{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check (and 28 more): Same pattern found in 28 additional files. Review if needed.", "shortDescription": {"text": "[MINED075] C Malloc No Check (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0151", "name": "jxl-grid: RUSTSEC-2026-0151", "shortDescription": {"text": "jxl-grid: RUSTSEC-2026-0151"}, "fullDescription": {"text": "Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0105", "name": "core2: RUSTSEC-2026-0105", "shortDescription": {"text": "core2: RUSTSEC-2026-0105"}, "fullDescription": {"text": "core2 is unmaintained, all versions yanked"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `andelf/nightly-release` pinned to mutable ref `@main`", "shortDescription": {"text": "Action `andelf/nightly-release` pinned to mutable ref `@main`"}, "fullDescription": {"text": "`uses: andelf/nightly-release@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/982"}, "properties": {"repository": "hanatos/vkdt", "repoUrl": "https://github.com/hanatos/vkdt", "branch": "master"}, "results": [{"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 92377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7cb71d74906166de3252cbc536ea7c4237cbdaa3688dada620f8b869afd1a79a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|7cb71d74906166de3252cbc536ea7c4237cbdaa3688dada620f8b869afd1a79a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gui/job_copy.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a3805d52e30f58fbf85c08ed6e85de0624a3ece5374ac749738b7864fa6c8a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/qvk/qvk.h", "duplicate_line": 1, "correlation_key": "fp|6a3805d52e30f58fbf85c08ed6e85de0624a3ece5374ac749738b7864fa6c8a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/qvk/qvk_util.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f74bd4abcb2363fa934b925bea3589271d69cdaa8da04f661f2e057eeaca595d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/qvk/qvk.h", "duplicate_line": 1, "correlation_key": "fp|f74bd4abcb2363fa934b925bea3589271d69cdaa8da04f661f2e057eeaca595d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/qvk/qvk_util.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f31232d9035eab99be572d125090b1f4fe6174353996476081aeed5abfc81f3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/guided/main.c", "duplicate_line": 13, "correlation_key": "fp|f31232d9035eab99be572d125090b1f4fe6174353996476081aeed5abfc81f3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/zones/main.c"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87613ad9041b6871139a894ba254ec1b8349746aa3e1110b6f27582fcc5a1b53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/contrast/main.c", "duplicate_line": 1, "correlation_key": "fp|87613ad9041b6871139a894ba254ec1b8349746aa3e1110b6f27582fcc5a1b53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/zones/main.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1b9f019a48572c2a070e29c1d0909541f63c0d10c033b3cf0531d8cef5c9a46", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/i-hdr/main.c", "duplicate_line": 34, "correlation_key": "fp|c1b9f019a48572c2a070e29c1d0909541f63c0d10c033b3cf0531d8cef5c9a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/rt/main.c"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5888c54e018d73a39ac349a268405fde12b9b2f830fc39e766f7abdca147777", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/const/main.c", "duplicate_line": 11, "correlation_key": "fp|a5888c54e018d73a39ac349a268405fde12b9b2f830fc39e766f7abdca147777"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/rt/main.c"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92401, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27bc28210cafc460c11d18a831c19c7d1520b3abf19b883fca02b0ca16e71026", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_nldr.h", "duplicate_line": 286, "correlation_key": "fp|27bc28210cafc460c11d18a831c19c7d1520b3abf19b883fca02b0ca16e71026"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_nldrs.h"}, "region": {"startLine": 277}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6f11b563dd8eb5f693929ea60a415e274b6d9b63533ec6fcfd1de88834cbc1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/jddcnn/denox_nbyrc.h", "duplicate_line": 30, "correlation_key": "fp|b6f11b563dd8eb5f693929ea60a415e274b6d9b63533ec6fcfd1de88834cbc1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_nldrs.h"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5170f1dc9f686a684a30166c338368259a5149a3ae22ec736ccdcdc371bbb2d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/jddcnn/denox_nbyrc.h", "duplicate_line": 