c1877445f1278b3d437aceac786daadc270"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 70640, "scanner": "repobility-ast-engine", "fingerprint": "5863f0701187c5901ae8595c96f79581993a471d079ca115b226b70c5bf9d4ce", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5863f0701187c5901ae8595c96f79581993a471d079ca115b226b70c5bf9d4ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/ffmpeg_ops.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 70637, "scanner": "repobility-ast-engine", "fingerprint": "3f697caea92e0f23a9bebaedd0beeea4bb53b78b284b9631f7fe35b3ee123e1f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f697caea92e0f23a9bebaedd0beeea4bb53b78b284b9631f7fe35b3ee123e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/lfads/synth_data/generate_itb_data.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `test_retrieval` (list): `def test_retrieval(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 70634, "scanner": "repobility-ast-engine", "fingerprint": "d5cf642f4594ea208b2ced56f59e20992846faa420d4c7b222d2a4fd9a0494c1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5cf642f4594ea208b2ced56f59e20992846faa420d4c7b222d2a4fd9a0494c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/training/global_features/train_utils.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `extract_global_descriptors_from_list` (list): `def extract_global_descriptors_from_list(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 70633, "scanner": "repobility-ast-engine", "fingerprint": "910b26a5909aa836f845fd1c78890ce30c1ccd94e56319d3325cb6c817ea4b7a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|910b26a5909aa836f845fd1c78890ce30c1ccd94e56319d3325cb6c817ea4b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/training/model/global_model.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 70632, "scanner": "repobility-ast-engine", "fingerprint": "bffa02c221b46690f8b29832f7aa7ca0c281c99bc245c2e3cc5f11b3c9b92343", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bffa02c221b46690f8b29832f7aa7ca0c281c99bc245c2e3cc5f11b3c9b92343"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dataset_tools/context_rcnn/generate_embedding_data.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 70631, "scanner": "repobility-ast-engine", "fingerprint": "9400b8da61147a2ed773a2d68d92bcca718b27824c74d86e596f0e5d15cfe7d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9400b8da61147a2ed773a2d68d92bcca718b27824c74d86e596f0e5d15cfe7d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dataset_tools/context_rcnn/create_cococameratraps_tfexample_main.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 70628, "scanner": "repobility-ast-engine", "fingerprint": "bed98f27f7f73ffa600f7c3fda6ef076a60726c8015cb5f32658235113ec7620", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bed98f27f7f73ffa600f7c3fda6ef076a60726c8015cb5f32658235113ec7620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/slim/datasets/process_bounding_boxes.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_create_train_op` (list): `def _create_train_op(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 70610, "scanner": "repobility-ast-engine", "fingerprint": "fb31d828b41587c533a5665ba873afb603e35d7e4756eb3c89dce2b26cca7dfc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb31d828b41587c533a5665ba873afb603e35d7e4756eb3c89dce2b26cca7dfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/rebar/rebar.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `_create_eta` (list): `def _create_eta(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 70609, "scanner": "repobility-ast-engine", "fingerprint": "a42376b5f0bb5371e4db873b80a151b37d0dc4cb5065880287b6a94153a08730", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a42376b5f0bb5371e4db873b80a151b37d0dc4cb5065880287b6a94153a08730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/rebar/rebar.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 70574, "scanner": "repobility-docker", "fingerprint": "dc569d0577c5bee58b5396503eddb0bb119e120d4e5f3e2c8769d484be6cd2bb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "tensorflow/tensorflow:latest-gpu", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dc569d0577c5bee58b5396503eddb0bb119e120d4e5f3e2c8769d484be6cd2bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 70554, "scanner": "repobility-docker", "fingerprint": "b021477b750afedf332f36a4c18031af900c5b33d623321237227030e5faedbf", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "tensorflow/tensorflow:nightly-devel", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b021477b750afedf332f36a4c18031af900c5b33d623321237227030e5faedbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 70548, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 70547, "scanner": "repobility-docker", "fingerprint": "0132b2ba3acc5128d1c69b9ebd940317a48a96609207ec437f27c159a94ede45", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0132b2ba3acc5128d1c69b9ebd940317a48a96609207ec437f27c159a94ede45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/llm_applications/milk_pouch_detection/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 70505, "scanner": "repobility-threat-engine", "fingerprint": "56e71483d033fd60dd3f40fe7b1e0938d3705e13eb9d72229e39109d3fb74fcc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|56e71483d033fd60dd3f40fe7b1e0938d3705e13eb9d72229e39109d3fb74fcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/training/global_features_utils.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 70504, "scanner": "repobility-threat-engine", "fingerprint": "b016e72b31aedea7edbfc66182cee6967d13566f8a6bd266826c50bffc6ec249", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b016e72b31aedea7edbfc66182cee6967d13566f8a6bd266826c50bffc6ec249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/datasets/tuples_dataset.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "SEC115", "level": "warning", "message": {"text": "[SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap \u2192 memory/disk exhaustion DoS (10kb \u2192 4GB classic 'zip bomb')."}, "properties": {"repobilityId": 70500, "scanner": "repobility-threat-engine", "fingerprint": "20a1248224aed9a86934720153754012480ff712f9b978100d9b78ca1bc658a9", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tarfile.open(filepath, 'r:gz').extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC115", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|20a1248224aed9a86934720153754012480ff712f9b978100d9b78ca1bc658a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/slim/datasets/download_and_convert_cifar10.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC115", "level": "warning", "message": {"text": "[SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap \u2192 memory/disk exhaustion DoS (10kb \u2192 4GB classic 'zip bomb')."}, "properties": {"repobilityId": 70499, "scanner": "repobility-threat-engine", "fingerprint": "8f9edfa5835ce31db76fb770b75026e8f19914c46ead93625e4bcc01539e5344", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tarfile.open(filepath, 'r:gz').extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC115", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8f9edfa5835ce31db76fb770b75026e8f19914c46ead93625e4bcc01539e5344"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/slim/datasets/dataset_utils.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC115", "level": "warning", "message": {"text": "[SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap \u2192 memory/disk exhaustion DoS (10kb \u2192 4GB classic 'zip bomb')."}, "properties": {"repobilityId": 70498, "scanner": "repobility-threat-engine", "fingerprint": "b80a3d57e53be3e8df0ff98ea09ab31b382c66d0a0a9202c333e4c8e507fad04", "category": "resource_exhaustion", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "zipfile.ZipFile(zip_path, \"r\").extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC115", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b80a3d57e53be3e8df0ff98ea09ab31b382c66d0a0a9202c333e4c8e507fad04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/movielens.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 70496, "scanner": "repobility-threat-engine", "fingerprint": "1b4e4716da493822ec7ad281b122c11f283cbb4d346d1a144eaf1b103da1e7ed", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|138|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/slim/datasets/dataset_utils.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 70495, "scanner": "repobility-threat-engine", "fingerprint": "7f95b3bb423819fbeba97fe3bc18b8e1b7acfacf76a97574c5f4359576cdd3ac", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|82|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/deep_speech/data/download.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 70494, "scanner": "repobility-threat-engine", "fingerprint": "10917f1ff50a27294701f7ed09fbff435d1dee3f1e0bf7ebe09cbcb684a9a157", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|126|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/movielens.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 70489, "scanner": "repobility-threat-engine", "fingerprint": "85177d44580c0bb47881930add14b6a052b8afd239e1219f46a76bcf326cae57", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|100|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/llm_applications/milk_pouch_detection/src/models/classification.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 70488, "scanner": "repobility-threat-engine", "fingerprint": "c3cc0734ba1dd0a4c9efe1faf0fb3b6b3a7b269f79a2237edebe9eb78c80fb07", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|59|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/fine_tuning/Pytorch_Image_Classifier/inference_utils.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 70483, "scanner": "repobility-threat-engine", "fingerprint": "08f7ba6c3cf15e062fc85c42e0ebc76b488fbca73ae751c7399ecaa7e146bda7", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "location.href = nav_next", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|08f7ba6c3cf15e062fc85c42e0ebc76b488fbca73ae751c7399ecaa7e146bda7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/circularnet-docs/themes/hugo-theme-techdoc/src/js/keydown-nav.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 70474, "scanner": "repobility-threat-engine", "fingerprint": "888e471edf40f9dc09827ce28a7240b7bbaf2ebba268bc279a1d75833e73de8f", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n cmd,\n shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|58|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/model_inference/download_and_unzip_models.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 70473, "scanner": "repobility-threat-engine", "fingerprint": "10b2c1f06fe74e9aa06df4787dba7dac4eefacefe96411d863d1607e5499361b", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(gsutil_command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|33|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_pipeline/gsutil_ops.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 70472, "scanner": "repobility-threat-engine", "fingerprint": "b9ee44d41ad1704877947f5c077753605e7aec084a32068695a3a197915c4581", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|104|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/utils.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 70467, "scanner": "repobility-threat-engine", "fingerprint": "9ef28e90df247b8074093bbd7377137719662250965ecd4196189ea4698debd1", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|47|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/tflite_ops/denylist.cc"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 70466, "scanner": "repobility-threat-engine", "fingerprint": "54832f74d80483363136bdbad82a072836bd63d596befadfdab38be532bfabb9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|90|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/models/sgnn/sgnn_projection.cc"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 70465, "scanner": "repobility-threat-engine", "fingerprint": "73e0180579bfee9e3b78852bb845e8fa2bfdb2c647981d6175ef6a3b5add392e", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|52|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/rebar/rebar_train.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 70454, "scanner": "repobility-threat-engine", "fingerprint": "883aad331e1f23739107d219980e67f8e7c5a1c6ab82a99cf9edbc32a1ee0bd2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def call(\n self,\n inputs: types.DictOfTensors,\n training: bool | None = None,\n m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|883aad331e1f23739107d219980e67f8e7c5a1c6ab82a99cf9edbc32a1ee0bd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/uplift/layers/uplift_networks/base_uplift_networks.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 70453, "scanner": "repobility-threat-engine", "fingerprint": "6566c66c5f477af1124cb47f4e62df83a018e959bafb835815fb0896434a5f66", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_config(self):\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6566c66c5f477af1124cb47f4e62df83a018e959bafb835815fb0896434a5f66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/masked_lm.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 70452, "scanner": "repobility-threat-engine", "fingerprint": "8558b72eae9dead365643339b85a71d645131fbdbf2c32250694ba335aa15951", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _resource_apply_sparse(self, grad, handle, indices, apply_state):\n raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8558b72eae9dead365643339b85a71d645131fbdbf2c32250694ba335aa15951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/modeling/optimization/lars.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 70425, "scanner": "repobility-threat-engine", "fingerprint": "4e5ce311d10aa504c11d3d3d6687f315da893d8f05b412e53c00a14d51ad5425", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|154|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/data_preprocessing.