{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `remove_tags` has cognitive complexity 23 (SonarSource scale). Cognitive c", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `remove_tags` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion a"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 23."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3956", "name": "stdlib: GO-2025-3956", "shortDescription": {"text": "stdlib: GO-2025-3956"}, "fullDescription": {"text": "Unexpected paths returned from LookPath in os/exec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3849", "name": "stdlib: GO-2025-3849", "shortDescription": {"text": "stdlib: GO-2025-3849"}, "fullDescription": {"text": "Incorrect results returned from Rows.Scan in database/sql"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5024", "name": "golang.org/x/sys: GO-2026-5024", "shortDescription": {"text": "golang.org/x/sys: GO-2026-5024"}, "fullDescription": {"text": "Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5030", "name": "golang.org/x/net: GO-2026-5030", "shortDescription": {"text": "golang.org/x/net: GO-2026-5030"}, "fullDescription": {"text": "Invoking duplicate attributes can cause XSS in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5029", "name": "golang.org/x/net: GO-2026-5029", "shortDescription": {"text": "golang.org/x/net: GO-2026-5029"}, "fullDescription": {"text": "Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5028", "name": "golang.org/x/net: GO-2026-5028", "shortDescription": {"text": "golang.org/x/net: GO-2026-5028"}, "fullDescription": {"text": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5027", "name": "golang.org/x/net: GO-2026-5027", "shortDescription": {"text": "golang.org/x/net: GO-2026-5027"}, "fullDescription": {"text": "Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5026", "name": "golang.org/x/net: GO-2026-5026", "shortDescription": {"text": "golang.org/x/net: GO-2026-5026"}, "fullDescription": {"text": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5025", "name": "golang.org/x/net: GO-2026-5025", "shortDescription": {"text": "golang.org/x/net: GO-2026-5025"}, "fullDescription": {"text": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.", "shortDescription": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC021", "name": "[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can ec", "shortDescription": {"text": "[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak."}, "fullDescription": {"text": "Disable xtrace before reading secrets, re-enable it only after secret handling, and rotate any secret exposed in logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `hack/kueue-vm-quotas/__pycache__/update-kueue-vm-quotas.cpython-313.pyc` committed in source repo", "shortDescription": {"text": "Binary file `hack/kueue-vm-quotas/__pycache__/update-kueue-vm-quotas.cpython-313.pyc` committed in source repo"}, "fullDescription": {"text": "`hack/kueue-vm-quotas/__pycache__/update-kueue-vm-quotas.cpython-313.pyc` is a .pyc binary (18,981 bytes) committed to a repo that otherwise has 88 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED117", "name": "Workflow declares `permissions: write-all`", "shortDescription": {"text": "Workflow declares `permissions: write-all`"}, "fullDescription": {"text": "The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.end_headers` used but never assigned in __init__", "shortDescription": {"text": "`self.end_headers` used but never assigned in __init__"}, "fullDescription": {"text": "Method `handle_redirect_from_github` of class `Handler` reads `self.end_headers`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_all_mutations", "shortDescription": {"text": "Phantom test coverage: test_all_mutations"}, "fullDescription": {"text": "Test function `test_all_mutations` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "kubernetes-secret-yaml", "name": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments", "shortDescription": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `platform` used but not imported", "shortDescription": {"text": "Missing import: `platform` used but not imported"}, "fullDescription": {"text": "The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1007"}, "properties": {"repository": "redhat-appstudio/infra-deployments", "repoUrl": "https://github.com/redhat-appstudio/infra-deployments", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 94472, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 94471, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 94406, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 94394, "scanner": "repobility-threat-engine", "fingerprint": "beb99279efb7f4332b3941f11ad64e9796c49ceba448175042e5f0d6df8cf24d", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(f, markdown)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|beb99279efb7f4332b3941f11ad64e9796c49ceba448175042e5f0d6df8cf24d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/env-detector/main.go"}, "region": {"startLine": 368}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 94383, "scanner": "repobility-threat-engine", "fingerprint": "eb8c4bb3b00f1917dc082cc2af595929dad2a0b3a2ffa3498f91a1c3ad0f7549", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD=\"<redacted>\"", "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|3|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/secret-creator/quality-dashboard/create-quality-dashboard-secrets.sh"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 94382, "scanner": "repobility-threat-engine", "fingerprint": "f67b5d39636eabe1c9af86252c90f7046558aeb38fb23fdae2cf55659a500bae", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (4.1 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password=\"<redacted> rand -base64 20)\"", "reason": "Low entropy value (4.1 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|password redacted rand -base64 20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/secret-creator/create-plnsvc-secrets.sh"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 94381, "scanner": "repobility-threat-engine", "fingerprint": "ed7db1d33967137707cc1463df0fe6dfe2219375db3ce08b3ea1e7919ff20edf", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.6 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password=\"<redacted> \"", "reason": "Low entropy value (2.6 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|7|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/konflux-operator/ci/openshift-overlay-e2e/ci-common.sh"}, "region": {"startLine": 79}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `remove_tags` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=2, for=2, if=6, nested_bonus=11."}, "properties": {"repobilityId": 94378, "scanner": "repobility-threat-engine", "fingerprint": "13825f5af45f023bf984912a1f6da38597de020520bd2c42619cccaf8ba8e4b4", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "remove_tags", "breakdown": {"if": 6, "for": 2, "elif": 1, "else": 2, "continue": 1, "nested_bonus": 11}, "complexity": 23, "correlation_key": "fp|13825f5af45f023bf984912a1f6da38597de020520bd2c42619cccaf8ba8e4b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/image-controller/production/stone-prd-rh01/resources/image_pruner/prune_images.