327, "correlation_key": "fp|5170f1dc9f686a684a30166c338368259a5149a3ae22ec736ccdcdc371bbb2d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_nldr.h"}, "region": {"startLine": 290}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "883745e853f9383bcb8ca7f1baa3121ca3f34a957624ed16d6bffbb80a5f291f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/jddcnn/denox_nxtrc.h", "duplicate_line": 37, "correlation_key": "fp|883745e853f9383bcb8ca7f1baa3121ca3f34a957624ed16d6bffbb80a5f291f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_nldr.h"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8932b3d74e2e20cb0ec19206b33a3ffd43ef9a45cf3b3682c5c3e0b8d7bdc81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_gldrs.h", "duplicate_line": 25, "correlation_key": "fp|b8932b3d74e2e20cb0ec19206b33a3ffd43ef9a45cf3b3682c5c3e0b8d7bdc81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_nldr.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "449050ef97ef94ae96e3b6158d151ea3af44820b94bfb5835da7d7bf40faeff7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_gldr.h", "duplicate_line": 397, "correlation_key": "fp|449050ef97ef94ae96e3b6158d151ea3af44820b94bfb5835da7d7bf40faeff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_ildrs.h"}, "region": {"startLine": 336}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7250a189ca3dfb2e3daefee1af8a6c8b7ecd8fc7c93d61d5187e223d536d158", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_ildr.h", "duplicate_line": 25, "correlation_key": "fp|c7250a189ca3dfb2e3daefee1af8a6c8b7ecd8fc7c93d61d5187e223d536d158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_ildrs.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92394, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9558ba3b9b6138d9f25b7928ff4f219f45f125ecb5f42edf05a3dd9bb9a0dd14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_gldr.h", "duplicate_line": 64, "correlation_key": "fp|9558ba3b9b6138d9f25b7928ff4f219f45f125ecb5f42edf05a3dd9bb9a0dd14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_gldrs.h"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92393, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f367c4078b8cdf7d6f47774975b65b0f1c019cec80e7bc624dc9bbd61219ebaa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/oidn/denox_aldr.h", "duplicate_line": 25, "correlation_key": "fp|f367c4078b8cdf7d6f47774975b65b0f1c019cec80e7bc624dc9bbd61219ebaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/oidn/denox_aldrs.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92392, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35bd82d7ebfa3231cac381026859d0dcbebf1b7c9d107581bb22b7a90be229c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/i-jpg/main.c", "duplicate_line": 15, "correlation_key": "fp|35bd82d7ebfa3231cac381026859d0dcbebf1b7c9d107581bb22b7a90be229c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/o-jpg/main.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92391, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9fee2135e1e2c17ffde45c41e40ffe151ce889b56123aaa475e8d850727e4d73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/i-mlv/liblj92/lj92.h", "duplicate_line": 3, "correlation_key": "fp|9fee2135e1e2c17ffde45c41e40ffe151ce889b56123aaa475e8d850727e4d73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/o-bc1/stb_dxt.h"}, "region": {"startLine": 450}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92390, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd965f63cf4fecb978e82f1342d0262a60400c607b3834c202d8feab3592a016", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/kpn-t/main.c", "duplicate_line": 127, "correlation_key": "fp|cd965f63cf4fecb978e82f1342d0262a60400c607b3834c202d8feab3592a016"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/kpn/main.c"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92389, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5fad6e351b84c65dac7ec488ed40dd41196edabafca287731b8bb44a67a7a544", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/dmlp-t/main.c", "duplicate_line": 18, "correlation_key": "fp|5fad6e351b84c65dac7ec488ed40dd41196edabafca287731b8bb44a67a7a544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/kpn-t/main.c"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92388, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2c2597b04a361752ec1e9b952328c21e2785ea8b2ff5e889692201aab01a4fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/demosaic/main.c", "duplicate_line": 