{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB012", "name": "Service worker is present without a web app manifest", "shortDescription": {"text": "Service worker is present without a web app manifest"}, "fullDescription": {"text": "Add a valid manifest.json or site.webmanifest and reference it from the document head. Include name, icons, start_url, display, and theme colors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC089", "name": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended ", "shortDescription": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "fullDescription": {"text": "Bind to `127.0.0.1:PORT` and front with a reverse proxy."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC075", "name": "[SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive \u2014 orchestrators can't detect a wedged process. Ported from", "shortDescription": {"text": "[SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive \u2014 orchestrators can't detect a wedged process. Ported from trivy DS026 / checkov CKV_DOCKER_2 (Apache-2.0). Implement file-level: skip if file contains `^\\s*HEALTHCHECK\\b`."}, "fullDescription": {"text": "Add `HEALTHCHECK CMD curl -f http://localhost:PORT/health || exit 1`."}, "properties": {"scanner": "repobility-threat-engine", "category": "docker", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED088", "name": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks.", "shortDescription": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED031", "name": "[MINED031] React Direct State Mutation (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED031] React Direct State Mutation (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 31 more): Same pattern found in 31 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases.", "shortDescription": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 79 more): Same pattern found in 79 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `axios-progress-bar` pulled from URL/Git: `dependencies.axios-progress-bar` = `git://github.", "shortDescription": {"text": "[MINED122] package.json dep `axios-progress-bar` pulled from URL/Git: `dependencies.axios-progress-bar` = `git://github.com/portainer/progress-bar-4-axios` bypasses the npm registry. No integrity hash, no version locking, no registry-side s"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "SEC069", "name": "[SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no USER directive was set. Ported ", "shortDescription": {"text": "[SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no USER directive was set. Ported from trivy DS002 / checkov CKV_DOCKER_3 (Apache-2.0). Implement as a file-level rule: skip if file contains `^\\s*USER\\s+"}, "fullDescription": {"text": "Add `RUN adduser -D app && USER app` before the CMD/ENTRYPOINT."}, "properties": {"scanner": "repobility-threat-engine", "category": "docker", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED027", "name": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated ", "shortDescription": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.", "shortDescription": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC008", "name": "Compose service mounts the Docker socket", "shortDescription": {"text": "Compose service mounts the Docker socket"}, "fullDescription": {"text": "Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/571"}, "properties": {"repository": "portainer/portainer", "repoUrl": "https://github.com/portainer/portainer", "branch": "develop"}, "results": [{"ruleId": "WEB012", "level": "warning", "message": {"text": "Service worker is present without a web app manifest"}, "properties": {"repobilityId": 39886, "scanner": "repobility-web-presence", "fingerprint": "fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A service worker was discovered but no common web manifest file was found.", "evidence": {"rule_id": "WEB012", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/Manifest"], "correlation_key": "fp|fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manifest.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 39885, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 39884, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 39877, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 39870, "scanner": "repobility-docker", "fingerprint": "b4a51efc84b8720bfb67eec6f5a02eefa0004eb923df4c7cacd1a1ef2861ccf4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "portainer/base", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b4a51efc84b8720bfb67eec6f5a02eefa0004eb923df4c7cacd1a1ef2861ccf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 39869, "scanner": "repobility-docker", "fingerprint": "3fdf3b248b800dd4cd738d6333826c5c74a16fa23387f5ed91e53248a3158c6e", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "portainer/base", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3fdf3b248b800dd4cd738d6333826c5c74a16fa23387f5ed91e53248a3158c6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 39838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "faa19b4ef028aadfa799737e2e5783f06bee4ddbce9857e11b0959d0e31b842d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|faa19b4ef028aadfa799737e2e5783f06bee4ddbce9857e11b0959d0e31b842d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_settings_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 39837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8224e6785298dddf11451b1f3cb76ed992d9449d60a43186948d70f09cfa0290", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8224e6785298dddf11451b1f3cb76ed992d9449d60a43186948d70f09cfa0290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/edgestacks/edgestack_status_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 39796, "scanner": "repobility-threat-engine", "fingerprint": "f0af988724449100da18cb46e6d516b555f90e3339c59f5532f6c5f5c4472e65", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "$eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|10|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/components/onEnterKey.