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94349, "scanner": "repobility-ast-engine", "fingerprint": "5f558ae7d66fe24044437516395c12fb342c168f1ec0eab52208b53ceace099f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f558ae7d66fe24044437516395c12fb342c168f1ec0eab52208b53ceace099f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94331, "scanner": "repobility-ast-engine", "fingerprint": "a0a16c3a6ec24e6e87a09cc62f64b48bd393d123dcbb0f3f63e24165cd2e6907", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0a16c3a6ec24e6e87a09cc62f64b48bd393d123dcbb0f3f63e24165cd2e6907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1626}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 94470, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 94469, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 94468, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 94467, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 94397, "scanner": "repobility-threat-engine", "fingerprint": "fdeb49fa147d7c90a97cada745a5e8c4e14457f0aabe5566be519a47eaa9cfab", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.RemoveAll(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fdeb49fa147d7c90a97cada745a5e8c4e14457f0aabe5566be519a47eaa9cfab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/git/git.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 94396, "scanner": "repobility-threat-engine", "fingerprint": "ad1f61949db1b0fe7cff0367045bc81b5ce98b97782f21b3188a49588f5eef94", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = f.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ad1f61949db1b0fe7cff0367045bc81b5ce98b97782f21b3188a49588f5eef94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/render-diff/ci.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 94395, "scanner": "repobility-threat-engine", "fingerprint": "60fa9de7fca8659d815143af2d8284a78a8686867b15fc52dd1cdb8243df1c56", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = f.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|60fa9de7fca8659d815143af2d8284a78a8686867b15fc52dd1cdb8243df1c56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/env-detector/main.go"}, "region": {"startLine": 217}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `remove_leftover_tags` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=3, nested_bonus=6."}, "properties": {"repobilityId": 94380, "scanner": "repobility-threat-engine", "fingerprint": "531d93e9d9aa0221fed52655acded9ff8cb267dc838cdf414ebdfb2fef2f05c8", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "remove_leftover_tags", "breakdown": {"if": 3, "for": 1, "else": 1, "nested_bonus": 6}, "complexity": 11, "correlation_key": "fp|531d93e9d9aa0221fed52655acded9ff8cb267dc838cdf414ebdfb2fef2f05c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/image-controller/production/stone-prd-rh01/resources/image_pruner/prune_images.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_quay_tags` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, else=1, if=4, nested_bonus=4, while=1."}, "properties": {"repobilityId": 94379, "scanner": "repobility-threat-engine", "fingerprint": "051269041d5b86e8360eea161b98cc77426bfebc01330206bb96cd735a9f91e4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_quay_tags", "breakdown": {"if": 4, "else": 1, "break": 2, "while": 1, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|051269041d5b86e8360eea161b98cc77426bfebc01330206bb96cd735a9f91e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/image-controller/production/stone-prd-rh01/resources/image_pruner/prune_images.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94320, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f7c136f85fc6429a94ccd10bbbcaa36caf85103d4857acf3eca89664158d2126", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "infra-tools/cmd/env-detector/main.go", "duplicate_line": 162, "correlation_key": "fp|f7c136f85fc6429a94ccd10bbbcaa36caf85103d4857acf3eca89664158d2126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/logging/logging.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 94403, "scanner": "repobility-threat-engine", "fingerprint": "2170ae44e113d02d77e254f5057fcc847c0234e03b2135216255577f5a8ae15f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2170ae44e113d02d77e254f5057fcc847c0234e03b2135216255577f5a8ae15f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/deptree/resolve.go"}, "region": {"startLine": 354}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 94398, "scanner": "repobility-threat-engine", "fingerprint": "ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 94393, "scanner": "repobility-threat-engine", "fingerprint": "fcf286a56c9b7bbfc780627a1a28988dbbacf71aa351f16138de683ada9d3401", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fcf286a56c9b7bbfc780627a1a28988dbbacf71aa351f16138de683ada9d3401", "aggregated_count": 1}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 94392, "scanner": "repobility-threat-engine", "fingerprint": "641c9b2947a0c7b2d33abb0f9f95fc24748c63c306cc013197d2c3aaa6a41489", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|641c9b2947a0c7b2d33abb0f9f95fc24748c63c306cc013197d2c3aaa6a41489"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/render-diff/main.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 94391, "scanner": "repobility-threat-engine", "fingerprint": "054c95a0853518fe4a9ac52e63f5ad0009ec1a26a21934b82dea850310995d84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|054c95a0853518fe4a9ac52e63f5ad0009ec1a26a21934b82dea850310995d84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/env-detector/main.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 94390, "scanner": "repobility-threat-engine", "fingerprint": "537aac2345656d9222896c28e71583859c4b448cc715920713a2b5c9fc56dfaf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|537aac2345656d9222896c28e71583859c4b448cc715920713a2b5c9fc56dfaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/changelog-generator/main.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 94388, "scanner": "repobility-threat-engine", "fingerprint": "43d3e39eb26e70c1a3659da440492cdcd9e974b02b5d83b3024f1d38cbcec5ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|43d3e39eb26e70c1a3659da440492cdcd9e974b02b5d83b3024f1d38cbcec5ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 94386, "scanner": "repobility-threat-engine", "fingerprint": "adc753dec76cafef9df3870fd1f1b65fe0e1075d784f81b8a1717eeb4a78bec0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|adc753dec76cafef9df3870fd1f1b65fe0e1075d784f81b8a1717eeb4a78bec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/hac/installHac.sh"}, "region": {"startLine": 64}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 94466, "scanner": "osv-scanner", "fingerprint": "10f3f4b87f285cf9a56a8d781b1e647e40f360c2c14f59b9d2234e748a09884b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 94465, "scanner": "osv-scanner", "fingerprint": "f582cd031164d791ee21c3a76425dfca1d6f7b7d7d179474e406cef18dffb276", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 94464, "scanner": "osv-scanner", "fingerprint": "9a028b37e7f1e5cfe36b1e3e396cd8dcf05d3168d256bb1a072049f19877910b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 94463, "scanner": "osv-scanner", "fingerprint": "807221fa4222f9bd999934e8ff63fd0aa65232e9b11ab6c4797307660ebb5b8d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 94462, "scanner": "osv-scanner", "fingerprint": "cdbaa2bc45e703fdeb43086a3fba9ff69450453e5243845f3251204e0984e917", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 94461, "scanner": "osv-scanner", "fingerprint": "d15172bd9820822999827b52d571d0051cc54a29beacdecc76d0723711554e47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 