20, "correlation_key": "fp|b2c2597b04a361752ec1e9b952328c21e2785ea8b2ff5e889692201aab01a4fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/jddcnn/main.c"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77aa3737375afef64a97f238723f88eeda28594ae91cfb2e6250d30d0e1d42c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/jddcnn/denox_nbyrc.h", "duplicate_line": 323, "correlation_key": "fp|77aa3737375afef64a97f238723f88eeda28594ae91cfb2e6250d30d0e1d42c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/jddcnn/denox_nxtrc.h"}, "region": {"startLine": 321}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "804fb1b359b54ca0b1d83673f1a8cceed6cbc5d75c152b3da159c6ccb4baea42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/jddcnn/denox_gbyrc.h", "duplicate_line": 25, "correlation_key": "fp|804fb1b359b54ca0b1d83673f1a8cceed6cbc5d75c152b3da159c6ccb4baea42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/jddcnn/denox_gxtrc.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a3070ada5e6b5d2dee617d25d7e840d6b467ff1f52919ee00a2286dd060083d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/i-hdr/main.c", "duplicate_line": 10, "correlation_key": "fp|1a3070ada5e6b5d2dee617d25d7e840d6b467ff1f52919ee00a2286dd060083d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/i-pfm/main.c"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b456f0f6d77f0f9d98f9b523d6610071746c693509c7b84908eeacdff85198b5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/ca/main.c", "duplicate_line": 46, "correlation_key": "fp|b456f0f6d77f0f9d98f9b523d6610071746c693509c7b84908eeacdff85198b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/hilite/main.c"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c13c5e6378dd165a396818281a5039232c91ba339ab71f6eae24bb34ef6f6be6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/contrast/main.c", "duplicate_line": 1, "correlation_key": "fp|c13c5e6378dd165a396818281a5039232c91ba339ab71f6eae24bb34ef6f6be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/guided/main.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "391dddeaf9c119d513537ad5a589a3fff0c0faa2ccf2c3cafb12b08f787c07aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/g-ocean/main.c", "duplicate_line": 8, "correlation_key": "fp|391dddeaf9c119d513537ad5a589a3fff0c0faa2ccf2c3cafb12b08f787c07aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/g-wobble/main.c"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2550ec0ee8014c8b20905833d5f67d803a0d01373c8ba1440166c8376b95fd4c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/contrast/main.c", "duplicate_line": 4, "correlation_key": "fp|2550ec0ee8014c8b20905833d5f67d803a0d01373c8ba1440166c8376b95fd4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/filmsim/main.c"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df3598658b40fb3d9857f33056fee8f76ad1c13d1d0bd6540b250714756b10b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/OpenDRT/main.c", "duplicate_line": 8, "correlation_key": "fp|df3598658b40fb3d9857f33056fee8f76ad1c13d1d0bd6540b250714756b10b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/filmcurv/main.c"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a5d539b2718a208c789cda1057b9df8f2e18f27773bded2874c3fa63d6da82b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/contrast/main.c", "duplicate_line": 1, "correlation_key": "fp|4a5d539b2718a208c789cda1057b9df8f2e18f27773bded2874c3fa63d6da82b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/dehaze/main.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71cc7ceb9916052ebfb8c31abae3a09bd67fe46ad7a3ae6e2d9da42380ac7235", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/pipe/modules/contrast/main.c", "duplicate_line": 4, "correlation_key": "fp|71cc7ceb9916052ebfb8c31abae3a09bd67fe46ad7a3ae6e2d9da42380ac7235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/curves/main.c"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 92376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "63b835e8dda622448467cf64eb6b39cd67d1e5980bfa540ac022fd8265ed4e22", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|63b835e8dda622448467cf64eb6b39cd67d1e5980bfa540ac022fd8265ed4e22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gui/job_copy.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 92375, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 92429, "scanner": "repobility-threat-engine", "fingerprint": "ec96c4e4abe49ad874e9cf54bbf1c9be9ce89bda51bcc32833ed47bbb5262787", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec96c4e4abe49ad874e9cf54bbf1c9be9ce89bda51bcc32833ed47bbb5262787"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/filmsim/mklut-profiles.