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 39795, "scanner": "repobility-threat-engine", "fingerprint": "e7b68087b342dc1c241f9232bb81c55dfadd2e6fb4b6f5bb500d630784c04716", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "$eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|19|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/components/focusIf.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 39794, "scanner": "repobility-threat-engine", "fingerprint": "062f889b1db8f0f49912a572bde4beded8c7d14a872adbe11e50ccf8c93c549f", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|62|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/views/images/import/importImageController.js"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 39776, "scanner": "repobility-threat-engine", "fingerprint": "99e4a8c9a14d2639f73209905013bfa1c9819503f076b9073d31009d7a1ef3e3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\t\tHandler: proxy,\n\t\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|99e4a8c9a14d2639f73209905013bfa1c9819503f076b9073d31009d7a1ef3e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/proxy/factory/agent.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC089", "level": "warning", "message": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "properties": {"repobilityId": 39775, "scanner": "repobility-threat-engine", "fingerprint": "77212ecf0df293aeec737fad51f0be417b59a4845ab5a14bcb098d6e1d1bee6f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Listen(\"tcp\", \":0\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC089", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|77212ecf0df293aeec737fad51f0be417b59a4845ab5a14bcb098d6e1d1bee6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/proxy/factory/agent.go"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 39770, "scanner": "repobility-threat-engine", "fingerprint": "8018c23867f5da7961f81836411c12e363bf19919bc123f2596c7551fd993eb0", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|9|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/models/endpoint/formValues.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 39769, "scanner": "repobility-threat-engine", "fingerprint": "d6e094d93c96738d8d972f45ac0beeb6b99d764148d3fd5fb2dfb1ff85157e35", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|244|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_update.go"}, "region": {"startLine": 244}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 39732, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 39883, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 39882, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 39881, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 39880, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 39875, "scanner": "repobility-docker", "fingerprint": "6fadb4b87435f1413530a9c603fe8f2f17747e1a7e81f1a8922249b1e90b9971", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "portainer", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6fadb4b87435f1413530a9c603fe8f2f17747e1a7e81f1a8922249b1e90b9971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/docker-extension/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 39871, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2209bd525ebace3c380ccae188830b893e411f0b37405809c67b4726d658f47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_update_git.go", "duplicate_line": 141, "correlation_key": "fp|a2209bd525ebace3c380ccae188830b893e411f0b37405809c67b4726d658f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/update_kubernetes_stack.go"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21ee7b016b6225728ceb54ea33cfa1ddb965d6ff25fcdcfb2171d1704f00a180", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_update_git.go", "duplicate_line": 68, "correlation_key": "fp|21ee7b016b6225728ceb54ea33cfa1ddb965d6ff25fcdcfb2171d1704f00a180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_update_git_redeploy.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a17c720937261d178df112a012e1baef40ce7111a0c3d41d2be0f68667e0f03b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_migrate.go", "duplicate_line": 65, "correlation_key": "fp|a17c720937261d178df112a012e1baef40ce7111a0c3d41d2be0f68667e0f03b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_stop.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39865, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e80112c0f2264d11f13646ba0015e9005a48d217db6ad959bb9b5409c0b0cc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_start.go", "duplicate_line": 20, "correlation_key": "fp|1e80112c0f2264d11f13646ba0015e9005a48d217db6ad959bb9b5409c0b0cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_stop.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39864, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f9f2c3e236e95dfe8fefa7f405b27d9d026e9947f641306e1eeb9d3ed7ff756", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_migrate.go", "duplicate_line": 65, "correlation_key": "fp|5f9f2c3e236e95dfe8fefa7f405b27d9d026e9947f641306e1eeb9d3ed7ff756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_start.go"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39863, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05781d7968ae72fa0f5c91305e689d26059b3a8c7fb3589e2bb19f65a7f7cfd1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/stack_file.go", "duplicate_line": 18, "correlation_key": "fp|05781d7968ae72fa0f5c91305e689d26059b3a8c7fb3589e2bb19f65a7f7cfd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_inspect.go"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39862, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cea96c7f402b07944fef3539426eee78ff5d6d8dda5016dc62de2d7593f1785e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/stacks/create_compose_stack.go", "duplicate_line": 139, "correlation_key": "fp|cea96c7f402b07944fef3539426eee78ff5d6d8dda5016dc62de2d7593f1785e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/create_swarm_stack.