94460, "scanner": "osv-scanner", "fingerprint": "006523900c9ac22e92b985f0448506a6fee614c9b5ae1775c0fb06c456c5c43b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 94459, "scanner": "osv-scanner", "fingerprint": "3c82add3c2331d983c89fea2e0ee0b0884233eac60b1ecda9464f3c1790796a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 94458, "scanner": "osv-scanner", "fingerprint": "6b928f68c52ed18ef935afa69d6e623e9b8f3559f28237e91cb55172821ae742", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 94457, "scanner": "osv-scanner", "fingerprint": "163a24a519e05026c1ee10440ef5ac69460f6dc87b772bbe578cca70d41c2c8b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 94456, "scanner": "osv-scanner", "fingerprint": "ad05b7fc5e24e5df0a476ad73c4592895a99a3aa85a051364df1cf3db471ec6f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 94455, "scanner": "osv-scanner", "fingerprint": "afd34e5d2586bd063e1d875d9762f190e11aab8b8e260390ee9cde14a3be2295", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 94454, "scanner": "osv-scanner", "fingerprint": "b9a9d7fe638d5b95827115399020fcbed7251b388e0575a038fedc3a85718e31", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 94453, "scanner": "osv-scanner", "fingerprint": "dae4bec418b2b1f78335d1a1de3eca050161fca06d2b81761c5ecbc331057d65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 94452, "scanner": "osv-scanner", "fingerprint": "9e79bc11f9bc7f0efbdbff98e30e5466041e7a0e388364226844e39f920a074c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 94451, "scanner": "osv-scanner", "fingerprint": "c094dfd7254b77b32a9008c76a17ca520140eb4eb8ca67f8a2b8c55cd90f8a59", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 94450, "scanner": "osv-scanner", "fingerprint": "04fa0614cac24b3133c7777f70377dd074540a80e6c0f1ff701e630636cb80f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 94449, "scanner": "osv-scanner", "fingerprint": "22da85d0536104e99e6ecd642064ab040a9c17be40ad306d856d95e9b31e418c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 94448, "scanner": "osv-scanner", "fingerprint": "d96a75273ee50a38be0af8fc7acc39b4e2c77ccc3f7faf94add206c6dc224c69", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 94447, "scanner": "osv-scanner", "fingerprint": "0be4f71a16cc2d4f98a505575279695a66780d7905f4389a7f3afe2a65deaaa9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 94446, "scanner": "osv-scanner", "fingerprint": "e727873a0dbe884339b739b2b5aabbc6b39828ec15aa02fa946025d041def00a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 94445, "scanner": "osv-scanner", "fingerprint": "590c00634426f6cc8fd35ce4062e546481380b6f60fd4f00f6aceb03b82411a5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 94444, "scanner": "osv-scanner", "fingerprint": "9195e4f4c5d47021e33d0e099ff5ef19aeaffa30e706787c855a56620e5048f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 94443, "scanner": "osv-scanner", "fingerprint": "d5bd617c696043ee195267d2596abbdad856107d5cde08a7bf8cba1bec880fcb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 94442, "scanner": "osv-scanner", "fingerprint": "4a0c62cfd05a33a39b694dacc19f2d0dbe4cf293d45c4d8ea1a3f5797ed7872b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 94441, "scanner": "osv-scanner", "fingerprint": "19e927903401b5dddc9a65323af462175258fba85eb77635091b0fc4544bff8c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 94440, "scanner": "osv-scanner", "fingerprint": "79f6742dd2832d19065bb99603e325c84befadd1f60a9d72c2e55d30bc2820de", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 94439, "scanner": "osv-scanner", "fingerprint": "cab02311ee3891dc59bfd2a655c1a7b021c7a1ba9977050b4105a0325bdfdff1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 94438, "scanner": "osv-scanner", "fingerprint": "5e9932bd19fa149ffa00aef9a323fde99e30bdee53f65b6df307c8f61d251b7c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 94437, "scanner": "osv-scanner", "fingerprint": "d4c595470432355448c9d2181b1d1263931d51384b0682f6a8b8e636c03c287c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 94436, "scanner": "osv-scanner", "fingerprint": "839a69c45ea1309ee6988ae53d6f419abff2d9ee4a1391a3f7b219ca0e682a2c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 94435, "scanner": "osv-scanner", "fingerprint": "1de71ccf68a3cd8690d0f25cd7d2e339cd28f3d6451a38ebef6dd991c9bc2112", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 94434, "scanner": "osv-scanner", "fingerprint": "96138f1e70c5a76aed991062324c21e8bc67979f40d39f2b7e20925564cd4b49", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 94433, "scanner": "osv-scanner", "fingerprint": "ec62dce4ab02be102bb0d231625719b76f49cc5291ff22a1ba2e06bad7a57180", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 94432, "scanner": "osv-scanner", "fingerprint": "16cfb371114f7b8c1c417bf6f0f6a4af45d4737bf8bdbe60d49b657f0ecce2eb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 94431, "scanner": "osv-scanner", "fingerprint": "b9a73c0adb3c6b6c400f04015d86b213e9c97d80644248523883859a5fa2cda2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3956", "level": "error", "message": {"text": "stdlib: GO-2025-3956"}, "properties": {"repobilityId": 94430, "scanner": "osv-scanner", "fingerprint": "fd416bbd2f620b3b7c654ce50c855f54dadba35dff678faaa97102de4269f442", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47906", "CVE-2025-47906"], "package": "stdlib", "rule_id": "GO-2025-3956", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47906|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3849", "level": "error", "message": {"text": "stdlib: GO-2025-3849"}, "properties": {"repobilityId": 94429, "scanner": "osv-scanner", "fingerprint": "17073bc2cd274c888b778877fbc01062b4b7454385a06ea2e270c98f6f5a5e19", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47907", "CVE-2025-47907"], "package": "stdlib", "rule_id": "GO-2025-3849", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47907|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5024", "level": "error", "message": {"text": "golang.org/x/sys: GO-2026-5024"}, "properties": {"repobilityId": 94428, "scanner": "osv-scanner", "fingerprint": "4f09e2f2003848d5fe900251e385075468d1f43adfb03b84af63ff4dc78f8fc3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39824"], "package": "golang.org/x/sys", "rule_id": "GO-2026-5024", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/sys|CVE-2026-39824|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5030", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5030"}, "properties": {"repobilityId": 94427, "scanner": "osv-scanner", "fingerprint": "f69354f373cc36507b8a66caccb881e7134df90262ba2c6a87f99045ac17ee22", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27136"], "package": "golang.org/x/net", "rule_id": "GO-2026-5030", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-27136|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5029", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5029"}, "properties": {"repobilityId": 94426, "scanner": "osv-scanner", "fingerprint": "3d37a0d4230427789d61c5c6d6a273eb3a6103be5f94b2961b51b813b59e1a97", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25681"], "package": "golang.org/x/net", "rule_id": "GO-2026-5029", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25681|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5028", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5028"}, "properties": {"repobilityId": 