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 70424, "scanner": "repobility-threat-engine", "fingerprint": "f59bb0e5cd1b81f3733b74f9c25fbb9d8695b00076d99aae8357a0f5ab6fe5f2", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|123|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/serving/export_savedmodel.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 70423, "scanner": "repobility-threat-engine", "fingerprint": "b703a6fa6be90a242185403ae44130df0b105341126983114a7a5f956788a1ba", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|259|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70573, "scanner": "repobility-docker", "fingerprint": "839d0998bd79dea36420526852d14f13e19cd1abc4bf1f4b855b7d5544fb1d86", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|839d0998bd79dea36420526852d14f13e19cd1abc4bf1f4b855b7d5544fb1d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 48}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70572, "scanner": "repobility-docker", "fingerprint": "96b749ec25831df0cd8c780ca462cc1358b192e6e4ec651f9efad58c1be35196", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|96b749ec25831df0cd8c780ca462cc1358b192e6e4ec651f9efad58c1be35196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70570, "scanner": "repobility-docker", "fingerprint": "417df502982ff114982d616ce0d49d52c2a929ca3093af559bbb7651a5e08d04", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|417df502982ff114982d616ce0d49d52c2a929ca3093af559bbb7651a5e08d04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70569, "scanner": "repobility-docker", "fingerprint": "d75d9cc7dc034b888560492de4fd8b4693b6c204892c2cd0a8cdc40a362832c7", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d75d9cc7dc034b888560492de4fd8b4693b6c204892c2cd0a8cdc40a362832c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70568, "scanner": "repobility-docker", "fingerprint": "39ef1bf93c4fe625ac4fc986cc2275b65e23179b336b440cd164353677940313", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|39ef1bf93c4fe625ac4fc986cc2275b65e23179b336b440cd164353677940313"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70567, "scanner": "repobility-docker", "fingerprint": "4a46480391e4985f98ac9f09828902bd704bb3b9ece31bfb092d9df52c2703af", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4a46480391e4985f98ac9f09828902bd704bb3b9ece31bfb092d9df52c2703af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 38}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70565, "scanner": "repobility-docker", "fingerprint": "e2914b6de7b1343ba82949518dbfe7c174b7d32de91f17ba6e1c29c6e63e90c7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e2914b6de7b1343ba82949518dbfe7c174b7d32de91f17ba6e1c29c6e63e90c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70564, "scanner": "repobility-docker", "fingerprint": "a28039544d519c8fb744953da16703d6a1df1fda7855292541ff61c5862ea4dc", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a28039544d519c8fb744953da16703d6a1df1fda7855292541ff61c5862ea4dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70563, "scanner": "repobility-docker", "fingerprint": "73595edc545460c4cbd38f535ae52e3c8c53566c636c71d1f43ee1aa78a5302d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|73595edc545460c4cbd38f535ae52e3c8c53566c636c71d1f43ee1aa78a5302d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70562, "scanner": "repobility-docker", "fingerprint": "8577aa66bec897fe765e2abc28baae177ded34df77e6ceaf9e829f37a65f9b5a", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8577aa66bec897fe765e2abc28baae177ded34df77e6ceaf9e829f37a65f9b5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70561, "scanner": "repobility-docker", "fingerprint": "5d20d5d892f50461d214f7ae36a58d527cb20fa4e8c184ea716f15f6fc0f9c88", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5d20d5d892f50461d214f7ae36a58d527cb20fa4e8c184ea716f15f6fc0f9c88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70560, "scanner": "repobility-docker", "fingerprint": "1f4beeae7d283980d0ec8cb599f96e4b12381aa7ecf5dec32f8af33fb1cae0aa", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1f4beeae7d283980d0ec8cb599f96e4b12381aa7ecf5dec32f8af33fb1cae0aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 38}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70558, "scanner": "repobility-docker", "fingerprint": "84102a2a838f811493ef3c2218f1c3c07c3bd597c3c11ae45ed657f809619927", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|84102a2a838f811493ef3c2218f1c3c07c3bd597c3c11ae45ed657f809619927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70557, "scanner": "repobility-docker", "fingerprint": "0235a0da8a846247a60adefa5fbc1f02cb328b7fe75b07528056f42745ce6814", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0235a0da8a846247a60adefa5fbc1f02cb328b7fe75b07528056f42745ce6814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70556, "scanner": "repobility-docker", "fingerprint": "d6fc027727c567b2c77acb4c6321ed7124c1dd197110ddea67a8cfea227eb190", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d6fc027727c567b2c77acb4c6321ed7124c1dd197110ddea67a8cfea227eb190"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70555, "scanner": "repobility-docker", "fingerprint": "fc198f87edc733ec0d3bcf356b5edb74b1755e9fe08c571e174bbede4a4ee594", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fc198f87edc733ec0d3bcf356b5edb74b1755e9fe08c571e174bbede4a4ee594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70553, "scanner": "repobility-docker", "fingerprint": "e5a731c8e887c0cc21331f51a374bfe7b91d630fea596fe1fc5c5558a74ff335", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5a731c8e887c0cc21331f51a374bfe7b91d630fea596fe1fc5c5558a74ff335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 71}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 70552, "scanner": "repobility-docker", "fingerprint": "e80b7c2836635e0e58538b3663db6bcabac19b9a1fbf9566c91478abbbd6d32f", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e80b7c2836635e0e58538b3663db6bcabac19b9a1fbf9566c91478abbbd6d32f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70551, "scanner": "repobility-docker", "fingerprint": "fc7e2e1e86c0bcbeecb2d3cfe4033a32955c4206fe70f7ea238f7d28714dd403", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fc7e2e1e86c0bcbeecb2d3cfe4033a32955c4206fe70f7ea238f7d28714dd403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 39}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 70550, "scanner": "repobility-docker", "fingerprint": "881d044d23ea57049eb4e0eba3b64b64761b7d9720c9e878d4f64c23e1d4b891", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|881d044d23ea57049eb4e0eba3b64b64761b7d9720c9e878d4f64c23e1d4b891"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 70549, "scanner": "repobility-docker", "fingerprint": "6b07877ee60e2d1debf5ef2da9c42d601824af6c568a38bb54e3229bc1976b15", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|6b07877ee60e2d1debf5ef2da9c42d601824af6c568a38bb54e3229bc1976b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70546, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f76ad454f103e084083aa4dfe8132a6a14ba53ada80f93cb160c1b83114d4ad8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/transformer_xl.py", "duplicate_line": 320, "correlation_key": "fp|f76ad454f103e084083aa4dfe8132a6a14ba53ada80f93cb160c1b83114d4ad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/xlnet_base.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70545, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e526c63a7f1837c16872834209e1cddbe15bcf68984a287b63a258c4284d675", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/networks/bert_encoder.py", "duplicate_line": 39, "correlation_key": "fp|3e526c63a7f1837c16872834209e1cddbe15bcf68984a287b63a258c4284d675"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/sparse_mixer.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70544, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7eed183dbcd9a97984b323f50ce2c9f55fabee3f444924218ebbd4a092a6b967", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/networks/fnet.py", "duplicate_line": 42, "correlation_key": "fp|7eed183dbcd9a97984b323f50ce2c9f55fabee3f444924218ebbd4a092a6b967"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/sparse_mixer.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70543, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bffc1901c2d44861e80def55655d580f5327c9cb7c0733cc71063571766141a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/networks/fnet.py", "duplicate_line": 102, "correlation_key": "fp|1bffc1901c2d44861e80def55655d580f5327c9cb7c0733cc71063571766141a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/funnel_transformer.py"}, "region": {"startLine": 340}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70542, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60e65ee9db016b702502a5fdf22c6f684fdef2fc307b14246c87b0a2b5273b7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/networks/bert_encoder.py", "duplicate_line": 286, "correlation_key": "fp|60e65ee9db016b702502a5fdf22c6f684fdef2fc307b14246c87b0a2b5273b7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/funnel_transformer.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70541, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9845bd61f38a0766d88adf1dd166d5626264822c823414689b27204bc34d9c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/networks/bert_encoder.py", "duplicate_line": 39, "correlation_key": "fp|f9845bd61f38a0766d88adf1dd166d5626264822c823414689b27204bc34d9c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/networks/fnet.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70540, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aeb2fa2613556dc0c2413553fd6acf7ab685cba9d2a822432297bfcadb2f734e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/transformer.py", "duplicate_line": 89, "correlation_key": "fp|aeb2fa2613556dc0c2413553fd6acf7ab685cba9d2a822432297bfcadb2f734e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/transformer_scaffold.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70539, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f689b38668f0b34f32284345d5eaf45294c8a4ff1bb55a7d32ba875769e7ec8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/pack_optimization.py", "duplicate_line": 77, "correlation_key": "fp|4f689b38668f0b34f32284345d5eaf45294c8a4ff1bb55a7d32ba875769e7ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/transformer_encoder_block.py"}, "region": {"startLine": 622}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70538, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77f12a0479a47e4cd10c5b31820c61dbd276e4ae7b212b61b7568408fe0d7d8f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/transformer.py", "duplicate_line": 88, "correlation_key": "fp|77f12a0479a47e4cd10c5b31820c61dbd276e4ae7b212b61b7568408fe0d7d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/transformer_encoder_block.py"}, "region": {"startLine": 424}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70537, "scanner": "repobility-ai-code-hygiene", "fingerprint": "007651581a1960e88690acdf54f38d313c98891356438115166f397311143575", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/reuse_transformer.py", "duplicate_line": 45, "correlation_key": "fp|007651581a1960e88690acdf54f38d313c98891356438115166f397311143575"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/transformer_encoder_block.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70536, "scanner": "repobility-ai-code-hygiene", "fingerprint": "208005f6bebc387e94a180e58006b212120767626d5625ab2f17b5c7b12963c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/tn_transformer_expand_condense.py", "duplicate_line": 13, "correlation_key": "fp|208005f6bebc387e94a180e58006b212120767626d5625ab2f17b5c7b12963c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/transformer.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbe825e17758cd0d8eac7bd690bddbef70f55d4803d133c56afdd34895dd3159", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/reuse_transformer.py", "duplicate_line": 214, "correlation_key": "fp|cbe825e17758cd0d8eac7bd690bddbef70f55d4803d133c56afdd34895dd3159"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/tn_transformer_expand_condense.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70534, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b526a730a3a8ffc211a966c83021987c27635b121919047d194fcc14204649b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/reuse_attention.py", "duplicate_line": 234, "correlation_key": "fp|b526a730a3a8ffc211a966c83021987c27635b121919047d194fcc14204649b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/tn_transformer_expand_condense.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70533, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d5101f2eec14126c456ada3379b0e7693cc86ce29c5af4661b155a5fb7a383b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/block_diag_feedforward.py", "duplicate_line": 106, "correlation_key": "fp|3d5101f2eec14126c456ada3379b0e7693cc86ce29c5af4661b155a5fb7a383b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/tn_transformer_expand_condense.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b519a0c8f2c72a8d2e603c44af88bff95c04624744681ee0332966430146ad7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/multi_query_attention.py", "duplicate_line": 193, "correlation_key": "fp|9b519a0c8f2c72a8d2e603c44af88bff95c04624744681ee0332966430146ad7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/talking_heads_attention.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6de7d2091106d14703a4575ae9d7b6ec19b066d1ef7c6dc2d6d15bad7d728bbc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/pack_optimization.py", "duplicate_line": 123, "correlation_key": "fp|6de7d2091106d14703a4575ae9d7b6ec19b066d1ef7c6dc2d6d15bad7d728bbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/rezero_transformer.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20015486e37c2771328447a7be134d4e1f2609e3e63ab76f37a465e6c5dccf65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/reuse_attention.py", "duplicate_line": 234, "correlation_key": "fp|20015486e37c2771328447a7be134d4e1f2609e3e63ab76f37a465e6c5dccf65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/rezero_transformer.