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39861, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a94f39ed44fad95f6a840aa91a814c676d7bad40c544af6c001f6e3f32e33ce3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/resourcecontrols/handler.go", "duplicate_line": 2, "correlation_key": "fp|a94f39ed44fad95f6a840aa91a814c676d7bad40c544af6c001f6e3f32e33ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/roles/handler.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "01f9a3711ad04b67cc5c0ecc2a8dbf5a2d2701869bdb6d101825d90a929e3ed0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/kubernetes/persistent_volume_claims.go", "duplicate_line": 1, "correlation_key": "fp|01f9a3711ad04b67cc5c0ecc2a8dbf5a2d2701869bdb6d101825d90a929e3ed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/kubernetes/persistent_volumes.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7df0324986a58df8beebc77267d4cba2f7b815b1a99cbbf073392d6614913e5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/gitops/sources/handler.go", "duplicate_line": 9, "correlation_key": "fp|7df0324986a58df8beebc77267d4cba2f7b815b1a99cbbf073392d6614913e5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/gitops/workflows/handler.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6997aff6e1ffacd0b94ec9f65b64bfa2c978b59d0729c74ac726fa2a26d7415", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/gitops/sources/create_git.go", "duplicate_line": 1, "correlation_key": "fp|b6997aff6e1ffacd0b94ec9f65b64bfa2c978b59d0729c74ac726fa2a26d7415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/gitops/sources/update_git.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a825d6cfa489faffcfb41de724f5e9f9cfc57c3de127fd2e986ca0d5b3db036", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/endpointproxy/proxy_agent_host.go", "duplicate_line": 31, "correlation_key": "fp|9a825d6cfa489faffcfb41de724f5e9f9cfc57c3de127fd2e986ca0d5b3db036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpointproxy/proxy_kubernetes.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f834d7ca22b2b7466242869984a129f63522a25edd413e50d6329935f4776b77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/endpointproxy/proxy_azure.go", "duplicate_line": 10, "correlation_key": "fp|f834d7ca22b2b7466242869984a129f63522a25edd413e50d6329935f4776b77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpointproxy/proxy_kubernetes.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f32e64c70ba382af482ac7ddc306f9ef523e6810a005042eea7bb70dfba0692", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/endpointproxy/proxy_agent_host.go", "duplicate_line": 22, "correlation_key": "fp|5f32e64c70ba382af482ac7ddc306f9ef523e6810a005042eea7bb70dfba0692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpointproxy/proxy_docker.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bfe240fc783dd879ec19fcce2b8feac634ddf5661986cf4d78f19f118700d45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/endpointproxy/proxy_azure.go", "duplicate_line": 10, "correlation_key": "fp|7bfe240fc783dd879ec19fcce2b8feac634ddf5661986cf4d78f19f118700d45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpointproxy/proxy_docker.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e6aee48d46ee6f7cd41daa2348e0e77c66501b994f55e61fc69c5a658da3ef05", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/http/handler/customtemplates/customtemplate_file.go", "duplicate_line": 1, "correlation_key": "fp|e6aee48d46ee6f7cd41daa2348e0e77c66501b994f55e61fc69c5a658da3ef05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/customtemplates/customtemplate_inspect.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08a92dbaba17bb486d1afc35359e1c6d6cd9a018b3aeb4a428af1dbdf3d7b2c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/settings/settings.go", "duplicate_line": 14, "correlation_key": "fp|08a92dbaba17bb486d1afc35359e1c6d6cd9a018b3aeb4a428af1dbdf3d7b2c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/version/version.go"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0d71e65144e65cac453ef4011f2148b9d62b64e5ae5ef0d3443b6734ad2480a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/user/tx.go", "duplicate_line": 15, "correlation_key": "fp|a0d71e65144e65cac453ef4011f2148b9d62b64e5ae5ef0d3443b6734ad2480a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/user/user.go"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "803a0c0e244085d111445044c07c75ccccc78133c3e24c80dc4544b3eb6f07c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/dockerhub/dockerhub.go", "duplicate_line": 8, "correlation_key": "fp|803a0c0e244085d111445044c07c75ccccc78133c3e24c80dc4544b3eb6f07c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/tunnelserver/tunnelserver.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d3f9a11aad60b9952ce6e38330e13e053b56cab578be767c438c07025a01905", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/team/team.go", "duplicate_line": 36, "correlation_key": "fp|6d3f9a11aad60b9952ce6e38330e13e053b56cab578be767c438c07025a01905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/team/tx.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5987002d880d40e531c04b30068d4f02747a7046d4924208ce300de447b8991", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/stack/stack.go", "duplicate_line": 34, "correlation_key": "fp|a5987002d880d40e531c04b30068d4f02747a7046d4924208ce300de447b8991"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/stack/tx.go"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab435b39063a440fc4471b9f0fc01498fca20fda42c93206059b9152c36de1bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/endpointrelation/endpointrelation.go", "duplicate_line": 28, "correlation_key": "fp|ab435b39063a440fc4471b9f0fc01498fca20fda42c93206059b9152c36de1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/ssl/ssl.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39846, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbac5cb9027d3b6bd14e60cabc46321e023411b3a1d16a8631f59a5ae035845f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/settings/settings.go", "duplicate_line": 13, "correlation_key": "fp|cbac5cb9027d3b6bd14e60cabc46321e023411b3a1d16a8631f59a5ae035845f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/ssl/ssl.go"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39845, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51e0d574c852ec1814b8ac9409eb7fc1a7da7550691e2897fabf6675ecbbd79a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/dockerhub/dockerhub.go", "duplicate_line": 8, "correlation_key": "fp|51e0d574c852ec1814b8ac9409eb7fc1a7da7550691e2897fabf6675ecbbd79a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/ssl/ssl.