{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo", "shortDescription": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "fullDescription": {"text": "`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 10 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1284"}, "properties": {"repository": "tbroyer/gradle-nullaway-plugin", "repoUrl": "https://github.com/tbroyer/gradle-nullaway-plugin", "branch": "main"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 130357, "scanner": "repobility-threat-engine", "fingerprint": "aaeee05b4f9306a1960229dc8a3313fd58ce66c402a9df56943e50b3e9c26330", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|build.gradle.kts|216|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.gradle.kts"}, "region": {"startLine": 216}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130339, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7023fcd0fa9927929e64fadb8a7395681c8c1c9d4f98ba01cf91edfaff90d8bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/nullaway/BinaryCompatibilityIntegrationTest.java", "duplicate_line": 198, "correlation_key": "fp|7023fcd0fa9927929e64fadb8a7395681c8c1c9d4f98ba01cf91edfaff90d8bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/ltgt/gradle/nullaway/NullAwayPlugin.java"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130338, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18a892de9ab58e81fa8f3bb6778c91e2ba85c54274c0066f8bfeba2db186b1ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/nullaway/BinaryCompatibilityIntegrationTest.java", "duplicate_line": 111, "correlation_key": "fp|18a892de9ab58e81fa8f3bb6778c91e2ba85c54274c0066f8bfeba2db186b1ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrationTest/java/net/ltgt/gradle/nullaway/NullAwayPluginIntegrationTest.java"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130337, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1be12a9d0cb083f8e2e1576b9abc428029c128a92d1be3455d9ba148c2f0f78e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/nullaway/GroovyDslIntegrationTest.java", "duplicate_line": 59, "correlation_key": "fp|1be12a9d0cb083f8e2e1576b9abc428029c128a92d1be3455d9ba148c2f0f78e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrationTest/java/net/ltgt/gradle/nullaway/NullAwayPluginIntegrationTest.java"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 130358, "scanner": "repobility-threat-engine", "fingerprint": "ae1c8b06e297daec6070b832e5799356449636b0e6e5373aab5a58a6fb528a27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(cmdarray", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae1c8b06e297daec6070b832e5799356449636b0e6e5373aab5a58a6fb528a27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.gradle.kts"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "properties": {"repobilityId": 130356, "scanner": "repobility-supply-chain", "fingerprint": "e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 130355, "scanner": "repobility-supply-chain", "fingerprint": "0f6ae6705f04c79e2c61d0c09e82ff524c9c01e997eb095e77f16873123c79d5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f6ae6705f04c79e2c61d0c09e82ff524c9c01e997eb095e77f16873123c79d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130354, "scanner": "repobility-supply-chain", "fingerprint": "17468fcd2085ea59474cfd0220a44be1e89ba529a160f5a92387838c3a971fa4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17468fcd2085ea59474cfd0220a44be1e89ba529a160f5a92387838c3a971fa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 130353, "scanner": "repobility-supply-chain", "fingerprint": "3bea222fc2c82031a21fb5688afe9c903cd657e855a73f998a11811a5e9c3b62", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3bea222fc2c82031a21fb5688afe9c903cd657e855a73f998a11811a5e9c3b62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130352, "scanner": "repobility-supply-chain", "fingerprint": "7fbf148105fbeb049df2c14f5ce27aa51fe17cd3f4c976d007733bd7d96c32d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7fbf148105fbeb049df2c14f5ce27aa51fe17cd3f4c976d007733bd7d96c32d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 130351, "scanner": "repobility-supply-chain", "fingerprint": "af5be7d03bd18126acf617eb0409eb3578ffd2c9e34110f3444500bc47c9ca39", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af5be7d03bd18126acf617eb0409eb3578ffd2c9e34110f3444500bc47c9ca39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130350, "scanner": "repobility-supply-chain", "fingerprint": "dfcfbd6a2a76f6866bdea0925e6a22e7e92bdeb92a4e086b2f6bd15d7b9e5af8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dfcfbd6a2a76f6866bdea0925e6a22e7e92bdeb92a4e086b2f6bd15d7b9e5af8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 130349, "scanner": "repobility-supply-chain", "fingerprint": "f91dd8940fe65a53415c024c7b5e6831134a7dc9a0acacdbd4e4030397efe5af", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f91dd8940fe65a53415c024c7b5e6831134a7dc9a0acacdbd4e4030397efe5af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130348, "scanner": "repobility-supply-chain", "fingerprint": "8ea7c4d484ee4061a1925dfd8a8bdbaf6ee1502fe2810751e2eea1fabada6168", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ea7c4d484ee4061a1925dfd8a8bdbaf6ee1502fe2810751e2eea1fabada6168"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 130347, "scanner": "repobility-supply-chain", "fingerprint": "07a408da84e9ddf1a1a25f259cf185ca58ee88cf517a46950da6b3226ab079eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|07a408da84e9ddf1a1a25f259cf185ca58ee88cf517a46950da6b3226ab079eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130346, "scanner": "repobility-supply-chain", "fingerprint": "f7a89ac8cedc781a5d0ab7bbd7c42e0ea43e342982be36bd5f180d1342cc6d02", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7a89ac8cedc781a5d0ab7bbd7c42e0ea43e342982be36bd5f180d1342cc6d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 130345, "scanner": "repobility-supply-chain", "fingerprint": "3e7590a81b2938a51847d1583cf44ba5f1efe40938a78a8ddfec36c79560749b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e7590a81b2938a51847d1583cf44ba5f1efe40938a78a8ddfec36c79560749b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130344, "scanner": "repobility-supply-chain", "fingerprint": "967183a1f4471d93d4664bee60349e47f0d5544426fb15f83c099376416a944c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|967183a1f4471d93d4664bee60349e47f0d5544426fb15f83c099376416a944c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 130343, "scanner": "repobility-supply-chain", "fingerprint": "932c336ce3f1dee3a2ceceea693b1651233042d1a6931a83304d6d10f3c23b48", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|932c336ce3f1dee3a2ceceea693b1651233042d1a6931a83304d6d10f3c23b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130342, "scanner": "repobility-supply-chain", "fingerprint": "25f42fc3496ece52ed00b6a186c76213e6df4b9c880ff7040b00eddda57ee230", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25f42fc3496ece52ed00b6a186c76213e6df4b9c880ff7040b00eddda57ee230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 130341, "scanner": "repobility-supply-chain", "fingerprint": "375310d5a9166386d1749b1bd45d69818abaf959cfd61a2ea39590c84f143930", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|375310d5a9166386d1749b1bd45d69818abaf959cfd61a2ea39590c84f143930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 130340, "scanner": "repobility-supply-chain", "fingerprint": "7075b8a3950b62a3792bdeb203f8bc79eff928f35cbf453a91892b3897663450", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7075b8a3950b62a3792bdeb203f8bc79eff928f35cbf453a91892b3897663450"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 17}}}]}]}]}