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca4a3d9e5b0ba1067c959d39e16340a8128169c2680afb5ed3b9520d562ef5e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/block_diag_feedforward.py", "duplicate_line": 106, "correlation_key": "fp|ca4a3d9e5b0ba1067c959d39e16340a8128169c2680afb5ed3b9520d562ef5e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/rezero_transformer.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f208ad95804e410937eb428830db1409e417b9753aaea0e0486c6b7f6a833a8a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/reuse_attention.py", "duplicate_line": 234, "correlation_key": "fp|f208ad95804e410937eb428830db1409e417b9753aaea0e0486c6b7f6a833a8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/reuse_transformer.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0ef95be8e550d8967c4cd446fcdfff4ae39a1c9a9efcf37ab3f993679fc588e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/block_diag_feedforward.py", "duplicate_line": 106, "correlation_key": "fp|0ef95be8e550d8967c4cd446fcdfff4ae39a1c9a9efcf37ab3f993679fc588e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/reuse_transformer.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62c5528d3460fe3bce81534b6393ee02991af83b13a3a091a18021eb65c0eb42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/block_diag_feedforward.py", "duplicate_line": 106, "correlation_key": "fp|62c5528d3460fe3bce81534b6393ee02991af83b13a3a091a18021eb65c0eb42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/reuse_attention.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f88f9d069a4ffe9af7ac2d1e42af0809120d2ca39a04f12f4b39aee0ed4d8e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/multi_query_attention.py", "duplicate_line": 23, "correlation_key": "fp|4f88f9d069a4ffe9af7ac2d1e42af0809120d2ca39a04f12f4b39aee0ed4d8e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/reuse_attention.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29e83c023c70492b9c028158a46886c47753b11a4cd4871823914ece008675ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/relative_attention.py", "duplicate_line": 6, "correlation_key": "fp|29e83c023c70492b9c028158a46886c47753b11a4cd4871823914ece008675ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/reuse_attention.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1ea3bd5b24ca6171260c3bfb95593394f9f872122feccdd042ab9824044f2f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/multi_query_attention.py", "duplicate_line": 23, "correlation_key": "fp|a1ea3bd5b24ca6171260c3bfb95593394f9f872122feccdd042ab9824044f2f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/relative_attention.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "216c8d2524c162ea2f486b31fde62e89b845e901fcb53c7a840250d428cd0091", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/modeling/layers/block_diag_feedforward.py", "duplicate_line": 48, "correlation_key": "fp|216c8d2524c162ea2f486b31fde62e89b845e901fcb53c7a840250d428cd0091"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/modeling/layers/gated_feedforward.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93bd92c32e45775b430195a62330a7f3a5c4fb9dde11c381205511688b90add7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/finetuning/glue/run_glue.py", "duplicate_line": 94, "correlation_key": "fp|93bd92c32e45775b430195a62330a7f3a5c4fb9dde11c381205511688b90add7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/superglue/run_superglue.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24dca47a3cb7d4d079da077859f1cc9cb005548a5ec3b2d650eced08f25c8e15", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/finetuning/glue/flags.py", "duplicate_line": 20, "correlation_key": "fp|24dca47a3cb7d4d079da077859f1cc9cb005548a5ec3b2d650eced08f25c8e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/superglue/flags.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "327b4d4179100cdedf213f45f87b62d7f75206c52ec8e1a78ebc333624301bcf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/nlp/data/squad_lib.py", "duplicate_line": 237, "correlation_key": "fp|327b4d4179100cdedf213f45f87b62d7f75206c52ec8e1a78ebc333624301bcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/data/squad_lib_sp.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9fbca7060c6e12040459551f416d5de39a9b9e3ac36793996c447cd7390710b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/modeling/optimization/lamb.py", "duplicate_line": 172, "correlation_key": "fp|e9fbca7060c6e12040459551f416d5de39a9b9e3ac36793996c447cd7390710b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/modeling/optimization/lars.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 70517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a16eaa11a3fe660bbe7e786a46e53afca42a88f84ba11a585f147011d58f085", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "official/modeling/fast_training/progressive/train_lib.py", "duplicate_line": 69, "correlation_key": "fp|9a16eaa11a3fe660bbe7e786a46e53afca42a88f84ba11a585f147011d58f085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/modeling/multitask/train_lib.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 70492, "scanner": "repobility-threat-engine", "fingerprint": "bb952d695cc06741851de58008235f8a53569c20d90405e5d804da23f5e922c0", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "' Crystal: '+str(dictionary[b'Crystals'])+'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bb952d695cc06741851de58008235f8a53569c20d90405e5d804da23f5e922c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/marco/Automated_Marco.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 70491, "scanner": "repobility-threat-engine", "fingerprint": "0238323cb62575bb13d46225905823dedfc8f02b0092c123166816cf6d6c0823", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'dataset_N' + str(N) + '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0238323cb62575bb13d46225905823dedfc8f02b0092c123166816cf6d6c0823"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/lfads/synth_data/generate_chaotic_rnn_data.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 70490, "scanner": "repobility-threat-engine", "fingerprint": "50f22ed9aa6de7808f2d68f3a0f54099d5d3db6dfbb0bcb4ca417d3a984acedd", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"GlobalStep/\" + summary_scope + \"_Hit@1\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|50f22ed9aa6de7808f2d68f3a0f54099d5d3db6dfbb0bcb4ca417d3a984acedd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/yt8m/dataloaders/utils.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 70476, "scanner": "repobility-threat-engine", "fingerprint": "fd49e5ee68972adf8df6deb106eeecff8ac0e60fdd59ddcf89a437bb9f2defac", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(local_filename):\n urllib.urlretrieve(\"%s/%s.gz\" % (MNIST_URL, MNIST_FLOAT_TRAIN),", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fd49e5ee68972adf8df6deb106eeecff8ac0e60fdd59ddcf89a437bb9f2defac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/rebar/download_data.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 70475, "scanner": "repobility-threat-engine", "fingerprint": "5a1deb89896156a3af95cd6bfe9643d29df404c862398776a207bc93b4817066", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.isfile(local_dir):\n os.remove(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a1deb89896156a3af95cd6bfe9643d29df404c862398776a207bc93b4817066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/utils.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `decorator` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=4, nested_bonus=5."}, "properties": {"repobilityId": 70403, "scanner": "repobility-threat-engine", "fingerprint": "8abfaab31cf93a43246853c42fcf756ce506d44d5f5cdb4fdb16f65a299f2b70", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "decorator", "breakdown": {"if": 4, "for": 1, "else": 1, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|8abfaab31cf93a43246853c42fcf756ce506d44d5f5cdb4fdb16f65a299f2b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/registry.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `export` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, if=6, nested_bonus=2."}, "properties": {"repobilityId": 70402, "scanner": "repobility-threat-engine", "fingerprint": "399dda22622a0661a1dcbd16534a966fcd210bec5ea3ce9a23fb156e8bd217ac", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "export", "breakdown": {"if": 6, "else": 2, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|399dda22622a0661a1dcbd16534a966fcd210bec5ea3ce9a23fb156e8bd217ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/export_base.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 70516, "scanner": "repobility-threat-engine", "fingerprint": "d50e49004c43dc92edfa10925fa20f2f96c4146af9b9ed26ac82725af33dc3fb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d50e49004c43dc92edfa10925fa20f2f96c4146af9b9ed26ac82725af33dc3fb", "aggregated_count": 3}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 70515, "scanner": "repobility-threat-engine", "fingerprint": "ea2fcd63895eb083771b0929f74e07134e59b03479fbdbb6532b24972dd3a7ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea2fcd63895eb083771b0929f74e07134e59b03479fbdbb6532b24972dd3a7ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/tflite_ops/denylist_subsequence.cc"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 70514, "scanner": "repobility-threat-engine", "fingerprint": "d56f3571029063c655cdf732d9ee7a59dfe0fdef0c77907906277f0d8d0c2688", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d56f3571029063c655cdf732d9ee7a59dfe0fdef0c77907906277f0d8d0c2688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/tflite_ops/denylist_skipgram.cc"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 70513, "scanner": "repobility-threat-engine", "fingerprint": "99e0c862d080dd0aeec8557fc92d0955059d16702036c0ad0137e65cffc300f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99e0c862d080dd0aeec8557fc92d0955059d16702036c0ad0137e65cffc300f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/models/sgnn/sgnn_projection.cc"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 70512, "scanner": "repobility-threat-engine", "fingerprint": "24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 70511, "scanner": "repobility-threat-engine", "fingerprint": "b885a9f3ad21f4242f01b14ca28079d6b6e0a430c051ec0e3d76a92812edcc35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b885a9f3ad21f4242f01b14ca28079d6b6e0a430c051ec0e3d76a92812edcc35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/seq_flow_lite/utils/tflite_utils.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 70510, "scanner": "repobility-threat-engine", "fingerprint": "a43c83b57fbbc69d5c126861d90e69f1e140ae87340ec7fa3e5c32d4f0059210", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a43c83b57fbbc69d5c126861d90e69f1e140ae87340ec7fa3e5c32d4f0059210"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/marco/jpeg2json.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 70509, "scanner": "repobility-threat-engine", "fingerprint": "75f796470a57ccb69a94aa788f50ef9724fde1830343d6ba16072e5c8aa568f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75f796470a57ccb69a94aa788f50ef9724fde1830343d6ba16072e5c8aa568f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/marco/Automated_Marco.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 70507, "scanner": "repobility-threat-engine", "fingerprint": "f18925cf1d07eea398884d4647a50a0b41865bc08f0eee9c38fde7dc58f73d72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f18925cf1d07eea398884d4647a50a0b41865bc08f0eee9c38fde7dc58f73d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/training/global_features_utils.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 70506, "scanner": "repobility-threat-engine", "fingerprint": "c6cadf20dfff0527ca77855191152ea3da2b794df465d45b89f9d94ff5196c79", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c6cadf20dfff0527ca77855191152ea3da2b794df465d45b89f9d94ff5196c79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/datasets/tuples_dataset.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED089", "level": "none", "message": {"text": "[MINED089] Js Always False If: if (false) \u2014 branch never taken. Dead code / disabled feature."}, "properties": {"repobilityId": 70501, "scanner": "repobility-threat-engine", "fingerprint": "bed8b082680fdb85e4ccb10b72d860f74397729ec444c28cb7aaf35183db58ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-always-false-if", "owasp": null, "cwe_ids": ["CWE-561"], "languages": ["javascript", "typescript", "tsx", "jsx", "python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348146+00:00", "triaged_in_corpus": 12, "observations_count": 536, "ai_coder_pattern_id": 141}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bed8b082680fdb85e4ccb10b72d860f74397729ec444c28cb7aaf35183db58ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/utils/tpu_summaries.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC012", "level": "none", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 70497, "scanner": "repobility-threat-engine", "fingerprint": "f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f21d8f84b5b8fd967ff0c5e2e1c3fb58bbdee23dfc12821fdafc6666b2cd3f87"}}}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 70493, "scanner": "repobility-threat-engine", "fingerprint": "802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|802362717bb8b9596309b60635fbb04d345013c3d2defa44f95ace1b246cb77c"}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 70487, "scanner": "repobility-threat-engine", "fingerprint": "ea95430d3decddec409313ed65ca2c949193eaba5b4da406dd6946af8d9badb3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea95430d3decddec409313ed65ca2c949193eaba5b4da406dd6946af8d9badb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_pipeline/predictor.