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39844, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b9e6b3219fd9eaeefac337fc416821812f030bf80d693c925f13194c557df10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/endpointrelation/endpointrelation.go", "duplicate_line": 28, "correlation_key": "fp|6b9e6b3219fd9eaeefac337fc416821812f030bf80d693c925f13194c557df10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/settings/settings.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c33b3892b186ac81af6733f0e71aa9f61cff3c5d65f71cedac9ca9eb96ac0195", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/dockerhub/dockerhub.go", "duplicate_line": 8, "correlation_key": "fp|c33b3892b186ac81af6733f0e71aa9f61cff3c5d65f71cedac9ca9eb96ac0195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/settings/settings.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "856f800a164cf26391f4e3fc2423083638b676e516191c7288a7527c234ead7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/dockerhub/dockerhub.go", "duplicate_line": 9, "correlation_key": "fp|856f800a164cf26391f4e3fc2423083638b676e516191c7288a7527c234ead7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/schedule/schedule.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39841, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de7ca14d89caa8c08eb95e1223d4fc70f282048acb05a1325bd36e6af0ca7a82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/resourcecontrol/resourcecontrol.go", "duplicate_line": 39, "correlation_key": "fp|de7ca14d89caa8c08eb95e1223d4fc70f282048acb05a1325bd36e6af0ca7a82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/resourcecontrol/tx.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ec79963be66df38ca22414681b2ffc9b094a98f6f67de748fc1467b9fbd22e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/dockerhub/dockerhub.go", "duplicate_line": 9, "correlation_key": "fp|6ec79963be66df38ca22414681b2ffc9b094a98f6f67de748fc1467b9fbd22e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/extension/extension.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b2c3d7c13c310c97e16227ee574655462e8ebf27cb172fe81b8c3c893f0aa47", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/dataservices/endpoint/endpoint.go", "duplicate_line": 121, "correlation_key": "fp|9b2c3d7c13c310c97e16227ee574655462e8ebf27cb172fe81b8c3c893f0aa47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/dataservices/endpoint/tx.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72ca14bc7ba667ce24e070d50ba34c2e33f18d4180b26822a2e23e8662ef6a70", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|72ca14bc7ba667ce24e070d50ba34c2e33f18d4180b26822a2e23e8662ef6a70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/common/stacks/common/confirm-stack-update.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39835, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68043b65221040c9f9684f076041073f52d61cddf0eec0512efd127d5fd09dcc", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|68043b65221040c9f9684f076041073f52d61cddf0eec0512efd127d5fd09dcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/webhooks/webhook_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39834, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc9690f1372f6d8ed8b7e6864e4ccac11ef32c7bf2b623cb542850bdbd476c90", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cc9690f1372f6d8ed8b7e6864e4ccac11ef32c7bf2b623cb542850bdbd476c90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/users/user_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39833, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1acfc0e53cac73f8c9dd11f2721077c06e406d443a65b2b3f842ec67dc469f5d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1acfc0e53cac73f8c9dd11f2721077c06e406d443a65b2b3f842ec67dc469f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/teams/team_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39832, "scanner": "repobility-ai-code-hygiene", "fingerprint": "347152a02710554704fbc33174ff2d95dff0f0c9154c7fa679fc29655f90bbe7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|347152a02710554704fbc33174ff2d95dff0f0c9154c7fa679fc29655f90bbe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/teammemberships/teammembership_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39831, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71c88b3f0603fd4af641be858d316f43b09000c14d109a1ebe23a841fa0a4af4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|71c88b3f0603fd4af641be858d316f43b09000c14d109a1ebe23a841fa0a4af4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/stacks/stack_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39830, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21eeb94a735ffdb64804d49dd7cb644e07b754f2283088429381f56f48294ba3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|21eeb94a735ffdb64804d49dd7cb644e07b754f2283088429381f56f48294ba3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/ssl/ssl_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39829, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd1c58687e623a1c877b53e6b4912ec15328f2b25c94bceb9d7f8e7b6aa00b35", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dd1c58687e623a1c877b53e6b4912ec15328f2b25c94bceb9d7f8e7b6aa00b35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/settings/settings_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39828, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8df9f5c5e46eacf5966b0343a2882ee645a5e269351472ce098453f3c5a5b50", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b8df9f5c5e46eacf5966b0343a2882ee645a5e269351472ce098453f3c5a5b50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/resourcecontrols/resourcecontrol_