94425, "scanner": "osv-scanner", "fingerprint": "ad7d170503e0fe6fcec5281628cb88c5a8fc1687a94b9986a0a8f4da5201552a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25680"], "package": "golang.org/x/net", "rule_id": "GO-2026-5028", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-25680|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5027", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5027"}, "properties": {"repobilityId": 94424, "scanner": "osv-scanner", "fingerprint": "5d0bfeb7a4d23b5395a0185fa91b78a644578e0f6a5027080f8bb77a419053e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42502"], "package": "golang.org/x/net", "rule_id": "GO-2026-5027", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42502|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5026", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5026"}, "properties": {"repobilityId": 94423, "scanner": "osv-scanner", "fingerprint": "af4ce4ea2c65879c38bebe964e5c404a0a4901fc91599934aeac17a0f391d411", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39821"], "package": "golang.org/x/net", "rule_id": "GO-2026-5026", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-39821|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5025", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-5025"}, "properties": {"repobilityId": 94422, "scanner": "osv-scanner", "fingerprint": "f850c32517a30dc5b9806e5137b538dd3cd77d318230a3e68cbc8e0bf58cf84e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42506"], "package": "golang.org/x/net", "rule_id": "GO-2026-5025", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-42506|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "golang.org/x/net: GO-2026-4918"}, "properties": {"repobilityId": 94421, "scanner": "osv-scanner", "fingerprint": "c8b474dc078763e617d34b29e77881d8856d361fb45ee43d630d8d422cffb116", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "golang.org/x/net", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/net|CVE-2026-33814|infra-tools/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 94405, "scanner": "repobility-threat-engine", "fingerprint": "e41cc54d70d31ae5c289b4cc89be478b7934580a36339f436a1fc7c00949ae15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e41cc54d70d31ae5c289b4cc89be478b7934580a36339f436a1fc7c00949ae15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/github/labels.go"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 94404, "scanner": "repobility-threat-engine", "fingerprint": "369bda229f8da0126189ffcde42890314ccc9b5788d6e1407a9f180a42102145", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|369bda229f8da0126189ffcde42890314ccc9b5788d6e1407a9f180a42102145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/github/comments.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 94402, "scanner": "repobility-threat-engine", "fingerprint": "de90884c6b9ce63e705f128ffc291f7681a289b5235bc13fc7fdb029196ccd38", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de90884c6b9ce63e705f128ffc291f7681a289b5235bc13fc7fdb029196ccd38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/git/git.go"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 94401, "scanner": "repobility-threat-engine", "fingerprint": "753edcd8d87b5f69f7e62af14cb859d243a5815c6d2e12caa04c40ddbfd58cab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.Command(toolName,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|753edcd8d87b5f69f7e62af14cb859d243a5815c6d2e12caa04c40ddbfd58cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/render-diff/files.go"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94400, "scanner": "repobility-threat-engine", "fingerprint": "3473ee5d66f70ab81eb9723323b02de4e109c1edba77bbc5fe0e1e64a87c6d8f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3473ee5d66f70ab81eb9723323b02de4e109c1edba77bbc5fe0e1e64a87c6d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/internal/deptree/resolve.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94399, "scanner": "repobility-threat-engine", "fingerprint": "f2b57fc101b1116fa6765dbcf53539973c80490f3e4ba8e2d5e444cc8ca546a8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(\n\t\to", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2b57fc101b1116fa6765dbcf53539973c80490f3e4ba8e2d5e444cc8ca546a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "infra-tools/cmd/render-diff/ci.go"}, "region": {"startLine": 124}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 94389, "scanner": "repobility-threat-engine", "fingerprint": "fbfd4356862102dab024e9a4ea6957c7a60bb131f84d9f8d20cba67c4c31477c", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|22|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/quickcluster/setup-nfs-quickcluster.sh"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 94387, "scanner": "repobility-threat-engine", "fingerprint": "f7378c3c89348b5dba9dd0244de6d5fe3c78f69240b42e9afbe78dd23bde4433", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f7378c3c89348b5dba9dd0244de6d5fe3c78f69240b42e9afbe78dd23bde4433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC021", "level": "error", "message": {"text": "[SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak."}, "properties": {"repobilityId": 94385, "scanner": "repobility-threat-engine", "fingerprint": "e4e3793faed7c20e38bda08acf24a20747f334102c858333105e11234cfdd6ae", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "set -x\n\nuser=\"konflux-builder\"\n\n# Check if user already exists\nif ! id \"$user\" &>/dev/null; then", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC021", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|set -x user konflux-builder # check if user already exists if id user /dev/null then", "duplicate_count": 1, "duplicate_rule_ids": ["SEC021"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["1657b40571aabf6b08e77f9b3a26c852e56cfea4fda50c7afca4c38bee5c01c8", "e4e3793faed7c20e38bda08acf24a20747f334102c858333105e11234cfdd6ae"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/multi-platform-controller/base/host-config-chart/files/macos-mac2metal-arm64-init.sh"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 94377, "scanner": "repobility-threat-engine", "fingerprint": "dc2f1475bd07c389568d8240ad873feaadab3e11cbf849af7055f4f740fba091", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|43|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/image-controller/production/stone-prd-rh01/resources/image_pruner/prune_images.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `hack/kueue-vm-quotas/__pycache__/update-kueue-vm-quotas.cpython-313.pyc` committed in source repo"}, "properties": {"repobilityId": 94376, "scanner": "repobility-supply-chain", "fingerprint": "dc188344d52af32aa86a7d59065039f4348bf78552a9d7c831167663e43097bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc188344d52af32aa86a7d59065039f4348bf78552a9d7c831167663e43097bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/kueue-vm-quotas/__pycache__/update-kueue-vm-quotas.cpython-313.pyc"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "Workflow declares `permissions: write-all`"}, "properties": {"repobilityId": 94375, "scanner": "repobility-supply-chain", "fingerprint": "46d3dcd5804a2311e3f9320f3d47411b93ae34aae031da0c8aab3109ea780c0b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|46d3dcd5804a2311e3f9320f3d47411b93ae34aae031da0c8aab3109ea780c0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/kube-linter.yaml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94374, "scanner": "repobility-supply-chain", "fingerprint": "69378b3c312355a3febf2b21e8b317c71a8cf4fac9a161f3d862de8f0971bbab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69378b3c312355a3febf2b21e8b317c71a8cf4fac9a161f3d862de8f0971bbab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verify-pipelines-configs.