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 70482, "scanner": "repobility-threat-engine", "fingerprint": "702bddbed124ea38e0fb03ea761ce07d3a245feb0ee5b00941719e25dbe3951c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|702bddbed124ea38e0fb03ea761ce07d3a245feb0ee5b00941719e25dbe3951c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/circularnet-docs/themes/hugo-theme-techdoc/static/js/bundle.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 70481, "scanner": "repobility-threat-engine", "fingerprint": "50035f31fd1c8e832d879e81ee63b03fbc05cb5d80ed5645d082209cc9e4992f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50035f31fd1c8e832d879e81ee63b03fbc05cb5d80ed5645d082209cc9e4992f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/circularnet-docs/themes/hugo-theme-techdoc/src/js/code.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 70480, "scanner": "repobility-threat-engine", "fingerprint": "c126841b699eb9b9ddd9cf66cd00a10472a35bbadb0e87525eec327975e942ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c126841b699eb9b9ddd9cf66cd00a10472a35bbadb0e87525eec327975e942ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/circularnet-docs/themes/hugo-theme-techdoc/gulpfile.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 70471, "scanner": "repobility-threat-engine", "fingerprint": "659c95e54af5e38c29ac2f947d3f3e42bc441afb5aa91e2e8b7056a32b80db64", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|659c95e54af5e38c29ac2f947d3f3e42bc441afb5aa91e2e8b7056a32b80db64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/llm_applications/milk_pouch_detection/src/setup.sh"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 70470, "scanner": "repobility-threat-engine", "fingerprint": "cc04aa1da02d0127f1c859e53e18db5e3d588eafec3c863dc0efda076a3df66f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc04aa1da02d0127f1c859e53e18db5e3d588eafec3c863dc0efda076a3df66f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/requirement.sh"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 70469, "scanner": "repobility-threat-engine", "fingerprint": "35c2e5044490764263310f2f16370f8c680ca3104ca1673aa146949ff94610e7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35c2e5044490764263310f2f16370f8c680ca3104ca1673aa146949ff94610e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/requirements.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 70468, "scanner": "repobility-threat-engine", "fingerprint": "e6f2b2e43438c0a72db7c4b00ebac5cca9defebed1ab82756cd4b4eaff0d5869", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e6f2b2e43438c0a72db7c4b00ebac5cca9defebed1ab82756cd4b4eaff0d5869"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 70457, "scanner": "repobility-threat-engine", "fingerprint": "7bf342d5d84b98971eaa9199930c7fc764bc8bdcefddfd6e0300c4163199a985", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bf342d5d84b98971eaa9199930c7fc764bc8bdcefddfd6e0300c4163199a985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/data/wmt_dataloader.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 70456, "scanner": "repobility-threat-engine", "fingerprint": "732c02c40034924fa7fd5f78cc7773a7aa8a3742f8190fe0eea02c0a13971746", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(tokenized_inputs)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|21|print tokenized_inputs"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/data/wmt_dataloader.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 70455, "scanner": "repobility-threat-engine", "fingerprint": "e9ba1194fc2343c7ec35f0b73a8e5db93d18b458b58cdbfc74009ae95f82bdc7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e9ba1194fc2343c7ec35f0b73a8e5db93d18b458b58cdbfc74009ae95f82bdc7"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 70451, "scanner": "repobility-threat-engine", "fingerprint": "33f6fb40d914d207aab9d5376e9a417ba233054fd3d5b0ffe0761ee2b548749c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|33f6fb40d914d207aab9d5376e9a417ba233054fd3d5b0ffe0761ee2b548749c", "aggregated_count": 9}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 70450, "scanner": "repobility-threat-engine", "fingerprint": "949229d56fe55bb5bd8478d9c9092c1e18d43941e1f6fbef0b8ca99a037f85b6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|949229d56fe55bb5bd8478d9c9092c1e18d43941e1f6fbef0b8ca99a037f85b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/const_cl/configs/const_cl.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 70449, "scanner": "repobility-threat-engine", "fingerprint": "f694a3752042059876e813673297e16623bce309ff4520142ec18fe3c3994f99", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f694a3752042059876e813673297e16623bce309ff4520142ec18fe3c3994f99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/const_cl/configs/backbones_3d.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 70448, "scanner": "repobility-threat-engine", "fingerprint": "76dabd151605b4149d0b03e164b23bab8fe4d93b29ecec7890c07fe2f8d1c497", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76dabd151605b4149d0b03e164b23bab8fe4d93b29ecec7890c07fe2f8d1c497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/modeling/fast_training/progressive/policies.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED030", "level": "none", "message": {"text": "[MINED030] Python Pickle Loads (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 70446, "scanner": "repobility-threat-engine", "fingerprint": "3597b0c70a86c07395b8feb1e523b3798f4fa89b7c7a75bf24590b8e6d6b3585", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3597b0c70a86c07395b8feb1e523b3798f4fa89b7c7a75bf24590b8e6d6b3585", "aggregated_count": 4}}}, {"ruleId": "MINED021", "level": "none", "message": {"text": "[MINED021] Path Traversal Os Join (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 70442, "scanner": "repobility-threat-engine", "fingerprint": "08158d62ad7b04824e2532277eb1a10b1706a6d693197bf5e8c4631fc102e251", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|08158d62ad7b04824e2532277eb1a10b1706a6d693197bf5e8c4631fc102e251", "aggregated_count": 16}}}, {"ruleId": "SEC114", "level": "none", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 70438, "scanner": "repobility-threat-engine", "fingerprint": "46dd6a6a35c37e7e8cdeea8eb8cedea9764a0dd3d001b417ea0dfa69a18261a8", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|46dd6a6a35c37e7e8cdeea8eb8cedea9764a0dd3d001b417ea0dfa69a18261a8"}}}, {"ruleId": "SEC081", "level": "none", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 70434, "scanner": "repobility-threat-engine", "fingerprint": "52e5ef968d849dac15706ccd8a81266f98543bc97938fd6232df33e071ff017c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|52e5ef968d849dac15706ccd8a81266f98543bc97938fd6232df33e071ff017c"}}}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 24 more): Same pattern found in 24 additional files. Review if needed."}, "properties": {"repobilityId": 70430, "scanner": "repobility-threat-engine", "fingerprint": "5aedd354c779af3cd255d4e0c4ac001690e458271c63e0c8312f6e0e3a468195", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 24 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5aedd354c779af3cd255d4e0c4ac001690e458271c63e0c8312f6e0e3a468195"}}}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 70426, "scanner": "repobility-threat-engine", "fingerprint": "2aca5db1ec47e241c7e906a3b79e97586a2108fb653827d56d21ec0078bcd211", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2aca5db1ec47e241c7e906a3b79e97586a2108fb653827d56d21ec0078bcd211"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 93 more): Same pattern found in 93 additional files. Review if needed."}, "properties": {"repobilityId": 70422, "scanner": "repobility-threat-engine", "fingerprint": "8edb0d8d145babce354cc9a73276a7e7ff4c3acbd9157036c1b4dcb98b6b1144", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 93 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8edb0d8d145babce354cc9a73276a7e7ff4c3acbd9157036c1b4dcb98b6b1144", "aggregated_count": 93}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 70421, "scanner": "repobility-threat-engine", "fingerprint": "157afa27ebb03ef5c2d19bb69455e46d5a50a44daca57ffee2d739df703df31b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|157afa27ebb03ef5c2d19bb69455e46d5a50a44daca57ffee2d739df703df31b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/llm_applications/milk_pouch_detection/gce_startup.sh"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 70420, "scanner": "repobility-threat-engine", "fingerprint": "e1a1b1b0b7ef6a9b16d479f107e7c8b5effc6bd546eb2e165a58b0549bd23d78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1a1b1b0b7ef6a9b16d479f107e7c8b5effc6bd546eb2e165a58b0549bd23d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/modeling/multitask/task_sampler.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 70419, "scanner": "repobility-threat-engine", "fingerprint": "0774a5d21597a71a25b12be1f31eec16f54de2e2e7669ee23cfc16bc2c4194a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0774a5d21597a71a25b12be1f31eec16f54de2e2e7669ee23cfc16bc2c4194a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/image_classification/resnet/resnet_model.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 60 more): Same pattern found in 60 additional files. Review if needed."}, "properties": {"repobilityId": 70418, "scanner": "repobility-threat-engine", "fingerprint": "cbdd5b9e9ecfec5b6f8216370747ae1dbe29ae4ba10bd76da84cc9c6374f8140", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 60 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cbdd5b9e9ecfec5b6f8216370747ae1dbe29ae4ba10bd76da84cc9c6374f8140", "aggregated_count": 60}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 70417, "scanner": "repobility-threat-engine", "fingerprint": "d2e03731bad816736a1466c5b5c68c514115765783d8ed225be4d67d20d2fbfa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2e03731bad816736a1466c5b5c68c514115765783d8ed225be4d67d20d2fbfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/detection/modeling/shapemask_model.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 70416, "scanner": "repobility-threat-engine", "fingerprint": "323bd43a59403865f55e1b76cfb6ea2c1b1ba9bc6bb39e3d9b39b61b860486aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|323bd43a59403865f55e1b76cfb6ea2c1b1ba9bc6bb39e3d9b39b61b860486aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/detection/modeling/retinanet_model.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 70415, "scanner": "repobility-threat-engine", "fingerprint": "071ce57fcd4dc76d41e8ea2ed8b9aecc9a094d0bb42210c9a45bace5b18e7f25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|071ce57fcd4dc76d41e8ea2ed8b9aecc9a094d0bb42210c9a45bace5b18e7f25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/bert/export_tfhub.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 70414, "scanner": "repobility-threat-engine", "fingerprint": "e7c4bc386c05bb15abde4d4cbf6961578f5369005ddd86e24fdd653264d7b000", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7c4bc386c05bb15abde4d4cbf6961578f5369005ddd86e24fdd653264d7b000"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/vision/data/tf_example_feature_key.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 70413, "scanner": "repobility-threat-engine", "fingerprint": "90fbe5f06b8067826f3d0e6fa04044afd5b55505724774eefc0d6ee900401cce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90fbe5f06b8067826f3d0e6fa04044afd5b55505724774eefc0d6ee900401cce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/tf_example_feature_key.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 87 more): Same pattern found in 87 additional files. Review if needed."}, "properties": {"repobilityId": 70412, "scanner": "repobility-threat-engine", "fingerprint": "1905428c429f32c08b6bb3f237b60a5e1b18c34523f85a477b7559cf4dc66406", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 87 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 87 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1905428c429f32c08b6bb3f237b60a5e1b18c34523f85a477b7559cf4dc66406"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 70408, "scanner": "repobility-threat-engine", "fingerprint": "c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c0243c95a960df79d347d546f02c8d708977edbd4a97478c529e24c680ef3789", "aggregated_count": 4}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 330 more): Same pattern found in 330 additional files. Review if needed."}, "properties": {"repobilityId": 70404, "scanner": "repobility-threat-engine", "fingerprint": "adca4646f1b036982b9df29fd1cf13a7f861584aac234fe2614bfc6b756760ac", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 330 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_distribution_strategy", "breakdown": {"if": 16, "else": 1, "nested_bonus": 9}, "aggregated": true, "complexity": 26, "correlation_key": "fp|adca4646f1b036982b9df29fd1cf13a7f861584aac234fe2614bfc6b756760ac", "aggregated_count": 330}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 101 more): Same pattern found in 101 additional files. Review if needed."}, "properties": {"repobilityId": 70400, "scanner": "repobility-threat-engine", "fingerprint": "133ea96ebc60aa5c2d2ffb13889ad660aa29e039818760ed02cc0b00ae2f4a82", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 101 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|133ea96ebc60aa5c2d2ffb13889ad660aa29e039818760ed02cc0b00ae2f4a82", "aggregated_count": 101}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 70399, "scanner": "repobility-threat-engine", "fingerprint": "3d6cd6511fba44c8d28a7a549f75886cf552774a9fa8aa556905ed24e07a97d7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d6cd6511fba44c8d28a7a549f75886cf552774a9fa8aa556905ed24e07a97d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/task_factory.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 70398, "scanner": "repobility-threat-engine", "fingerprint": "97cad2e083bb6361a0be16b2c09a8260ff13c66a96f67de1e74ff99899e98e36", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97cad2e083bb6361a0be16b2c09a8260ff13c66a96f67de1e74ff99899e98e36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/common/flags.