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39827, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbcb775b154d1012f9ca64534ac775414915630d19df75268c082c65ea313848", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|fbcb775b154d1012f9ca64534ac775414915630d19df75268c082c65ea313848"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/registries/registry_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39826, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a874fc19a77dbf57479cb647a067d392f0001220a86f82924ae5a7f76ca97523", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a874fc19a77dbf57479cb647a067d392f0001220a86f82924ae5a7f76ca97523"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_settings_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39825, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f46e8021e04ba30666f0934dcd63b63279d09377d736bc002433d79f660ddba", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3f46e8021e04ba30666f0934dcd63b63279d09377d736bc002433d79f660ddba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39824, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11fd497639879ff8c325e7c5e85d261c38d0020ed964b1a8fdb85d436aab20d8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|11fd497639879ff8c325e7c5e85d261c38d0020ed964b1a8fdb85d436aab20d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpointgroups/endpointgroup_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4709074f0f635f0b119b69be51132690e9848c691330880dd547aba171e1e29c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4709074f0f635f0b119b69be51132690e9848c691330880dd547aba171e1e29c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/edgestacks/edgestack_status_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e20bd892d446ce333497a52c0f90096a1346fa7ae1e1ca2cc34951cea21be35", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|6e20bd892d446ce333497a52c0f90096a1346fa7ae1e1ca2cc34951cea21be35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/edgestacks/edgestack_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d670755ad19a44dcde5a6580fbce1fac655acd556da6350dac95d49b418f5140", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d670755ad19a44dcde5a6580fbce1fac655acd556da6350dac95d49b418f5140"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/edgejobs/edgejob_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e914373782ce584ced7fe3f7f07b65d4a3f0e8078fbb12edb1fe359adf9c6e0", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3e914373782ce584ced7fe3f7f07b65d4a3f0e8078fbb12edb1fe359adf9c6e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/edgegroups/edgegroup_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 39819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9822b27b0c1a1fce9ebe7ae02f9fec933b3d6dd2809412196d32f6ec8b6e88c7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9822b27b0c1a1fce9ebe7ae02f9fec933b3d6dd2809412196d32f6ec8b6e88c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/customtemplates/customtemplate_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 39818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC075", "level": "note", "message": {"text": "[SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive \u2014 orchestrators can't detect a wedged process. Ported from trivy DS026 / checkov CKV_DOCKER_2 (Apache-2.0). Implement file-level: skip if file contains `^\\s*HEALTHCHECK\\b`."}, "properties": {"repobilityId": 39817, "scanner": "repobility-threat-engine", "fingerprint": "c1e09537af15807e9285e49e288c054b5fb0c834160a66d9bf85f31e7604d832", "category": "docker", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "import { List } from 'lucide-react';\n\nimport { joinCommand } from '@/docker/filters/utils';\nimport {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC075", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c1e09537af15807e9285e49e288c054b5fb0c834160a66d9bf85f31e7604d832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/docker/images/ItemView/DockerfileDetails.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 39783, "scanner": "repobility-threat-engine", "fingerprint": "1b1070c537771b27a2098eb260b2e69378c2bdd0a788507d60c905bdd6b9eaee", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|app/assets/css/colors.ts|5|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/assets/css/colors.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 39766, "scanner": "repobility-threat-engine", "fingerprint": "656d9cc088a94d01dc79c51dd049fdd8d9c582224f79fe389b09aab4a1a851fa", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"/containers/\"+attachID+\"/attach?stdin=1&stdout=1&stderr=1&stream=1\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|656d9cc088a94d01dc79c51dd049fdd8d9c582224f79fe389b09aab4a1a851fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/websocket/attach.go"}, "region": {"startLine": 129}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 39765, "scanner": "repobility-threat-engine", "fingerprint": "faba6d0e9488be1952fc4e08492a359c461fdd7c0825ebac198487fc8ff8b7b5", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"/kubernetes/\" + environmentId + \"/namespaces/\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|faba6d0e9488be1952fc4e08492a359c461fdd7c0825ebac198487fc8ff8b7b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/kubernetes/deprecated_routes.