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 92428, "scanner": "repobility-threat-engine", "fingerprint": "5a16723f569d30c5d61afcc7b8f7626382496e8291cea36df32099d8059f57e6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5a16723f569d30c5d61afcc7b8f7626382496e8291cea36df32099d8059f57e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/graph.h"}, "region": {"startLine": 184}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 92427, "scanner": "repobility-threat-engine", "fingerprint": "22b8744a0f04158e0f9012dd00143f313e5e3562a484113a22af2a96d84de978", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(dt_token_t t)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|src/pipe/graph.h|18|print dt_token_t t"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/graph.h"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 92424, "scanner": "repobility-threat-engine", "fingerprint": "6efd081c5a264054253ede250fa32f855c7896e18546430cd15f8e176d6d5df7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6efd081c5a264054253ede250fa32f855c7896e18546430cd15f8e176d6d5df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/rt/quat.h"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 92423, "scanner": "repobility-threat-engine", "fingerprint": "bde02e931c9efb0eaf33f5279de3159fefe112a00c93d0e968b7a63a7753dc29", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bde02e931c9efb0eaf33f5279de3159fefe112a00c93d0e968b7a63a7753dc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/sig.h"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 92422, "scanner": "repobility-threat-engine", "fingerprint": "3e2a86e7cca4f24f8e9f9a8ab92e4d795a6a4490f58ed2e78b43f06b4bc0b4ba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e2a86e7cca4f24f8e9f9a8ab92e4d795a6a4490f58ed2e78b43f06b4bc0b4ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/gaussian_elimination.h"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 92421, "scanner": "repobility-threat-engine", "fingerprint": "ebc6daf924ab2043f210cfa29291211e3abde11f32172c6bccca079b80d010eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ebc6daf924ab2043f210cfa29291211e3abde11f32172c6bccca079b80d010eb", "aggregated_count": 28}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 92420, "scanner": "repobility-threat-engine", "fingerprint": "74e6251b8ee816a3120767f9efb14dc0246565381b3f6dc95986cf9d2a19ad84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74e6251b8ee816a3120767f9efb14dc0246565381b3f6dc95986cf9d2a19ad84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/threads.c"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 92419, "scanner": "repobility-threat-engine", "fingerprint": "d58d8885be3f793a33cdc9a8844989acc3eea780bd348c5272d95f9cf5a5a2a3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d58d8885be3f793a33cdc9a8844989acc3eea780bd348c5272d95f9cf5a5a2a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/inpaint.h"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 92418, "scanner": "repobility-threat-engine", "fingerprint": "8ffd021f97251594706119b08993701682d870d24b07b402668a8382f8a524a2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ffd021f97251594706119b08993701682d870d24b07b402668a8382f8a524a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/core.h"}, "region": {"startLine": 32}}}]}, {"ruleId": "RUSTSEC-2026-0151", "level": "error", "message": {"text": "jxl-grid: RUSTSEC-2026-0151"}, "properties": {"repobilityId": 92432, "scanner": "osv-scanner", "fingerprint": "7258161344978b7769a8a21da2aedac9fc1de8931a8e6b1b7e4fb745afe1ba29", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["GHSA-5pmv-rx8r-wmv5"], "package": "jxl-grid", "rule_id": "RUSTSEC-2026-0151", "scanner": "osv-scanner", "correlation_key": "vuln|jxl-grid|GHSA-5PMV-RX8R-WMV5|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/i-raw/rawloader-c/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0105", "level": "error", "message": {"text": "core2: RUSTSEC-2026-0105"}, "properties": {"repobilityId": 92431, "scanner": "osv-scanner", "fingerprint": "e1d06af8051686df1c4aacacdb471d6ad7d76723d98550c00bc4c790e075b0f4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "core2", "rule_id": "RUSTSEC-2026-0105", "scanner": "osv-scanner", "correlation_key": "fp|e1d06af8051686df1c4aacacdb471d6ad7d76723d98550c00bc4c790e075b0f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/i-raw/rawloader-c/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 