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 70397, "scanner": "repobility-threat-engine", "fingerprint": "47d9171d258f784313b3553417b88736e9af930ba177c0c83104dc41e1716ba7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47d9171d258f784313b3553417b88736e9af930ba177c0c83104dc41e1716ba7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/common/distribute_utils.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 70690, "scanner": "repobility-supply-chain", "fingerprint": "f0f31c6858fd155ffa123e5b893b4bf4d19ab9d00a782aac9928f6e777197c38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0f31c6858fd155ffa123e5b893b4bf4d19ab9d00a782aac9928f6e777197c38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v2`: `uses: actions/setup-python@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 70689, "scanner": "repobility-supply-chain", "fingerprint": "a6f172b9e23c99bae467b541e9e6214950913ba3baaf90c73e7d94f67018b584", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a6f172b9e23c99bae467b541e9e6214950913ba3baaf90c73e7d94f67018b584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` not pinned by digest: `FROM pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 70686, "scanner": "repobility-supply-chain", "fingerprint": "902ff7a5db38c53602af00aa6b7f5de49f51cc9229b69454186fed93b3b4d038", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|902ff7a5db38c53602af00aa6b7f5de49f51cc9229b69454186fed93b3b4d038"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/llm_applications/milk_pouch_detection/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `tensorflow/tensorflow:nightly-devel` not pinned by digest: `FROM tensorflow/tensorflow:nightly-devel` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 70682, "scanner": "repobility-supply-chain", "fingerprint": "b372f59d312424e78ac42b73adb7cb289ae5fcb0a14289c6be2f4a38fb4a4156", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b372f59d312424e78ac42b73adb7cb289ae5fcb0a14289c6be2f4a38fb4a4156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/android/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `tensorflow/tensorflow:latest-gpu` not pinned by digest: `FROM tensorflow/tensorflow:latest-gpu` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 70681, "scanner": "repobility-supply-chain", "fingerprint": "a88e3ca8c965f897d35dcb31a9e436071107167dcd502abebdd9e07e012924db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a88e3ca8c965f897d35dcb31a9e436071107167dcd502abebdd9e07e012924db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `tensorflow/tensorflow:2.2.0-gpu` not pinned by digest: `FROM tensorflow/tensorflow:2.2.0-gpu` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 70680, "scanner": "repobility-supply-chain", "fingerprint": "762d077a918b73d59f56af417d0e79d0e2073cb05853ce9d3e6f6c8d241bb37a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|762d077a918b73d59f56af417d0e79d0e2073cb05853ce9d3e6f6c8d241bb37a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `tensorflow/tensorflow:1.15.2-gpu-py3` not pinned by digest: `FROM tensorflow/tensorflow:1.15.2-gpu-py3` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 70679, "scanner": "repobility-supply-chain", "fingerprint": "1ec5ccc2b2ef2049f573c9acc426072640c4c6b405882e3249e7692ecf591753", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1ec5ccc2b2ef2049f573c9acc426072640c4c6b405882e3249e7692ecf591753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /predict has no auth: Handler `predict` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70659, "scanner": "repobility-route-auth", "fingerprint": "3fd9da591154782810262141c0ca1a90c51d033e1d341506e481106e16459abb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3fd9da591154782810262141c0ca1a90c51d033e1d341506e481106e16459abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_api/app.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH postprocessing.find_similar_masks has no auth: Handler `test_merge_predictions_calls_find_similar_masks` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70658, "scanner": "repobility-route-auth", "fingerprint": "73acfa40b23d2ecf164b15b27c7d43aa282c53ee5bbe9a1ab897a40e497ecdfa", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|73acfa40b23d2ecf164b15b27c7d43aa282c53ee5bbe9a1ab897a40e497ecdfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_pipeline/prediction_postprocessing_test.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH os.path.getmtime has no auth: Handler `test_get_image_creation_time_no_exif` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70657, "scanner": "repobility-route-auth", "fingerprint": "37a59dcd380d75e8391b0a7d003638b9bfdac365020d47ac102edb10d58d5297", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|37a59dcd380d75e8391b0a7d003638b9bfdac365020d47ac102edb10d58d5297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/ffmpeg_ops_test.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH PIL.Image.open has no auth: Handler `test_get_image_creation_time_exif` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70656, "scanner": "repobility-route-auth", "fingerprint": "e20a7cb380ed05a4c8d1cc94668e46d663b324c8bf292645f26d43f2c69e6fb8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e20a7cb380ed05a4c8d1cc94668e46d663b324c8bf292645f26d43f2c69e6fb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/ffmpeg_ops_test.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH os.makedirs has no auth: Handler `test_empty_dataframe_returns_early` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70655, "scanner": "repobility-route-auth", "fingerprint": "f845a0f3b680505774d8df4053a0d6f2354a9d056a67455e4bf044ee91fb2630", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f845a0f3b680505774d8df4053a0d6f2354a9d056a67455e4bf044ee91fb2630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/mask_bbox_saver_test.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH cv2.imwrite has no auth: Handler `test_save_cropped_objects_success` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70654, "scanner": "repobility-route-auth", "fingerprint": "978ea35d2a2f64ccb9e744fd17ce6c1a08da645e3b43c114e4d8a24b71806dbd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|978ea35d2a2f64ccb9e744fd17ce6c1a08da645e3b43c114e4d8a24b71806dbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/mask_bbox_saver_test.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH cv2.imwrite has no auth: Handler `test_visualize_tracking_function_runs` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70653, "scanner": "repobility-route-auth", "fingerprint": "8898159a65f2fbfc780af4fe4064967b1bb6821000202f1893f15f9554def85b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|8898159a65f2fbfc780af4fe4064967b1bb6821000202f1893f15f9554def85b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Triton_TF_Cloud_Deployment/client/mask_bbox_saver_test.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_create_table_exists_overwrite_recreates_table` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70652, "scanner": "repobility-route-auth", "fingerprint": "f5a3f5a74129a51b421897c25b4951413568c7d1c08fea38a5d15e1ecd95215a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f5a3f5a74129a51b421897c25b4951413568c7d1c08fea38a5d15e1ecd95215a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/big_query_ops_test.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_create_table_new_table_created_if_not_exists` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70651, "scanner": "repobility-route-auth", "fingerprint": "f6a8d43fdada89bf5e7d51c883274428a4b885ada511f6e472cab27f2c11f1cf", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f6a8d43fdada89bf5e7d51c883274428a4b885ada511f6e472cab27f2c11f1cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/big_query_ops_test.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_ensure_dataset_not_found` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70650, "scanner": "repobility-route-auth", "fingerprint": "954a24ec287bcf889a74ecb347b164cf738777ae8074bc7989e8d65c4ca6f0ab", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|954a24ec287bcf889a74ecb347b164cf738777ae8074bc7989e8d65c4ca6f0ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/big_query_ops_test.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_predict` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70649, "scanner": "repobility-route-auth", "fingerprint": "61439c5c36ab2164167a1baf88ee2cedad92e0b6d8619e5e296a1ebffbddcd07", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|61439c5c36ab2164167a1baf88ee2cedad92e0b6d8619e5e296a1ebffbddcd07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/triton_server_inference_test.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_get_input_batch_for_inference_filenotfound` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70648, "scanner": "repobility-route-auth", "fingerprint": "1b0e0fba048fc150ef7376f787eb01f0ec2efb13d51964744dfa12022d9b3f5e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1b0e0fba048fc150ef7376f787eb01f0ec2efb13d51964744dfa12022d9b3f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/triton_server_inference_test.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_get_input_batch_for_inference_success` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70647, "scanner": "repobility-route-auth", "fingerprint": "7c2d8541ec65c6be181f3430ee8f41fd88eec405e406678e7e6e0a9fb9e7efcb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|7c2d8541ec65c6be181f3430ee8f41fd88eec405e406678e7e6e0a9fb9e7efcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/triton_server_inference_test.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_scale_bbox_and_masks` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70646, "scanner": "repobility-route-auth", "fingerprint": "a791b9d44433ea4ae3c263f05d57ad434a5eca4cb8a25c3f7d1b408222f05a03", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a791b9d44433ea4ae3c263f05d57ad434a5eca4cb8a25c3f7d1b408222f05a03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/triton_server_inference_test.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_run_tracking` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70645, "scanner": "repobility-route-auth", "fingerprint": "648fdfdb550d4dd8603ecc4983d5d7a5a2228ef91f6c3cbd6e72a432e2ddb483", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|648fdfdb550d4dd8603ecc4983d5d7a5a2228ef91f6c3cbd6e72a432e2ddb483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/object_tracking_test.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_extract_features_for_tracking_no_detections` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70644, "scanner": "repobility-route-auth", "fingerprint": "df4d9708fb66a9196691b6a882876fcd59f91dfe0a6cb0b392914bc11cd417f7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|df4d9708fb66a9196691b6a882876fcd59f91dfe0a6cb0b392914bc11cd417f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/object_tracking_test.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH (unknown path) has no auth: Handler `test_extract_features_for_tracking` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70643, "scanner": "repobility-route-auth", "fingerprint": "91a71686774cc759d403736acb1a2237668f81b6a818fe97b9c4ae47dedc1146", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|91a71686774cc759d403736acb1a2237668f81b6a818fe97b9c4ae47dedc1146"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/object_tracking_test.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH seaborn.heatmap has no auth: Handler `test_confusion_matrix_dataframe` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70642, "scanner": "repobility-route-auth", "fingerprint": "618407322a4599c4147e2c33cd94f94677c7e191acd7b83740ccc7b1fb7d0948", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|618407322a4599c4147e2c33cd94f94677c7e191acd7b83740ccc7b1fb7d0948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/fine_tuning/Pytorch_Image_Classifier/inference_utils_test.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH torch.load has no auth: Handler `test_feature_dim_and_freezing` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 70641, "scanner": "repobility-route-auth", "fingerprint": "e0b6e71c4151e930737571f60c0fbcd96176e535cc153b0cf787237582b51653", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e0b6e71c4151e930737571f60c0fbcd96176e535cc153b0cf787237582b51653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/fine_tuning/Pytorch_Image_Classifier/inference_utils_test.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_include_keypoints_in_data_augmentation: Test function `test_include_keypoints_in_data_augmentation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70626, "scanner": "repobility-ast-engine", "fingerprint": "eac663484f96b546acbf7580245b61ae59ee8bc443244ff3cdb91aec1897666d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eac663484f96b546acbf7580245b61ae59ee8bc443244ff3cdb91aec1897666d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/inputs_test.py"}, "region": {"startLine": 813}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_include_masks_in_data_augmentation: Test function `test_include_masks_in_data_augmentation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70625, "scanner": "repobility-ast-engine", "fingerprint": "c2d04eb65001188250995dec4b85afb071978bafa7737db6269b882881e257ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2d04eb65001188250995dec4b85afb071978bafa7737db6269b882881e257ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/inputs_test.py"}, "region": {"startLine": 782}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_apply_image_and_box_augmentation_with_scores: Test function `test_apply_image_and_box_augmentation_with_scores` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70624, "scanner": "repobility-ast-engine", "fingerprint": "f9e312002a0c7d41617ae63e47cbd0249df85d37284375b86e1147b9c6b37d00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9e312002a0c7d41617ae63e47cbd0249df85d37284375b86e1147b9c6b37d00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/inputs_test.py"}, "region": {"startLine": 747}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_apply_image_and_box_augmentation: Test function `test_apply_image_and_box_augmentation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70623, "scanner": "repobility-ast-engine", "fingerprint": "e90ad9c1f3919a4296c629d16a473eaae9b2f24ce7976f9bd621384b71295956", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e90ad9c1f3919a4296c629d16a473eaae9b2f24ce7976f9bd621384b71295956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/inputs_test.py"}, "region": {"startLine": 720}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_padded_image_result_dict: Test function `test_padded_image_result_dict` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70622, "scanner": "repobility-ast-engine", "fingerprint": "18b3c76f0feb8387c00e620f9bc8a91a04ede6dd7ce1521358d62446c98cdfd8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18b3c76f0feb8387c00e620f9bc8a91a04ede6dd7ce1521358d62446c98cdfd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/eval_util_test.