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 39764, "scanner": "repobility-threat-engine", "fingerprint": "810bcdb35bb7a17065fbabc6c9dc7c95436a5cf8e0198a94d64929fad04cffb2", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"https://github.com/users/\" + ghUser + \"/packages/container/package/\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|810bcdb35bb7a17065fbabc6c9dc7c95436a5cf8e0198a94d64929fad04cffb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/docker/images/image.go"}, "region": {"startLine": 162}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 39748, "scanner": "repobility-threat-engine", "fingerprint": "a22c0eb15a2bfa1680c8bcccaa7b201af126c6a3214e09b1649c9d6cc737b0d2", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = dataStore.ViewTx(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a22c0eb15a2bfa1680c8bcccaa7b201af126c6a3214e09b1649c9d6cc737b0d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/chisel/tunnel.go"}, "region": {"startLine": 244}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 39747, "scanner": "repobility-threat-engine", "fingerprint": "fc3c7396ba0d0a175514392eac1d3c71e680a318735d7bdee4b5e2e837cd3483", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = io.Copy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fc3c7396ba0d0a175514392eac1d3c71e680a318735d7bdee4b5e2e837cd3483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/chisel/service.go"}, "region": {"startLine": 93}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 39746, "scanner": "repobility-threat-engine", "fingerprint": "11d2a511c1414fc3bfd7d5ab8f3b2b54b78e70c2d882198b9dde1434a5a0ad68", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = io.Copy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|11d2a511c1414fc3bfd7d5ab8f3b2b54b78e70c2d882198b9dde1434a5a0ad68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/agent/version.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `portainer` image is selected through a build variable"}, "properties": {"repobilityId": 39874, "scanner": "repobility-docker", "fingerprint": "41a6092dada9c288d8c17a12e568b06209e3f2465dbdc94cc15ad701f3acfa87", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${DESKTOP_PLUGIN_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|41a6092dada9c288d8c17a12e568b06209e3f2465dbdc94cc15ad701f3acfa87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/docker-extension/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 39873, "scanner": "repobility-docker", "fingerprint": "2569f520b27592e30976ab9d87d685254f3465775a8ce7f4651e6f573aea0bfa", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "mcr.microsoft.com/windows/nanoserver:${OSVERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|2569f520b27592e30976ab9d87d685254f3465775a8ce7f4651e6f573aea0bfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/windows/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 39872, "scanner": "repobility-docker", "fingerprint": "55d36e4a5778aef100518ce258533db0dd52a30b01d0f13e5c3bd7354c38864f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1.0-linux-amd64-${OSVERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|55d36e4a5778aef100518ce258533db0dd52a30b01d0f13e5c3bd7354c38864f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/windows/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED088", "level": "none", "message": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "properties": {"repobilityId": 39815, "scanner": "repobility-threat-engine", "fingerprint": "1185fa22dba7182e581250ee99860d9f792e394f1da5d5969c8bee4ae1972cf2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-conditional-hook", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348143+00:00", "triaged_in_corpus": 20, "observations_count": 600, "ai_coder_pattern_id": 139}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1185fa22dba7182e581250ee99860d9f792e394f1da5d5969c8bee4ae1972cf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/docker/containers/CreateView/VolumesTab/context.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 39814, "scanner": "repobility-threat-engine", "fingerprint": "d6ff52f326a217119b363f1aee474b58469492e74a7fc3a211d777ba7b2b5474", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d6ff52f326a217119b363f1aee474b58469492e74a7fc3a211d777ba7b2b5474", "aggregated_count": 2}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 39813, "scanner": "repobility-threat-engine", "fingerprint": "6e48fb4370b32b230e75691e01ae1914bc18dbddfea9539c97082483b35ef02c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e48fb4370b32b230e75691e01ae1914bc18dbddfea9539c97082483b35ef02c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/form-components/InputList/InputList.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 39812, "scanner": "repobility-threat-engine", "fingerprint": "e9d31b503e987e3f822aa55f34eac52434b70ee4cf2741e8077aadcd788f2235", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9d31b503e987e3f822aa55f34eac52434b70ee4cf2741e8077aadcd788f2235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/datatables/editable/actionsColumn.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 39811, "scanner": "repobility-threat-engine", "fingerprint": "b6b0211fbe25b0a270e6b5dfabf8a5a69d05156f054880c2b08c1d25f2b52c29", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6b0211fbe25b0a270e6b5dfabf8a5a69d05156f054880c2b08c1d25f2b52c29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/buttons/DeleteButton.tsx"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 39810, "scanner": "repobility-threat-engine", "fingerprint": "4bbc23ebb0e73b3cea4492b6c5bb1e29171c7a69cc684b273bc5fe1cd1913bc1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4bbc23ebb0e73b3cea4492b6c5bb1e29171c7a69cc684b273bc5fe1cd1913bc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/Tip/Tooltip/Tooltip.tsx"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 39809, "scanner": "repobility-threat-engine", "fingerprint": "0be696ae5c5bc882d7bcdc7000ae32667a4678fcb343d1cf21b453ec8c62be4e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0be696ae5c5bc882d7bcdc7000ae32667a4678fcb343d1cf21b453ec8c62be4e", "aggregated_count": 12}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 39808, "scanner": "repobility-threat-engine", "fingerprint": "b43221805199f9ea242b8276a3a54babce869174ffb3ea2be8cf2f1e24ff9de7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b43221805199f9ea242b8276a3a54babce869174ffb3ea2be8cf2f1e24ff9de7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/PageHeader/Breadcrumbs/Breadcrumbs.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 39807, "scanner": "repobility-threat-engine", "fingerprint": "84866d7a6142847d7b7b19c120693668b2222871b31e993f909ca431ea782e1b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|84866d7a6142847d7b7b19c120693668b2222871b31e993f909ca431ea782e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/DetailsTable/DetailsRow.