{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `hister` image uses the latest tag", "shortDescription": {"text": "Compose service `hister` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage runs as root", "shortDescription": {"text": "Docker final stage runs as root"}, "fullDescription": {"text": "The final runtime stage explicitly uses root. A compromised app process would have root inside the container."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/334"}, "properties": {"repository": "asciimoo/hister", "repoUrl": "https://github.com/asciimoo/hister", "branch": "master"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 10544, "scanner": "repobility-journey-contract", "fingerprint": "d43180c94f2d797b17cf34f5e2506730d256787d6ccf86d40ccf29f5ccf4e923", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|35|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/app/src/routes/auth/+page.svelte"}, "region": {"startLine": 35}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 10543, "scanner": "repobility-journey-contract", "fingerprint": "348ad232a564d8a3846c2ca247d9060b9129a0051ce361bcbc5e2fcbbad6db2a", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|webui/app/src/lib/api.ts|90|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/app/src/lib/api.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 10542, "scanner": "repobility-journey-contract", "fingerprint": "040ddfccfc3916b1e156f0860635739ecf28118da01351d8b0edb19996713f7d", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|webui/app/src/lib/api.ts|49|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/app/src/lib/api.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `hister` image uses the latest tag"}, "properties": {"repobilityId": 10540, "scanner": "repobility-docker", "fingerprint": "1d7d047ecae7884f9927f7d118fcd6cce94847b56d100feb75949a35c417184f", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/asciimoo/hister:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1d7d047ecae7884f9927f7d118fcd6cce94847b56d100feb75949a35c417184f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 10537, "scanner": "repobility-docker", "fingerprint": "9b6092f5043012e0d2c9b2de57416dbad13d2f8639f0ccdf1fcb22f3e7d1e87c", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|9b6092f5043012e0d2c9b2de57416dbad13d2f8639f0ccdf1fcb22f3e7d1e87c", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 10536, "scanner": "repobility-threat-engine", "fingerprint": "0aed7fd9a4585e87c2d14287e385e6cba0a4b12b568d1fea4831c1ed9385dd27", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (_) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0aed7fd9a4585e87c2d14287e385e6cba0a4b12b568d1fea4831c1ed9385dd27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/ext/src/background/background.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17812343046533da2a1696a61b89f036a88c0a4a877e0501da008802ac9e2895", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/kbd/kbd-group.svelte", "duplicate_line": 1, "correlation_key": "fp|17812343046533da2a1696a61b89f036a88c0a4a877e0501da008802ac9e2895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/kbd/kbd.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "360e12b8034fd28d99d4fdf9600eee7cbb162606cea188b1b5be786f033115ac", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/alert/alert-description.svelte", "duplicate_line": 1, "correlation_key": "fp|360e12b8034fd28d99d4fdf9600eee7cbb162606cea188b1b5be786f033115ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/dialog/dialog-header.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f798fc3a0d86714577771542d4aef340debb4142f30529cacf59f688fbf442b5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/card/card-action.svelte", "duplicate_line": 1, "correlation_key": "fp|f798fc3a0d86714577771542d4aef340debb4142f30529cacf59f688fbf442b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/dialog/dialog-footer.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48bc30cf499e1f3d0100d22d7ca3289a3fc12644936c21e8c33014a896110b07", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/alert/alert-description.svelte", "duplicate_line": 1, "correlation_key": "fp|48bc30cf499e1f3d0100d22d7ca3289a3fc12644936c21e8c33014a896110b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/card/card-title.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a095e5217b404ffaf9f23977bef132311cb88a13d180807476288435f988fd2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/card/card-action.svelte", "duplicate_line": 1, "correlation_key": "fp|5a095e5217b404ffaf9f23977bef132311cb88a13d180807476288435f988fd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/card/card-footer.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c126b0198ac7d175761cea55835e5ec4f94b90a522d9a7b3a957b7c6950538a6", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/ui/alert/alert-description.svelte", "duplicate_line": 1, "correlation_key": "fp|c126b0198ac7d175761cea55835e5ec4f94b90a522d9a7b3a957b7c6950538a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/ui/alert/alert-title.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b387df6bb0c22402fae5e176766ae30a1a260820cad0522c2df0ffea3ee5e822", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/callout/callout-danger.svelte", "duplicate_line": 1, "correlation_key": "fp|b387df6bb0c22402fae5e176766ae30a1a260820cad0522c2df0ffea3ee5e822"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/callout/callout-warning.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bda8d562b412f0bb29dbfc5f76a624b6c62c31fc91e45511aa17b6eef1eedd5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/callout/callout-danger.svelte", "duplicate_line": 1, "correlation_key": "fp|4bda8d562b412f0bb29dbfc5f76a624b6c62c31fc91e45511aa17b6eef1eedd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/callout/callout-tip.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c001a39674eb78b325e2ddfabeb8e1a818a445ab5353f5442e1a902bf29cf942", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "webui/components/src/lib/components/callout/callout-danger.svelte", "duplicate_line": 1, "correlation_key": "fp|c001a39674eb78b325e2ddfabeb8e1a818a445ab5353f5442e1a902bf29cf942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/components/src/lib/components/callout/callout-note.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 10522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9dc2308ddedbcd27a7945185fabb03e1d275c0d3422d55616518590c74822b3e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "server/oauth/github.go", "duplicate_line": 1, "correlation_key": "fp|9dc2308ddedbcd27a7945185fabb03e1d275c0d3422d55616518590c74822b3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/oauth/google.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 10541, "scanner": "repobility-docker", "fingerprint": "8312c7dc006e590a9ff4d3858b5c8132af1612854722737bc025aa68eab8201c", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "hister", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8312c7dc006e590a9ff4d3858b5c8132af1612854722737bc025aa68eab8201c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 10539, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 10534, "scanner": "repobility-threat-engine", "fingerprint": "7ac1d795c0759ddd2f177b7d605f3733d8396737705231549bd772d19787cb01", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = f.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7ac1d795c0759ddd2f177b7d605f3733d8396737705231549bd772d19787cb01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/config.go"}, "region": {"startLine": 840}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 10533, "scanner": "repobility-threat-engine", "fingerprint": "bf8b4ed5d50b9071bdfb483a2792cc05405b3bacab05b74fee5739db9e1b037a", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = filepath.WalkDir(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bf8b4ed5d50b9071bdfb483a2792cc05405b3bacab05b74fee5739db9e1b037a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "files/files.go"}, "region": {"startLine": 128}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 10532, "scanner": "repobility-threat-engine", "fingerprint": "7543df6e98734ae36bb65736a6a5b5b7f256baf5b83c9a792ea4abef66059463", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = r.ReadString(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7543df6e98734ae36bb65736a6a5b5b7f256baf5b83c9a792ea4abef66059463"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hister.go"}, "region": {"startLine": 1263}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 10535, "scanner": "repobility-threat-engine", "fingerprint": "ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 10545, "scanner": "repobility-journey-contract", "fingerprint": "603d49b8120099f47e8ceb6620b5463ea324ed56565c922b0225aa1468965f6d", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|136|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "webui/app/src/routes/auth/+page.svelte"}, "region": {"startLine": 136}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 10538, "scanner": "repobility-docker", "fingerprint": "1329e8e946663293741e20c1910fb118b74edf6b05ae97ef5b2b7b7e416cb3f6", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1329e8e946663293741e20c1910fb118b74edf6b05ae97ef5b2b7b7e416cb3f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 98}}}]}]}]}