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_get_evaluator_with_unmatched_label: Test function `test_get_evaluator_with_unmatched_label` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70621, "scanner": "repobility-ast-engine", "fingerprint": "205acfb844da50e77bd9ae0b7036762f795095602c31d2ed8e84964223d949d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|205acfb844da50e77bd9ae0b7036762f795095602c31d2ed8e84964223d949d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/eval_util_test.py"}, "region": {"startLine": 334}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_write_graph_and_checkpoint: Test function `test_write_graph_and_checkpoint` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70620, "scanner": "repobility-ast-engine", "fingerprint": "006199489a9a2c084a56909abf44efb5a31959c4928dcab336cef3c7ac1a62ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|006199489a9a2c084a56909abf44efb5a31959c4928dcab336cef3c7ac1a62ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 1007}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_checkpoint_and_run_inference: Test function `test_export_checkpoint_and_run_inference` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70619, "scanner": "repobility-ast-engine", "fingerprint": "75a136757156881559823cda8962f439657e183259f945c5b7acfd0221ab2667", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75a136757156881559823cda8962f439657e183259f945c5b7acfd0221ab2667"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 956}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_write_saved_model: Test function `test_write_saved_model` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70618, "scanner": "repobility-ast-engine", "fingerprint": "37733ddcabc00d5f8238384ebed4a8b8f35392538ae2326cd8805b03188d20f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37733ddcabc00d5f8238384ebed4a8b8f35392538ae2326cd8805b03188d20f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 875}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_saved_model_and_run_inference: Test function `test_export_saved_model_and_run_inference` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70617, "scanner": "repobility-ast-engine", "fingerprint": "95465bd1c3da4f65b1b3334c545717676e8613d6a79e685bbcf68b337b5e541f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95465bd1c3da4f65b1b3334c545717676e8613d6a79e685bbcf68b337b5e541f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 810}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_write_frozen_graph: Test function `test_write_frozen_graph` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70616, "scanner": "repobility-ast-engine", "fingerprint": "139507681004c23ee40e6cf71d6d432154ca17a1dc3e33907423fa90a14196e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|139507681004c23ee40e6cf71d6d432154ca17a1dc3e33907423fa90a14196e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 721}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_and_run_inference_with_tf_example: Test function `test_export_and_run_inference_with_tf_example` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70615, "scanner": "repobility-ast-engine", "fingerprint": "85e7cb8c7070cd78db8abeea2eeffed2908f1d148892bc2e1edb050e9e09d91f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85e7cb8c7070cd78db8abeea2eeffed2908f1d148892bc2e1edb050e9e09d91f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 674}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_raise_runtime_error_on_images_with_different_sizes: Test function `test_raise_runtime_error_on_images_with_different_sizes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70614, "scanner": "repobility-ast-engine", "fingerprint": "1f208039ccad52daf107d3bc60fe456bf1de1f26a3bba5798121a97b4402b770", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f208039ccad52daf107d3bc60fe456bf1de1f26a3bba5798121a97b4402b770"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 632}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_and_run_inference_with_encoded_image_string_tensor: Test function `test_export_and_run_inference_with_encoded_image_string_tensor` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70613, "scanner": "repobility-ast-engine", "fingerprint": "c9ad37358677de1bc0ccb3e40280adedfdeb10ffebddcaf58025d2a13286331c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9ad37358677de1bc0ccb3e40280adedfdeb10ffebddcaf58025d2a13286331c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 573}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_and_run_inference_with_image_tensor: Test function `test_export_and_run_inference_with_image_tensor` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70612, "scanner": "repobility-ast-engine", "fingerprint": "0f14987559631735b371ced2dfc9affc10c634eb547b9d1bba69a8baaeef1922", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f14987559631735b371ced2dfc9affc10c634eb547b9d1bba69a8baaeef1922"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_export_model_with_all_output_nodes: Test function `test_export_model_with_all_output_nodes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70611, "scanner": "repobility-ast-engine", "fingerprint": "8dff005784838c1b546115d4c828c9a879275533040795a444b0e0a258b5564b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dff005784838c1b546115d4c828c9a879275533040795a444b0e0a258b5564b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/exporter_tf1_test.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_evaluate_with_nested_summaries: Test function `test_evaluate_with_nested_summaries` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70608, "scanner": "repobility-ast-engine", "fingerprint": "ace4a03ccb2e09bb1afc6d13ee2791f0f955899d871293273c5c9a671adba3b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ace4a03ccb2e09bb1afc6d13ee2791f0f955899d871293273c5c9a671adba3b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 750}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_eval_and_checkpoint_interval: Test function `test_eval_and_checkpoint_interval` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70607, "scanner": "repobility-ast-engine", "fingerprint": "aa8d57902929c9940b6ce74b65873d56b4e253c47eae7f7fdf383427fe127b11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa8d57902929c9940b6ce74b65873d56b4e253c47eae7f7fdf383427fe127b11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 719}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_train_and_evaluate_reset_datasets: Test function `test_train_and_evaluate_reset_datasets` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70606, "scanner": "repobility-ast-engine", "fingerprint": "967ff6ee7d790819aaa7be22f09c153fd09c7c6e39f123fc5cf4d7be3b339d33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|967ff6ee7d790819aaa7be22f09c153fd09c7c6e39f123fc5cf4d7be3b339d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 693}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_evaluate_with_no_output: Test function `test_evaluate_with_no_output` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70605, "scanner": "repobility-ast-engine", "fingerprint": "f473d7ab62bb4f0d2e1abc9973b036ee5b3adde6345fb082e7a00588f2d8b480", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f473d7ab62bb4f0d2e1abc9973b036ee5b3adde6345fb082e7a00588f2d8b480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 685}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_evaluate_with_loss_output: Test function `test_evaluate_with_loss_output` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70604, "scanner": "repobility-ast-engine", "fingerprint": "1d4e92837adc4c7ae827072031fa86614f84384b0daa5de5c764f985595a07f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d4e92837adc4c7ae827072031fa86614f84384b0daa5de5c764f985595a07f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 664}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_train_and_evaluate_with_same_summary_dir: Test function `test_train_and_evaluate_with_same_summary_dir` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70603, "scanner": "repobility-ast-engine", "fingerprint": "70c0bf4b559cb0442e273e70875a680710250d0cf7df919bbe3223caedf270e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70c0bf4b559cb0442e273e70875a680710250d0cf7df919bbe3223caedf270e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 591}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_already_trained_model: Test function `test_already_trained_model` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70602, "scanner": "repobility-ast-engine", "fingerprint": "bc27259bea9ede9316446591eceb75bbcdd75ed24985225d8d4a3a192ec878ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc27259bea9ede9316446591eceb75bbcdd75ed24985225d8d4a3a192ec878ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 538}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_no_eval_steps: Test function `test_no_eval_steps` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70601, "scanner": "repobility-ast-engine", "fingerprint": "679d29e8eb79a3bed05aaeda5878605b8c018f4bace5f730c3cae2ec2a970399", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|679d29e8eb79a3bed05aaeda5878605b8c018f4bace5f730c3cae2ec2a970399"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 518}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_train_and_evaluate: Test function `test_train_and_evaluate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 70600, "scanner": "repobility-ast-engine", "fingerprint": "4804a2931aefd18a6b8588cff6cc98df762aa0840325c1161116013eb62d9d48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4804a2931aefd18a6b8588cff6cc98df762aa0840325c1161116013eb62d9d48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller_test.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.evaluate` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self.evaluate`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70599, "scanner": "repobility-ast-engine", "fingerprint": "c748f3927de9059a5fa4d7ad149b0c4408e992487a7e7db13ef1003395e3ed40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c748f3927de9059a5fa4d7ad149b0c4408e992487a7e7db13ef1003395e3ed40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 394}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self.train`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70598, "scanner": "repobility-ast-engine", "fingerprint": "26ac829a6012e209d3c07a9db0edeeb4414e59d4ca1edefeccf7089aed1be03a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26ac829a6012e209d3c07a9db0edeeb4414e59d4ca1edefeccf7089aed1be03a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 393}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._sync_on_async_checkpointing` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self._sync_on_async_checkpointing`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70597, "scanner": "repobility-ast-engine", "fingerprint": "b4caaeb9a54d3cc04822b036a362bcae88e225b3ef18ee97910515a8c847b7fa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4caaeb9a54d3cc04822b036a362bcae88e225b3ef18ee97910515a8c847b7fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self._maybe_save_checkpoint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70596, "scanner": "repobility-ast-engine", "fingerprint": "0b1ca7bc6982414d1014a457e4e756432ef64f672a4354d966458d72bf700f97", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b1ca7bc6982414d1014a457e4e756432ef64f672a4354d966458d72bf700f97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 396}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self._require`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70595, "scanner": "repobility-ast-engine", "fingerprint": "fe1339ffae8bea218ac91178627b1a0b7369bf1c18376a940c1b2910f7a8810d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe1339ffae8bea218ac91178627b1a0b7369bf1c18376a940c1b2910f7a8810d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require` used but never assigned in __init__: Method `train_and_evaluate` of class `Controller` reads `self._require`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70594, "scanner": "repobility-ast-engine", "fingerprint": "72311a03a5b2d179dab1b3e5f0f208437a501416ab17761a702bbc0c66610846", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72311a03a5b2d179dab1b3e5f0f208437a501416ab17761a702bbc0c66610846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require` used but never assigned in __init__: Method `evaluate` of class `Controller` reads `self._require`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70593, "scanner": "repobility-ast-engine", "fingerprint": "4968af59b46dab297de971e7f5faa1f0a8f5a26dbbbbe8390683947746c4c64d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4968af59b46dab297de971e7f5faa1f0a8f5a26dbbbbe8390683947746c4c64d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `train` of class `Controller` reads `self._maybe_save_checkpoint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70592, "scanner": "repobility-ast-engine", "fingerprint": "7a7b99c32f99934cc943297ee79a1edd0cc62247af6ca16421a9d155db85a7f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a7b99c32f99934cc943297ee79a1edd0cc62247af6ca16421a9d155db85a7f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `train` of class `Controller` reads `self._maybe_save_checkpoint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70591, "scanner": "repobility-ast-engine", "fingerprint": "3b9ad0d0c10cc383dcbe6c3f72f621298d74a107b520affd754fe9b02e8a9476", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b9ad0d0c10cc383dcbe6c3f72f621298d74a107b520affd754fe9b02e8a9476"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._train_n_steps` used but never assigned in __init__: Method `train` of class `Controller` reads `self._train_n_steps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70590, "scanner": "repobility-ast-engine", "fingerprint": "1614df4e5b2fb6bd67929b4d5064b330f128af263bdac9598774764d89c254aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1614df4e5b2fb6bd67929b4d5064b330f128af263bdac9598774764d89c254aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.steps_per_loop` used but never assigned in __init__: Method `train` of class `Controller` reads `self.steps_per_loop`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70589, "scanner": "repobility-ast-engine", "fingerprint": "7e417b5d7f9e8c1621049367ba9e8d8478ba4093f60b622597ba099f049dea9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e417b5d7f9e8c1621049367ba9e8d8478ba4093f60b622597ba099f049dea9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._sync_on_async_checkpointing` used but never assigned in __init__: Method `train` of class `Controller` reads `self._sync_on_async_checkpointing`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70588, "scanner": "repobility-ast-engine", "fingerprint": "034fb1ad00bd3d44e7f3344a612cdf3010d7911a2d4c411ed63f924c5777bbfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|034fb1ad00bd3d44e7f3344a612cdf3010d7911a2d4c411ed63f924c5777bbfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require` used but never assigned in __init__: Method `train` of class `Controller` reads `self._require`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70587, "scanner": "repobility-ast-engine", "fingerprint": "fd54b5073151fd82ab2681319eeff0f9a64a35e46d1c2cd72a6ea1cb8f890662", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd54b5073151fd82ab2681319eeff0f9a64a35e46d1c2cd72a6ea1cb8f890662"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/controller.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_reduce` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.eval_reduce`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70586, "scanner": "repobility-ast-engine", "fingerprint": "5e7e03737f1563b49fa31530f9fd096a8ee7ffdffb1a7e7678580cab7e143454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e7e03737f1563b49fa31530f9fd096a8ee7ffdffb1a7e7678580cab7e143454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 347}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_end` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.eval_end`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70585, "scanner": "repobility-ast-engine", "fingerprint": "afded89a261b94f459f13cca719cbd7c6a410d881417538b2437d1959b1a26db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afded89a261b94f459f13cca719cbd7c6a410d881417538b2437d1959b1a26db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_end` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.eval_end`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70584, "scanner": "repobility-ast-engine", "fingerprint": "8af2735e9ab9c05ffaa26b586855d4b1888103f85f161283baef107b8db05e43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8af2735e9ab9c05ffaa26b586855d4b1888103f85f161283baef107b8db05e43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 350}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_dataset` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.eval_dataset`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70583, "scanner": "repobility-ast-engine", "fingerprint": "35ef65423d9c228e76479395e0547b357a77aaa6034559fe8bb3fd95a29a0cb7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35ef65423d9c228e76479395e0547b357a77aaa6034559fe8bb3fd95a29a0cb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_eval_loop_fn` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.create_eval_loop_fn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70582, "scanner": "repobility-ast-engine", "fingerprint": "60cb2388ddcb9fe0bb8cb9058b5c43397bb9dc220e6de2e60572e0ec80bd48e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60cb2388ddcb9fe0bb8cb9058b5c43397bb9dc220e6de2e60572e0ec80bd48e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_begin` used but never assigned in __init__: Method `evaluate` of class `StandardEvaluator` reads `self.eval_begin`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70581, "scanner": "repobility-ast-engine", "fingerprint": "98a72abcdf6151d37230b764a8b9199d5861dfe95f2787cb8126616b07865363", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98a72abcdf6151d37230b764a8b9199d5861dfe95f2787cb8126616b07865363"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 328}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.eval_step` used but never assigned in __init__: Method `create_eval_loop_fn` of class `StandardEvaluator` reads `self.eval_step`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70580, "scanner": "repobility-ast-engine", "fingerprint": "29bf8b30cc7eec1d164c6d3fed44ee38e7c97773d08f368715c9f685b428bfc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29bf8b30cc7eec1d164c6d3fed44ee38e7c97773d08f368715c9f685b428bfc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_dataset` used but never assigned in __init__: Method `train` of class `StandardTrainer` reads `self.train_dataset`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70579, "scanner": "repobility-ast-engine", "fingerprint": "a6aa71f9a1db52579e050393cfdc2b38e1150015279751b8142b018a3290f605", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6aa71f9a1db52579e050393cfdc2b38e1150015279751b8142b018a3290f605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_train_loop_fn` used but never assigned in __init__: Method `train` of class `StandardTrainer` reads `self.create_train_loop_fn`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70578, "scanner": "repobility-ast-engine", "fingerprint": "67ff461c1dbac1387ac0489c6ca47695efa3c7d45a0b1584360ee59be9bf02f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|67ff461c1dbac1387ac0489c6ca47695efa3c7d45a0b1584360ee59be9bf02f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_loop_end` used but never assigned in __init__: Method `train` of class `StandardTrainer` reads `self.train_loop_end`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70577, "scanner": "repobility-ast-engine", "fingerprint": "9ffba749caa312cdbeaba93263ee5fea6fdfdd1d759e8548b7372b5820ffafce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ffba749caa312cdbeaba93263ee5fea6fdfdd1d759e8548b7372b5820ffafce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_loop_begin` used but never assigned in __init__: Method `train` of class `StandardTrainer` reads `self.train_loop_begin`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70576, "scanner": "repobility-ast-engine", "fingerprint": "f631e098594817be98a71fdec4881f9209005aa3847dec0dbaf3394efdb315c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f631e098594817be98a71fdec4881f9209005aa3847dec0dbaf3394efdb315c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.train_step` used but never assigned in __init__: Method `create_train_loop_fn` of class `StandardTrainer` reads `self.train_step`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 70575, "scanner": "repobility-ast-engine", "fingerprint": "768f5d597e9593036428aae8cd1c3c73c34d62b1e9231b5266939f855c739b87", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|768f5d597e9593036428aae8cd1c3c73c34d62b1e9231b5266939f855c739b87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "orbit/standard_runner.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 70571, "scanner": "repobility-docker", "fingerprint": "4788ff85b534ada2f8838e5cc1fd1081380b70729d106e2d67d5d687bdd64b27", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4788ff85b534ada2f8838e5cc1fd1081380b70729d106e2d67d5d687bdd64b27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2_ai_platform/Dockerfile"}, "region": {"startLine": 38}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 70566, "scanner": "repobility-docker", "fingerprint": "758977328d6c5bc5ca0ac25103cd152f4c93c84987fc84732450db741535dde4", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|758977328d6c5bc5ca0ac25103cd152f4c93c84987fc84732450db741535dde4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf2/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 70559, "scanner": "repobility-docker", "fingerprint": "4e76517149e85a85fa8356c160bd700491428b88a2305752dcffa756bdb57454", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4e76517149e85a85fa8356c160bd700491428b88a2305752dcffa756bdb57454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/dockerfiles/tf1/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 70508, "scanner": "repobility-threat-engine", "fingerprint": "8682e757fb06e45b65294fa4d7e6b953da85eeb8c28529e6cf2b53b4ec705792", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8682e757fb06e45b65294fa4d7e6b953da85eeb8c28529e6cf2b53b4ec705792"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/training/download_dataset.sh"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 70503, "scanner": "repobility-threat-engine", "fingerprint": "bfee90e5c7af6f7ffce7c566b47cfc52182ca0bc58b1faecfc8444f16071e766", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bfee90e5c7af6f7ffce7c566b47cfc52182ca0bc58b1faecfc8444f16071e766"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/datasets/sfm120k/dataset_download.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC080", "level": "error", "message": {"text": "[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0)."}, "properties": {"repobilityId": 70502, "scanner": "repobility-threat-engine", "fingerprint": "691f2eeff310dc442d9f30bd62d2ead04a6e966788c472f1a392b75fdef4c9c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tar.extractall(directory)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC080", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|691f2eeff310dc442d9f30bd62d2ead04a6e966788c472f1a392b75fdef4c9c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/deep_speech/data/download.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 70486, "scanner": "repobility-threat-engine", "fingerprint": "7fb69f53823d35c329292e5d4fcb85d14f06a04706831da9dd50c7f42c3fec33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7fb69f53823d35c329292e5d4fcb85d14f06a04706831da9dd50c7f42c3fec33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_pipeline/predictor.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 70485, "scanner": "repobility-threat-engine", "fingerprint": "4c66367d67ca7002a178d923fca2d09e8e0c1af4266b0f78a31fb47bbf4b69fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post('/predict')\nasync def predict(\n image: fastapi.UploadFile = fastapi.File(default=None)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c66367d67ca7002a178d923fca2d09e8e0c1af4266b0f78a31fb47bbf4b69fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_api/app.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 70479, "scanner": "repobility-threat-engine", "fingerprint": "44aca6dd3584b4ea7d175b136c66366437b896da42d52207493fb173db68cb32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44aca6dd3584b4ea7d175b136c66366437b896da42d52207493fb173db68cb32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/model_inference/download_and_unzip_models.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 70478, "scanner": "repobility-threat-engine", "fingerprint": "915f51538178bce8c20e34beb1bb138bf493cc74b18622fb422430ad6aefc855", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|915f51538178bce8c20e34beb1bb138bf493cc74b18622fb422430ad6aefc855"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/docker_solution/prediction_pipeline/gsutil_ops.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 70477, "scanner": "repobility-threat-engine", "fingerprint": "e59ddd8902993ee1dc1da86fcd135fa46190e888b22cdfdb70b07831f8a8f7aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e59ddd8902993ee1dc1da86fcd135fa46190e888b22cdfdb70b07831f8a8f7aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/utils.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 70464, "scanner": "repobility-threat-engine", "fingerprint": "d583fd76b862f12fb994241a2e0335ce7660b2b28dd6e12b7417cc3d12f5189a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d583fd76b862f12fb994241a2e0335ce7660b2b28dd6e12b7417cc3d12f5189a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/slim/datasets/dataset_utils.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 70463, "scanner": "repobility-threat-engine", "fingerprint": "7067add1efa48f57215ba053beba4e3ee8683a086b6139c60dc51fa5e0b99533", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fetch(input_reader_config.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7067add1efa48f57215ba053beba4e3ee8683a086b6139c60dc51fa5e0b99533"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/builders/dataset_builder.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 70462, "scanner": "repobility-threat-engine", "fingerprint": "9e3789254b032a7e2082d44e24472eea35b825d3476975cbe801597c1bfea724", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9e3789254b032a7e2082d44e24472eea35b825d3476975cbe801597c1bfea724"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/nhnet/raw_data_processor.