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 94373, "scanner": "repobility-supply-chain", "fingerprint": "21a2286b99a8f2017c737e8d3bdf50818d9d0ade6bf7dc9575e68d3fc1f77ede", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|21a2286b99a8f2017c737e8d3bdf50818d9d0ade6bf7dc9575e68d3fc1f77ede"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate-banner.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `multani/action-setup-kustomize` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 94372, "scanner": "repobility-supply-chain", "fingerprint": "58828042f77dafed05820081f5f6661e9735145a8e846e819bfbb00908e397ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|58828042f77dafed05820081f5f6661e9735145a8e846e819bfbb00908e397ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/enforce-ring-deployment.yaml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94371, "scanner": "repobility-supply-chain", "fingerprint": "4f13b8fa5a5ba718004190ec3f6d01a83cf5313266f372bcca24d67df3593a01", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f13b8fa5a5ba718004190ec3f6d01a83cf5313266f372bcca24d67df3593a01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/enforce-ring-deployment.yaml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94370, "scanner": "repobility-supply-chain", "fingerprint": "51d634d1b9645d4d22ff9ff901f1630cddf31194c871ca0ff1a7189420b695b8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51d634d1b9645d4d22ff9ff901f1630cddf31194c871ca0ff1a7189420b695b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/enforce-ring-deployment.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `multani/action-setup-kustomize` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 94369, "scanner": "repobility-supply-chain", "fingerprint": "6441a92497248ae83ac233da88a7f4ecc5784f1fd535816e2f857a9b98a4db2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6441a92497248ae83ac233da88a7f4ecc5784f1fd535816e2f857a9b98a4db2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/forbid-clusterpolicies.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94368, "scanner": "repobility-supply-chain", "fingerprint": "d949b2bd0703ef4f0907724303e010b8c757c1a5962cd7b076726e1dbe6cef27", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d949b2bd0703ef4f0907724303e010b8c757c1a5962cd7b076726e1dbe6cef27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/forbid-clusterpolicies.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94367, "scanner": "repobility-supply-chain", "fingerprint": "1ca75b3c3a5eb3a0b5e2aa9fd26ae6e7a9aaf2f51a476c7602b6de6e449b45b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1ca75b3c3a5eb3a0b5e2aa9fd26ae6e7a9aaf2f51a476c7602b6de6e449b45b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verify-kueue-queue-configs.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94366, "scanner": "repobility-supply-chain", "fingerprint": "5ebd9e40035a704cb738875829d5753f0347489683e88cdf088229d57c5e278a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ebd9e40035a704cb738875829d5753f0347489683e88cdf088229d57c5e278a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verify-kueue-queue-configs.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94365, "scanner": "repobility-supply-chain", "fingerprint": "0d3d73f8c0309e57a0da168d0da4f9b7c18880e666b5ca980e4a41a961300331", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d3d73f8c0309e57a0da168d0da4f9b7c18880e666b5ca980e4a41a961300331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94364, "scanner": "repobility-supply-chain", "fingerprint": "e2edd995319bf9c9bf9c2ed80e4bc9e69dd5dc271bd9336f4f716040fd0a5129", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2edd995319bf9c9bf9c2ed80e4bc9e69dd5dc271bd9336f4f716040fd0a5129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94363, "scanner": "repobility-supply-chain", "fingerprint": "dbcc81d3ccdb273c62bc5e4b4c5a2290bdd901cd2e86cff9cfa6b50fa08d8407", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dbcc81d3ccdb273c62bc5e4b4c5a2290bdd901cd2e86cff9cfa6b50fa08d8407"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94362, "scanner": "repobility-supply-chain", "fingerprint": "f570b7f80ec503ccf787dbd4c92da7b97ce96c6ac61afb2bc4c0c2fd08af5f76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f570b7f80ec503ccf787dbd4c92da7b97ce96c6ac61afb2bc4c0c2fd08af5f76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94361, "scanner": "repobility-supply-chain", "fingerprint": "8883726cb32864a7ff4b863eb51184c251aa8ff81e3e2e89cec2c7ec1e660ada", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8883726cb32864a7ff4b863eb51184c251aa8ff81e3e2e89cec2c7ec1e660ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94360, "scanner": "repobility-supply-chain", "fingerprint": "edb23fe60d04371d89e4d79551ea02bd7b60d08e1e5aca51a47fbf1758578414", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edb23fe60d04371d89e4d79551ea02bd7b60d08e1e5aca51a47fbf1758578414"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codecov.yaml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94359, "scanner": "repobility-supply-chain", "fingerprint": "c98fac5dd864eb6600ceb4969720a90847ef2aed98f032ae03b80f39161606fe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c98fac5dd864eb6600ceb4969720a90847ef2aed98f032ae03b80f39161606fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/yamllint.yaml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94358, "scanner": "repobility-supply-chain", "fingerprint": "65e5486c1bceb13d0969fa2cdf9763876af8a2fbbd069004a2040c889db2f3c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65e5486c1bceb13d0969fa2cdf9763876af8a2fbbd069004a2040c889db2f3c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/operator-changelog.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94357, "scanner": "repobility-supply-chain", "fingerprint": "a11ad23ac8d28d0bd598aab9c7414d835ad9ca603b3aa9f9c2b72e75df71a6a6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a11ad23ac8d28d0bd598aab9c7414d835ad9ca603b3aa9f9c2b72e75df71a6a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/operator-changelog.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94356, "scanner": "repobility-supply-chain", "fingerprint": "4be0e366340777e0bc52acb34d604bfeff27d28e1b4dfa9a9e630bf3eacbf4c0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4be0e366340777e0bc52acb34d604bfeff27d28e1b4dfa9a9e630bf3eacbf4c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-tekton-kueue-config.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94355, "scanner": "repobility-supply-chain", "fingerprint": "edb49af25d9622e6d11895b278ac982f54682ba1bd8cbf7ba43afe046d2b8bd5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edb49af25d9622e6d11895b278ac982f54682ba1bd8cbf7ba43afe046d2b8bd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-tekton-kueue-config.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `kyverno/action-install-cli` pinned to mutable ref `@v0.2.0`"}, "properties": {"repobilityId": 94354, "scanner": "repobility-supply-chain", "fingerprint": "c08e83501720e75735ac90c7e2eb1f102485cd33fc4194f1cc2b00ca0f3c73f6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c08e83501720e75735ac90c7e2eb1f102485cd33fc4194f1cc2b00ca0f3c73f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/kyverno-policies-tests.