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 39806, "scanner": "repobility-threat-engine", "fingerprint": "9b2e7cabd29cd08c975e0b6ed9c406979a67347ff6385e47c99de01d755ba601", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b2e7cabd29cd08c975e0b6ed9c406979a67347ff6385e47c99de01d755ba601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/BoxSelector/BoxSelector.tsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 39803, "scanner": "repobility-threat-engine", "fingerprint": "6a812353771e0042af56f35024f5bc046a3d28cdf1d9300079ee85780dc5c16c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a812353771e0042af56f35024f5bc046a3d28cdf1d9300079ee85780dc5c16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/services/authentication.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 39802, "scanner": "repobility-threat-engine", "fingerprint": "545cd7553e1a9e36b0cf19482e26604070b1095629718c3d92af9592402bd341", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|545cd7553e1a9e36b0cf19482e26604070b1095629718c3d92af9592402bd341"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/index.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 39800, "scanner": "repobility-threat-engine", "fingerprint": "eba423921f0fa39b7c93bc1f2d8b90f4ecfd3a9c12ebdba5d22269bcad3cb5ad", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "password=' + data.password + '", "reason": "Safe context pattern detected", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|8|password + data.password +"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/views/volumes/create/createVolumeController.js"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 39797, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "SEC083", "level": "none", "message": {"text": "[SEC083] JS: new RegExp() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 39791, "scanner": "repobility-threat-engine", "fingerprint": "a1bb6273fbdc514ec53143946386dbdf16802c8fad0fe59f75dea80ba84c286d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a1bb6273fbdc514ec53143946386dbdf16802c8fad0fe59f75dea80ba84c286d"}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 39787, "scanner": "repobility-threat-engine", "fingerprint": "479ad3ecd592fb67b4d7a6e885f9f264f18b2f11939abf87277284ef886c8b37", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|479ad3ecd592fb67b4d7a6e885f9f264f18b2f11939abf87277284ef886c8b37"}}}, {"ruleId": "MINED031", "level": "none", "message": {"text": "[MINED031] React Direct State Mutation (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 39782, "scanner": "repobility-threat-engine", "fingerprint": "1294fe9e08d27c7e6a51f371f6284f61afba05c8f1ef06e756c82dddeaba073a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-direct-state-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347971+00:00", "triaged_in_corpus": 15, "observations_count": 6168, "ai_coder_pattern_id": 137}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1294fe9e08d27c7e6a51f371f6284f61afba05c8f1ef06e756c82dddeaba073a", "aggregated_count": 22}}}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 39767, "scanner": "repobility-threat-engine", "fingerprint": "9965b86108d0373c5a70f7ad25e6d5eebf2023c574b47d54f09feff3ed3b21a7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9965b86108d0373c5a70f7ad25e6d5eebf2023c574b47d54f09feff3ed3b21a7"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 31 more): Same pattern found in 31 additional files. Review if needed."}, "properties": {"repobilityId": 39763, "scanner": "repobility-threat-engine", "fingerprint": "d83ca282e8477695062a61847afdd66fb9e72e56b8dfcfaaef3fecad8c44d4d8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 31 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d83ca282e8477695062a61847afdd66fb9e72e56b8dfcfaaef3fecad8c44d4d8", "aggregated_count": 31}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 39762, "scanner": "repobility-threat-engine", "fingerprint": "f1a9f82929514927fa63d06d74bde33b9e74c07a858873de6a3fd7cd712b67b5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1a9f82929514927fa63d06d74bde33b9e74c07a858873de6a3fd7cd712b67b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_force_update_service.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 39761, "scanner": "repobility-threat-engine", "fingerprint": "c0e2a5e9224f04dd4dba1582a3a0497fd7d887fc6f73348438698e1f49725f57", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0e2a5e9224f04dd4dba1582a3a0497fd7d887fc6f73348438698e1f49725f57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/docker/images/digest.go"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 39760, "scanner": "repobility-threat-engine", "fingerprint": "7fc5ba8b4527cecd94dd3462df5b446ebd3b8bcffbd1b7a527eddddbfc38cc55", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7fc5ba8b4527cecd94dd3462df5b446ebd3b8bcffbd1b7a527eddddbfc38cc55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/concurrent/concurrent.go"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 39759, "scanner": "repobility-threat-engine", "fingerprint": "71dedb1b0dc4413c80f70e02548847f0bb55a38aac2271b857d874a6a49c7e8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|71dedb1b0dc4413c80f70e02548847f0bb55a38aac2271b857d874a6a49c7e8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/datastore/teststore.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 39758, "scanner": "repobility-threat-engine", "fingerprint": "1572f4e6e5bc75db40ce2670e63a070711c7e29e925879dca828946c97f2ca3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1572f4e6e5bc75db40ce2670e63a070711c7e29e925879dca828946c97f2ca3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/cli/cli.go"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 39757, "scanner": "repobility-threat-engine", "fingerprint": "7f2d6d59cbe7894dfe3a7b339026aec55039f00ff23040a911eddbc37a7272a1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7f2d6d59cbe7894dfe3a7b339026aec55039f00ff23040a911eddbc37a7272a1", "aggregated_count": 10}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 39756, "scanner": "repobility-threat-engine", "fingerprint": "bd3e717b1c6e618fe27f33780f84769f24942a55cfc7beb091538dddc69b4619", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd3e717b1c6e618fe27f33780f84769f24942a55cfc7beb091538dddc69b4619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/cli/cli.