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 70461, "scanner": "repobility-threat-engine", "fingerprint": "1911acd8c53c576808b169c4bcb7832752c071a536dc40a94b4654f7aceb5e3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1911acd8c53c576808b169c4bcb7832752c071a536dc40a94b4654f7aceb5e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/serving/export_savedmodel.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 70447, "scanner": "repobility-threat-engine", "fingerprint": "97753e066f087b03f56f1b04338a9adc4e29d8b443a5c20b4fe14295b813486c", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"model/transformer/layer_(\\d+?)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|168|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/training_utils.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 70441, "scanner": "repobility-threat-engine", "fingerprint": "ce9cec1dcbb7e8657d3c4573c061c5252573a34d508cb965be9aecedb75f3b3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce9cec1dcbb7e8657d3c4573c061c5252573a34d508cb965be9aecedb75f3b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/centernet/configs/centernet.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 70440, "scanner": "repobility-threat-engine", "fingerprint": "ea0545e9c7f62683251333fe921f62003af0e79a6128c15e1d46278075a7364f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea0545e9c7f62683251333fe921f62003af0e79a6128c15e1d46278075a7364f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/basnet/configs/basnet.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 70439, "scanner": "repobility-threat-engine", "fingerprint": "9c4fbdfe8c70c1ddd19256c5fa6bb06370fdce8fc03789c834169f558a1445e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9c4fbdfe8c70c1ddd19256c5fa6bb06370fdce8fc03789c834169f558a1445e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 70437, "scanner": "repobility-threat-engine", "fingerprint": "bf27c74767e4d71e8b318735bbb4485bad30161f5e0faf9c75caa7c8c6cd118d", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(FLAGS.model_dir, 'params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|211|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/superglue/run_superglue.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 70436, "scanner": "repobility-threat-engine", "fingerprint": "e3e606488e4594e9fba3c08d6be9a4a47c1a3e47f872a11c81a9da1c46e80432", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(FLAGS.model_dir, 'params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|275|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/glue/run_glue.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 70435, "scanner": "repobility-threat-engine", "fingerprint": "ff8b8133b1cae8fe077f5be041a8e256d9bbe1cda4fff92996ea2b2fe30bc781", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|177|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 70429, "scanner": "repobility-threat-engine", "fingerprint": "0b9951546fb98babc4b35286b9119bb5ae3fc29f12dd04079fa82221d617067a", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(FLAGS.model_dir, 'params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|211|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/superglue/run_superglue.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 70428, "scanner": "repobility-threat-engine", "fingerprint": "a3c42ee914981b3431281c954cb02eed802a8ff63f9d62d241b39312ed6847b0", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(FLAGS.model_dir, 'params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|275|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/finetuning/glue/run_glue.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 70427, "scanner": "repobility-threat-engine", "fingerprint": "dd0b6bb9b6803a76703b9ed9c907b70a87ea88371d635a6670557d74d3b2d013", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|177|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 70411, "scanner": "repobility-threat-engine", "fingerprint": "20ed16697052bebbd0321e19403f7864b23118e5c4269cbafe43ddcf30deee66", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "core_model.save(hub_destination, include_optimizer=False, save_format=\"tf\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|20ed16697052bebbd0321e19403f7864b23118e5c4269cbafe43ddcf30deee66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/bert/export_tfhub.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 70410, "scanner": "repobility-threat-engine", "fingerprint": "3e4d410329d2ea575ca47462bfdfbd8eec52e8b6b6e01150be4da7fd3325297c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tf.saved_model.save(\n export_module, export_dir, signatures=signatures, options=save_options)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e4d410329d2ea575ca47462bfdfbd8eec52e8b6b6e01150be4da7fd3325297c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/export_base.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 70409, "scanner": "repobility-threat-engine", "fingerprint": "31d36618454e0bdfc34209868cf2542a90955185838b09f1b0319d106a4a896e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self._checkpoint_manager.save(checkpoint_number=self._optimizer.iterations)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|31d36618454e0bdfc34209868cf2542a90955185838b09f1b0319d106a4a896e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/core/actions.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 70407, "scanner": "repobility-threat-engine", "fingerprint": "d2d5bffc6f6ecf92ba6b4be89a6f8f6a3e7118acee7c9d977070a8d3913ef7e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2d5bffc6f6ecf92ba6b4be89a6f8f6a3e7118acee7c9d977070a8d3913ef7e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/Deploy/detr_cloud_deployment/client/big_query_ops.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 70406, "scanner": "repobility-threat-engine", "fingerprint": "3b8d573ef9a8b5e0f4e8b4584b73a710fc499c2eebac70a9c5d006bb435f8781", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b8d573ef9a8b5e0f4e8b4584b73a710fc499c2eebac70a9c5d006bb435f8781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/detection/dataloader/input_reader.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 70405, "scanner": "repobility-threat-engine", "fingerprint": "35b471152de28409b4c33e3b3b629775600e78e2271ed15feb6bd255280438b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35b471152de28409b4c33e3b3b629775600e78e2271ed15feb6bd255280438b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/common/flags.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `get_distribution_strategy` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=16, nested_bonus=9."}, "properties": {"repobilityId": 70401, "scanner": "repobility-threat-engine", "fingerprint": "f1915ca681a442c02fb85f1ebdc6f9f6d16237d297ac8d16e9b1fee2d836de7f", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 26 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_distribution_strategy", "breakdown": {"if": 16, "else": 1, "nested_bonus": 9}, "complexity": 26, "correlation_key": "fp|f1915ca681a442c02fb85f1ebdc6f9f6d16237d297ac8d16e9b1fee2d836de7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/common/distribute_utils.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70639, "scanner": "repobility-ast-engine", "fingerprint": "8a4f9265830f6d7abc2ba3df06ada9df686aec126a42ada01783896bb2c32afe", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a4f9265830f6d7abc2ba3df06ada9df686aec126a42ada01783896bb2c32afe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/metrics/bleu.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70638, "scanner": "repobility-ast-engine", "fingerprint": "e56f15cb4b979208c80154a11148156423f5255d418b60d94d5a6709aef81a4d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e56f15cb4b979208c80154a11148156423f5255d418b60d94d5a6709aef81a4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/data/dual_encoder_dataloader.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70636, "scanner": "repobility-ast-engine", "fingerprint": "9d0d6404ebd6a3c0b85fa2674954957bf561aefb2cc11d09c56f7d9c379a1e7a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d0d6404ebd6a3c0b85fa2674954957bf561aefb2cc11d09c56f7d9c379a1e7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/efficient-hrl/utils/eval_utils.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `random` used but not imported: The file uses `random.something(...)` but never imports `random`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70635, "scanner": "repobility-ast-engine", "fingerprint": "e6ee9152a21a3e61fc7c993b82e5de3e84c7a6251b7e57a27b24e211f271f391", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6ee9152a21a3e61fc7c993b82e5de3e84c7a6251b7e57a27b24e211f271f391"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/efficient-hrl/environments/maze_env.py"}, "region": {"startLine": 431}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70630, "scanner": "repobility-ast-engine", "fingerprint": "5b02714404a31ea8e6497cf479564a5225859cca8ca826abad4fdbd676cfd036", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b02714404a31ea8e6497cf479564a5225859cca8ca826abad4fdbd676cfd036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/utils/dataset_util.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70629, "scanner": "repobility-ast-engine", "fingerprint": "c3f01530fcbe8fc9d9efcb1595c0925451f3c0234a35ddf4a5b38f061046e277", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3f01530fcbe8fc9d9efcb1595c0925451f3c0234a35ddf4a5b38f061046e277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/object_detection/core/target_assigner_test.py"}, "region": {"startLine": 1236}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `logging` used but not imported: The file uses `logging.something(...)` but never imports `logging`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 70627, "scanner": "repobility-ast-engine", "fingerprint": "b8f5b45c900ac43900fa8170cab2690230f40eaa319e5b288cc356c807f5c0fb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8f5b45c900ac43900fa8170cab2690230f40eaa319e5b288cc356c807f5c0fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/cognitive_planning/tasks.py"}, "region": {"startLine": 1346}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 70484, "scanner": "repobility-threat-engine", "fingerprint": "2f6112a6a0ca8484462fa21dcef91a4f51fe56c917ec7ae1c08e35dd8ecd8a30", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(moduleId", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2f6112a6a0ca8484462fa21dcef91a4f51fe56c917ec7ae1c08e35dd8ecd8a30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/projects/waste_identification_ml/circularnet-docs/themes/hugo-theme-techdoc/static/js/bundle.js"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 70460, "scanner": "repobility-threat-engine", "fingerprint": "333a6cf791bc65d5f72ec270caddd7c288c8bc5049ae5e005c39b5003752e992", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|333a6cf791bc65d5f72ec270caddd7c288c8bc5049ae5e005c39b5003752e992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/serving/export_savedmodel.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 70459, "scanner": "repobility-threat-engine", "fingerprint": "9ab2145edbaf6b82d20f23ea50702f301798d581e30bbf059762dd444733209e", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|123|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/serving/export_savedmodel.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 70458, "scanner": "repobility-threat-engine", "fingerprint": "6296bb8e43652591977545e117348b5bfcec5569ee9b5eb3e46b27ea2b856889", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(\n hyperparams.nested_csv_str_to_json_str(FLAGS.serving_params)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6296bb8e43652591977545e117348b5bfcec5569ee9b5eb3e46b27ea2b856889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/nlp/serving/export_savedmodel.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 70445, "scanner": "repobility-threat-engine", "fingerprint": "b0296722b57ea3b21d41f2009f7802bf5110dbdbe9f623d56f2377ea2ee9c54e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0296722b57ea3b21d41f2009f7802bf5110dbdbe9f623d56f2377ea2ee9c54e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/datasets/sfm120k/sfm120k.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 70444, "scanner": "repobility-threat-engine", "fingerprint": "b91638bac5b0bef45431a5d989c362222f963e4d099cc4511ac1665da96accb2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b91638bac5b0bef45431a5d989c362222f963e4d099cc4511ac1665da96accb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/data_preprocessing.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 70443, "scanner": "repobility-threat-engine", "fingerprint": "3f410adb115d679e59d78e8c293ae99363e9783c97e9266e2ed5a80838c94c26", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f410adb115d679e59d78e8c293ae99363e9783c97e9266e2ed5a80838c94c26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 70433, "scanner": "repobility-threat-engine", "fingerprint": "439221a17c327f9bd05bf96a77f7d727ba64d789f4a92836990f79527d646bf1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|439221a17c327f9bd05bf96a77f7d727ba64d789f4a92836990f79527d646bf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "research/delf/delf/python/datasets/sfm120k/sfm120k.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 70432, "scanner": "repobility-threat-engine", "fingerprint": "b90ac0fec7b5f5e70b4d58f8e20604e0baf5e8db8f4028d933ff073da898c945", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b90ac0fec7b5f5e70b4d58f8e20604e0baf5e8db8f4028d933ff073da898c945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/recommendation/data_preprocessing.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 70431, "scanner": "repobility-threat-engine", "fingerprint": "11586b126524152456a00cd1ac5b1fcfceb44208b4cc35f342311abf5ca1e271", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|11586b126524152456a00cd1ac5b1fcfceb44208b4cc35f342311abf5ca1e271"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "official/legacy/xlnet/run_squad.py"}, "region": {"startLine": 259}}}]}]}]}