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94353, "scanner": "repobility-supply-chain", "fingerprint": "d64aafd8307af436438809ac50da5056a027c7eff0398d9aac61c2c0aabd339c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d64aafd8307af436438809ac50da5056a027c7eff0398d9aac61c2c0aabd339c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/kyverno-policies-tests.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94352, "scanner": "repobility-supply-chain", "fingerprint": "fd2ff0a337420bd846905fd940d7b5ffdce2cf0a2ebc2c2c14f22a754f959148", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd2ff0a337420bd846905fd940d7b5ffdce2cf0a2ebc2c2c14f22a754f959148"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-render-diff.yaml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94351, "scanner": "repobility-supply-chain", "fingerprint": "7b8404fa8fe028bb87adf484362c8292459dbf0d2c89617604942dd2a0ef280c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b8404fa8fe028bb87adf484362c8292459dbf0d2c89617604942dd2a0ef280c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-render-diff.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 94350, "scanner": "repobility-supply-chain", "fingerprint": "88733ab2eec55c41d3cbc07a37448610c48fe74727deec7697b6f9a99cc9aee1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|88733ab2eec55c41d3cbc07a37448610c48fe74727deec7697b6f9a99cc9aee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-render-diff.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 94348, "scanner": "repobility-ast-engine", "fingerprint": "73394934e119706341dd9d6fd86ec863fafc9505763157a0c20c381bb8808b57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73394934e119706341dd9d6fd86ec863fafc9505763157a0c20c381bb8808b57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 94347, "scanner": "repobility-ast-engine", "fingerprint": "40b9a7f52fd089f1a3612423f348fa80fa4a8b993162ea90c2dc9632e5e71b5d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40b9a7f52fd089f1a3612423f348fa80fa4a8b993162ea90c2dc9632e5e71b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 94346, "scanner": "repobility-ast-engine", "fingerprint": "3b8a11bf413089d401472d8e20febe1ddc8b119e1529417c4431c4c28cd2ce72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b8a11bf413089d401472d8e20febe1ddc8b119e1529417c4431c4c28cd2ce72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.manifest` used but never assigned in __init__"}, "properties": {"repobilityId": 94345, "scanner": "repobility-ast-engine", "fingerprint": "eaeacc729b05844bf3a7f1d0e552d30e043ec9ce4a2aa2b78dfc9d658e16f284", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eaeacc729b05844bf3a7f1d0e552d30e043ec9ce4a2aa2b78dfc9d658e16f284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 94344, "scanner": "repobility-ast-engine", "fingerprint": "a714a6d051ef302ae278a969c8dd735ad8c496638be11ae043580c1dcc9a6f49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a714a6d051ef302ae278a969c8dd735ad8c496638be11ae043580c1dcc9a6f49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.organization` used but never assigned in __init__"}, "properties": {"repobilityId": 94343, "scanner": "repobility-ast-engine", "fingerprint": "433773e5394f2f993fb55e21f4bfb8b9b76c21654ee5e2e1511c7d2f6c2fbac2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|433773e5394f2f993fb55e21f4bfb8b9b76c21654ee5e2e1511c7d2f6c2fbac2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 94342, "scanner": "repobility-ast-engine", "fingerprint": "585a26e1233882919f9e1566585dbd988a6941fca2b114ab61bb6997ae8d457a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|585a26e1233882919f9e1566585dbd988a6941fca2b114ab61bb6997ae8d457a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 94341, "scanner": "repobility-ast-engine", "fingerprint": "f6d21700e062a380626fabe4ac5c1cee7b62caf409999fbc00e66867e426f66d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6d21700e062a380626fabe4ac5c1cee7b62caf409999fbc00e66867e426f66d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 94340, "scanner": "repobility-ast-engine", "fingerprint": "c4f1f1615b8312e7ace5c31cdf6a03a10e56f9202b7f9d37886724a9bd2822c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4f1f1615b8312e7ace5c31cdf6a03a10e56f9202b7f9d37886724a9bd2822c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 94339, "scanner": "repobility-ast-engine", "fingerprint": "3e748732afa5482da86dcb34515326669f082c5e34ada5cc9ab313367a16504d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e748732afa5482da86dcb34515326669f082c5e34ada5cc9ab313367a16504d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.handle_redirect_from_github` used but never assigned in __init__"}, "properties": {"repobilityId": 94338, "scanner": "repobility-ast-engine", "fingerprint": "5949c4d4dee4c9635673d6a17dfdc4caf734dd6b5358c8b411079862f2da095e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5949c4d4dee4c9635673d6a17dfdc4caf734dd6b5358c8b411079862f2da095e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 94337, "scanner": "repobility-ast-engine", "fingerprint": "233a02a93aaaa0f23f853617136ce172a6a9f1d08f0d07377393e7849c30b527", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|233a02a93aaaa0f23f853617136ce172a6a9f1d08f0d07377393e7849c30b527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 94336, "scanner": "repobility-ast-engine", "fingerprint": "f3b69625b3342f783d53fa4a04d11d62ee8b45ff0f0c7f8072baf808d2b8c9c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3b69625b3342f783d53fa4a04d11d62ee8b45ff0f0c7f8072baf808d2b8c9c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 94335, "scanner": "repobility-ast-engine", "fingerprint": "c4d2c5cdc5a607a4724d2b86a8e578283b6b9401837004b1d443dff7fd1910e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4d2c5cdc5a607a4724d2b86a8e578283b6b9401837004b1d443dff7fd1910e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 94334, "scanner": "repobility-ast-engine", "fingerprint": "29b44160773d9018f33593c8500d322441360787b62aa28e9a318f6682c7e744", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29b44160773d9018f33593c8500d322441360787b62aa28e9a318f6682c7e744"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.handle_redirect_to_github` used but never assigned in __init__"}, "properties": {"repobilityId": 94333, "scanner": "repobility-ast-engine", "fingerprint": "e44dd2d858f5967370b63303f2f03684cc0958c1099112d12291d9bead53e3c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e44dd2d858f5967370b63303f2f03684cc0958c1099112d12291d9bead53e3c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/tasks/github/github-app-flow.