92430, "scanner": "repobility-threat-engine", "fingerprint": "0a35af9d251d62c6d789bf839cad5844c3ae82c744c78104c1f63f49d3ac9e91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a35af9d251d62c6d789bf839cad5844c3ae82c744c78104c1f63f49d3ac9e91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pipe/modules/i-raw/rawloader-c/lib.rs"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `andelf/nightly-release` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 92417, "scanner": "repobility-supply-chain", "fingerprint": "420d56c1140c89b789bad0fdd3db2779f5edd3d5138ed887deeba5e44d59aeaf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|420d56c1140c89b789bad0fdd3db2779f5edd3d5138ed887deeba5e44d59aeaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 451}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92416, "scanner": "repobility-supply-chain", "fingerprint": "2fdc419af47e58fb7a4aeb54843b7eec998aef4442076212390f3d84a87e2a63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2fdc419af47e58fb7a4aeb54843b7eec998aef4442076212390f3d84a87e2a63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92415, "scanner": "repobility-supply-chain", "fingerprint": "47fe65ad421925573c79809f39b701be99f4c9c05409c8dc44f7daa9c3d93755", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47fe65ad421925573c79809f39b701be99f4c9c05409c8dc44f7daa9c3d93755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92414, "scanner": "repobility-supply-chain", "fingerprint": "33cb8013283ae6e86afcefd755f7f05f6aedee9fcbadc6f23a4809bca4bba3ce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33cb8013283ae6e86afcefd755f7f05f6aedee9fcbadc6f23a4809bca4bba3ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92413, "scanner": "repobility-supply-chain", "fingerprint": "324685c450d8191d9a6e44e1daafc260fb9bfa67c992bd104da8ccbd661194ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|324685c450d8191d9a6e44e1daafc260fb9bfa67c992bd104da8ccbd661194ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92412, "scanner": "repobility-supply-chain", "fingerprint": "49c1ca94e5b163839c798ef78a2a0e218094ef98476334adce7665b170fb344d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49c1ca94e5b163839c798ef78a2a0e218094ef98476334adce7665b170fb344d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `msys2/setup-msys2` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 92411, "scanner": "repobility-supply-chain", "fingerprint": "bfb83096dd5b3c8c59bd46e8564c4cf787468e6f779583f9e2502ef0ca0b0d5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfb83096dd5b3c8c59bd46e8564c4cf787468e6f779583f9e2502ef0ca0b0d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92410, "scanner": "repobility-supply-chain", "fingerprint": "127f032d181c3b03479ed1c657379a1b0fd438a6b7938ca1e87236c270b24363", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|127f032d181c3b03479ed1c657379a1b0fd438a6b7938ca1e87236c270b24363"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92409, "scanner": "repobility-supply-chain", "fingerprint": "5d336893d4d01f4440b423fc323375d99b17a0356c22de081c1d1952a9ccb7bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d336893d4d01f4440b423fc323375d99b17a0356c22de081c1d1952a9ccb7bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `humbletim/install-vulkan-sdk` pinned to mutable ref `@v1.2`"}, "properties": {"repobilityId": 92408, "scanner": "repobility-supply-chain", "fingerprint": "030b059b6f99576fb775becbd07c3f1cb638a2dacec4fb699e701119301e2705", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|030b059b6f99576fb775becbd07c3f1cb638a2dacec4fb699e701119301e2705"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 92426, "scanner": "repobility-threat-engine", "fingerprint": "42ce73f91871c260104b9de2df8e0606bdb0b2e92c7c66213da24c23f83fae6e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42ce73f91871c260104b9de2df8e0606bdb0b2e92c7c66213da24c23f83fae6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gui/widget_filteredlist.h"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 92425, "scanner": "repobility-threat-engine", "fingerprint": "54ea440193f20b962d6fc27e263ae5fe3f0351f1016ff723ab6f5b88bd5615fa", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54ea440193f20b962d6fc27e263ae5fe3f0351f1016ff723ab6f5b88bd5615fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gui/widget_filebrowser.h"}, "region": {"startLine": 80}}}]}]}]}