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.validate_mutation_result` used but never assigned in __init__"}, "properties": {"repobilityId": 94330, "scanner": "repobility-ast-engine", "fingerprint": "522b41b6eed9db2b9037de673466dd94ff26a78304ee80e75c57e6875d8567c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|522b41b6eed9db2b9037de673466dd94ff26a78304ee80e75c57e6875d8567c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1608}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertDictEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 94329, "scanner": "repobility-ast-engine", "fingerprint": "1bb83a63afda41781d8b0d1aec39ff45677337ffb6d19ef6054994d1aff7fdb8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bb83a63afda41781d8b0d1aec39ff45677337ffb6d19ef6054994d1aff7fdb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1599}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertDictEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 94328, "scanner": "repobility-ast-engine", "fingerprint": "736c09a3cf27e343b74a79a24cc073a610f64b540e632dddc8d2500346d59d97", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|736c09a3cf27e343b74a79a24cc073a610f64b540e632dddc8d2500346d59d97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1589}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.run_mutation_test` used but never assigned in __init__"}, "properties": {"repobilityId": 94327, "scanner": "repobility-ast-engine", "fingerprint": "fe01fe66fd0966f90708236af280c0525f3549eb51e21c3aac6848b99bcbb29d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe01fe66fd0966f90708236af280c0525f3549eb51e21c3aac6848b99bcbb29d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1574}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.processed_configs` used but never assigned in __init__"}, "properties": {"repobilityId": 94326, "scanner": "repobility-ast-engine", "fingerprint": "904c44a9aa3ac4a757685a77c59cecd5c2626ad8e7582daaad6d328d7ea8e605", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|904c44a9aa3ac4a757685a77c59cecd5c2626ad8e7582daaad6d328d7ea8e605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1571}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.subTest` used but never assigned in __init__"}, "properties": {"repobilityId": 94325, "scanner": "repobility-ast-engine", "fingerprint": "3b3cdbe9587e5fca14f87d9cc606ab7e952e25422fbe8128a74a2b844458c736", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b3cdbe9587e5fca14f87d9cc606ab7e952e25422fbe8128a74a2b844458c736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1568}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fail` used but never assigned in __init__"}, "properties": {"repobilityId": 94324, "scanner": "repobility-ast-engine", "fingerprint": "cce426ee42bbba99988b23533f530f5e8250537e873115410236562f3ecb724c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cce426ee42bbba99988b23533f530f5e8250537e873115410236562f3ecb724c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1562}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fail` used but never assigned in __init__"}, "properties": {"repobilityId": 94323, "scanner": "repobility-ast-engine", "fingerprint": "0eaf469e40ef725fc354e3a12d31a0614a7977f553cde7db7fd031dd3cfe725d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0eaf469e40ef725fc354e3a12d31a0614a7977f553cde7db7fd031dd3cfe725d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1556}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.processed_configs` used but never assigned in __init__"}, "properties": {"repobilityId": 94322, "scanner": "repobility-ast-engine", "fingerprint": "6b1b5d049273aea610547d4b94a5439df9a3412a3464262350c98cf12d3833ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b1b5d049273aea610547d4b94a5439df9a3412a3464262350c98cf12d3833ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1515}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_all_mutations"}, "properties": {"repobilityId": 94321, "scanner": "repobility-ast-engine", "fingerprint": "3d33aec26fe1bc402ca759aabfafb903cd3b992c2da9a5cac6a892d308b61b24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d33aec26fe1bc402ca759aabfafb903cd3b992c2da9a5cac6a892d308b61b24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/test-tekton-kueue-config.py"}, "region": {"startLine": 1605}}}]}, {"ruleId": "kubernetes-secret-yaml", "level": "error", "message": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "properties": {"repobilityId": 94420, "scanner": "gitleaks", "fingerprint": "5bf6def6059ab46f2583fcf97b902cba395e571f09c8cf6f839a7d967ce2c84f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "data:\n  REDACTED # notasecret\nkind: Secret", "rule_id": "kubernetes-secret-yaml", "scanner": "gitleaks", "detector": "kubernetes-secret-yaml", "correlation_key": "secret|token|99|data: redacted # notasecret kind: secret"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/templates/kubearchive/kubearchive.yaml"}, "region": {"startLine": 991}}}]}, {"ruleId": "kubernetes-secret-yaml", "level": "error", "message": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "properties": {"repobilityId": 94419, "scanner": "gitleaks", "fingerprint": "df9c8c480371d77f475388fbb7c73d5130779c549c1e378eb2878b69ec98fe9a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "data:\n  DATABASE_DB: a3ViZWFyY2hpdmU= # notsecret\n  DATABASE_KIND: cG9zdGdyZXNxbA== # notsecret\n  REDACTED # notsecret\n  DATABASE_PORT: NTQzMg== # notsecret\n  DATABASE_URL: a3ViZWFyY2hpdmUtcncucG9zdGdyZXNxbC5zdmMuY2x1c3Rlci5sb2NhbA== # notsecret\n  DATABASE_USER: a3ViZWFyY2hpdmU= # notsecret\nkind: Se", "rule_id": "kubernetes-secret-yaml", "scanner": "gitleaks", "detector": "kubernetes-secret-yaml", "correlation_key": "secret|token|96|data: database_db: a3vizwfyy2hpdmu # notsecret database_kind: cg9zdgdyzxnxba # notsecret redacted # notsecret database_p"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/templates/kubearchive/kubearchive.yaml"}, "region": {"startLine": 970}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94418, "scanner": "gitleaks", "fingerprint": "e7541802fd8ef2cd36f878e04f56da077bab5d24577d1e0243ca351053fff9bd", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "DATABASE_PASSWORD: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|97|database_password: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/new-cluster/templates/kubearchive/kubearchive.yaml"}, "region": {"startLine": 973}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94417, "scanner": "gitleaks", "fingerprint": "0e2fce268e4c61bda24004ad464603f8b897d71164a52a8978db5ae9e322ad80", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|172|tekton-results-api:redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/kflux-fedora-01/deploy.yaml"}, "region": {"startLine": 1730}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94416, "scanner": "gitleaks", "fingerprint": "ade7e5658bf55990ff2cb1787c604fe087628c06e256fb1346f1c846d29be0ac", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|153|tekton-results-api:redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/kflux-fedora-01/deploy.yaml"}, "region": {"startLine": 1540}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94415, "scanner": "gitleaks", "fingerprint": "03dd4a4d6adc4d295ef5e88e2b35ba8253058b18e031f9e1f66cbd22b303da67", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|129|tekton-results-api:redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["03dd4a4d6adc4d295ef5e88e2b35ba8253058b18e031f9e1f66cbd22b303da67", "99c7ff1d761fae89e94eb62c435b6a21159b49790b4734cc018ba7fb007ae064"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/base/main-pipeline-service-configuration.yaml"}, "region": {"startLine": 1294}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94414, "scanner": "gitleaks", "fingerprint": "5e864d0fb49f44993c6918b77f5f899e14c5e3a387c6f1cb47bb4831f6afc48a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|110|tekton-results-api:redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["5e864d0fb49f44993c6918b77f5f899e14c5e3a387c6f1cb47bb4831f6afc48a", "92486b244b36d547650fd88cfa0630e9d6829755f8ccca669a0991e9b943ac64"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/base/main-pipeline-service-configuration.yaml"}, "region": {"startLine": 1104}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94413, "scanner": "gitleaks", "fingerprint": "d548be347fa41fb813110ffca82a2e5f3e34dd5f9b07f6cf8f244e996e4db864", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|131|tekton-results-api:redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/development/main-pipeline-service-configuration.yaml"}, "region": {"startLine": 1315}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94412, "scanner": "gitleaks", "fingerprint": "db2a0d7cf3377a56412378d966f3c8c70da155e01fb1727cde837819d818ccb0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|111|tekton-results-api:redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/development/main-pipeline-service-configuration.yaml"}, "region": {"startLine": 1119}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94411, "scanner": "gitleaks", "fingerprint": "5555ac17f8623045d1cc33ccf1132bf0b4453f8ff003c8e8c433d8f11434c668", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 9 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|171|tekton-results-api:redacted", "duplicate_count": 9, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["15703773094dff6237fc7416975cb7329a463df77d1ccbe684c497b0deb3f339", "5555ac17f8623045d1cc33ccf1132bf0b4453f8ff003c8e8c433d8f11434c668", "5a915f301b1b29398ca204ad264e81325c962f60026d418525c8c97fd164163b", "69edf5a10ece7f2dbda4f20de27dfdb54cdaccca20ea874f94e1cd5f1c2ab059", "96c3d391aaafdb2a7685702fa384c90be9df718be2da4037ea68235fdf4985f9", "9a6e75a6b1e583d0e416b15fd666aec3d4d81955030436c0f6151c23092f0fd5", "b82d428a3bfcf9c7d402b9c1c565b1526d9b5b976931fe0b645cdcbb14e0f46c", "c2f466c798ebf06daa9862656e2e656c76c9364edaacedb094e923d8187e8310", "c959dd1dc54c73c84df0c93a584eb931a002762340bfd315ef66d4666c112d20", "f67c1e6d4b16bfd321eda2dbb20cde6fe342f74ad2d64d7145218ca8a3e9cf43"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/kflux-osp-p01/deploy.yaml"}, "region": {"startLine": 1715}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94410, "scanner": "gitleaks", "fingerprint": "ee4de65f709eddd7c23df320842bbb86a42b50eae8113fb15e795340e0bf03f0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 9 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "tekton-results-api:REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|152|tekton-results-api:redacted", "duplicate_count": 9, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2edd0acd3aff296cffdd526da77c05e16bc9c041f6cb842f271e5eec81cbeefc", "51ca6f47d2c2c980bffaba8311cb0067758ce98371b013450c87f54d52648f3b", "758023a839a3af752d69f825c835dcfaab6c75102083d35adfb25f4ec9028c3b", "9ca5a3b936458f30cb3530f0bfe54ae9b0b1da1e583dce77a2f0369d6f3ebf11", "a2e09eacdbd1f03e7a2a4ab85b601dc5d1a55eada7a312dcac165dcc25f86726", "a68ed9ee152c68e3a40f71ed67dac848f410adca554eb58fd634a2d7d398b82a", "ad0581c2dee4c4315df9bf7b689ebad2ce37c92446722a93c65b429d9eab5e51", "e2308bf01dd3cae53909bd6a073e59ae2aa496dac54bdf66d7ba317fd23c4123", "ee4de65f709eddd7c23df320842bbb86a42b50eae8113fb15e795340e0bf03f0", "f4274a2626674b146ae4db99b726589a89e155b798625e92765b780906d6b47b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/production/kflux-osp-p01/deploy.yaml"}, "region": {"startLine": 1525}}}]}, {"ruleId": "kubernetes-secret-yaml", "level": "error", "message": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "properties": {"repobilityId": 94409, "scanner": "gitleaks", "fingerprint": "e775fdd280893c660a7286316ee0d5104efb9b256eb95b005a443bb2872f644d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "data:\n  DATABASE_DB: a3ViZWFyY2hpdmU=\n  REDACTED\n  DATABASE_PASSWORD: <redacted>\n  DATABASE_PORT: NTQzMg==\n  DATABASE_URL: a3ViZWFyY2hpdmUtcncucG9zdGdyZXNxbC5zdmMuY2x1c3Rlci5sb2NhbA==\n  DATABASE_USER: a3ViZWFyY2hpdmU=\nkind: Secret", "rule_id": "kubernetes-secret-yaml", "scanner": "gitleaks", "detector": "kubernetes-secret-yaml", "correlation_key": "secret|token|97|data: database_db: a3vizwfyy2hpdmu redacted database_password: redacted database_port: ntqzmg database_url: token databa", "duplicate_count": 5, "duplicate_rule_ids": ["kubernetes-secret-yaml"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["1447b7a549ee895916b3f7304ea1e4ed55d499d446d6a2524311ac4eaf690971", "1fb2a85c1372deef62088505d18bbd93ea1bf08acae5bd513f015f36c5c037a0", "5e54eecd89612adb146139b77c4c54696d877c1ab1987dc9d506228169853a97", "76b932cccd01ead10308cf12c076fdc348a73426798d217ad34edc4b1a00c75d", "8fe2d1f00d61af01ddfdb35bda5e075305aa4ecdfe6f8fa706a06cba0e616204", "e775fdd280893c660a7286316ee0d5104efb9b256eb95b005a443bb2872f644d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/kubearchive/production/kflux-ocp-p01/kubearchive.yaml"}, "region": {"startLine": 980}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 94408, "scanner": "gitleaks", "fingerprint": "b58e72d6ddf93770c3e423678266c06039d7296232214edf9f5c28ff94476a99", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "DATABASE_PASSWORD: <redacted>", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|98|database_password: redacted", "duplicate_count": 5, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0334fcf5109b88e57becba67378e6615e898a6709cdddd799cc43e84d47867b3", "3fe722d8cf4c3586b25a8a930adef5902a9fb942f7864a1f660d8dc3bd8f719f", "b58e72d6ddf93770c3e423678266c06039d7296232214edf9f5c28ff94476a99", "d519acd7c42a2b9c1dc9a83c813710157dd1fe4d36c7657c6327ef01d5a02315", "eebffac1c610603094f8248e8efe0b3664124529a25bb77e8df2451de9fd6682", "f0372e10277a67c57fb854b0bc69d9626d69f2680a1f982dddcdab84001fde17"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/kubearchive/production/kflux-ocp-p01/kubearchive.yaml"}, "region": {"startLine": 983}}}]}, {"ruleId": "kubernetes-secret-yaml", "level": "error", "message": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "properties": {"repobilityId": 94407, "scanner": "gitleaks", "fingerprint": "cfe89c21512229e1bca27f2306c915a94328572177a6fe4eee009507a682d8e5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "kind: Secret\nmetadata:\n  name: repo-bitnami-postgresql\n  namespace: openshift-gitops\n  labels:\n    argocd.argoproj.io/secret-type: repository\ndata:\n  enableOCI: dHJ1ZQ==\n  REDACTED", "rule_id": "kubernetes-secret-yaml", "scanner": "gitleaks", "detector": "kubernetes-secret-yaml", "correlation_key": "secret|token|13|kind: secret metadata: name: repo-bitnami-postgresql namespace: openshift-gitops labels: token : repository data: enable"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/pipeline-service/development/dev-only-pipeline-service-storage-configuration.yaml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 94384, "scanner": "repobility-threat-engine", "fingerprint": "798514fda31f7e748dba313b98a5ea9c8c128066fe6c039579c716b1c77abcc2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|798514fda31f7e748dba313b98a5ea9c8c128066fe6c039579c716b1c77abcc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/konflux-operator/ci/openshift-overlay-e2e/ci-common.sh"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `platform` used but not imported"}, "properties": {"repobilityId": 94332, "scanner": "repobility-ast-engine", "fingerprint": "6a20e095013a02fd5402a60055133b800510182abd1755d22fea37630f4a5b5b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a20e095013a02fd5402a60055133b800510182abd1755d22fea37630f4a5b5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/kueue-vm-quotas/update-kueue-vm-quotas.py"}, "region": {"startLine": 99}}}]}]}]}