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 39755, "scanner": "repobility-threat-engine", "fingerprint": "be889f2cb6beb2e946da21bf701d68b86d7973ab2f2967952fb56dc2202f530a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|be889f2cb6beb2e946da21bf701d68b86d7973ab2f2967952fb56dc2202f530a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/chisel/service.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 39754, "scanner": "repobility-threat-engine", "fingerprint": "a9dc8f7a974c16cd3d1265b2bc9831da6ec89df11009489e6adb658309072c96", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9dc8f7a974c16cd3d1265b2bc9831da6ec89df11009489e6adb658309072c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/aws/ecr/parse_endpoints.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 39753, "scanner": "repobility-threat-engine", "fingerprint": "4ec7c638a7a41cc7f2d4cca389a5b87f396a603239596cf6ff7d220803d5f3dc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4ec7c638a7a41cc7f2d4cca389a5b87f396a603239596cf6ff7d220803d5f3dc", "aggregated_count": 26}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 39749, "scanner": "repobility-threat-engine", "fingerprint": "296bdc85bc97d457035986a9b3b7d2be5d919b23084449cf69240410280ba8ef", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|296bdc85bc97d457035986a9b3b7d2be5d919b23084449cf69240410280ba8ef"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "properties": {"repobilityId": 39745, "scanner": "repobility-threat-engine", "fingerprint": "5367efc7afb270e910d7a79557f703a482ebbf66064cf31b81402a600d783b33", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5367efc7afb270e910d7a79557f703a482ebbf66064cf31b81402a600d783b33"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 39741, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 39737, "scanner": "repobility-threat-engine", "fingerprint": "e77598ce65012a4f99675515776774271adc7928a0ab85b8dddc759c2d4242eb", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|. token|112|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".storybook/public/mockServiceWorker.js"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 39736, "scanner": "repobility-threat-engine", "fingerprint": "616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "aggregated_count": 5}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 39735, "scanner": "repobility-threat-engine", "fingerprint": "95d1a8fe5e71f9c77c7da7322d158eb8d9479dba8d66807df6db16c7b9c1b654", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95d1a8fe5e71f9c77c7da7322d158eb8d9479dba8d66807df6db16c7b9c1b654"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/helpers/splitargs.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 39734, "scanner": "repobility-threat-engine", "fingerprint": "3f309e5e26e0f38ae2163b54f399c39a8740eaa66466067040dbf86fedcf1790", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f309e5e26e0f38ae2163b54f399c39a8740eaa66466067040dbf86fedcf1790"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/components/imageRegistry/por-image-registry-rate-limits.controller.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 39733, "scanner": "repobility-threat-engine", "fingerprint": "89edd7f6d6c2f58a82f06ece673fbf345732da9806b6ef3ea9393c3538a28b45", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89edd7f6d6c2f58a82f06ece673fbf345732da9806b6ef3ea9393c3538a28b45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".storybook/preview.tsx"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `axios-progress-bar` pulled from URL/Git: `dependencies.axios-progress-bar` = `git://github.com/portainer/progress-bar-4-axios` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 39887, "scanner": "repobility-supply-chain", "fingerprint": "22b9557c3080519c746d9cd43e88ac479ffe700db6b892e6a34397ca000c3ec3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22b9557c3080519c746d9cd43e88ac479ffe700db6b892e6a34397ca000c3ec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 39879, "scanner": "repobility-journey-contract", "fingerprint": "c39c79a2781eeb704cd69f1ea40cf916804b878d476164051c08fb963e3615ee", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|107|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/portainer/registries/CreateView/RegistryFormDockerhub/RegistryFormDockerhub.tsx"}, "region": {"startLine": 107}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 39878, "scanner": "repobility-journey-contract", "fingerprint": "aeca254fd265e398886fe4b538dbb6abb852dbc01dc24d907eb3146b34a68568", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|91|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/portainer/gitops/AuthFieldset/CredentialsSection.tsx"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC069", "level": "error", "message": {"text": "[SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no USER directive was set. Ported from trivy DS002 / checkov CKV_DOCKER_3 (Apache-2.0). Implement as a file-level rule: skip if file contains `^\\s*USER\\s+\\S+` other than `root`."}, "properties": {"repobilityId": 39816, "scanner": "repobility-threat-engine", "fingerprint": "25f03cb02c7094382dc2afd7da29177bfe5017f499d402d90db36762d07a78f4", "category": "docker", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "import { List } from 'lucide-react';\n\nimport { joinCommand } from '@/docker/filters/utils';\nimport {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC069", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|25f03cb02c7094382dc2afd7da29177bfe5017f499d402d90db36762d07a78f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/docker/images/ItemView/DockerfileDetails.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 39799, "scanner": "repobility-threat-engine", "fingerprint": "dc88f7a2c11e10a454de8dce7f56b0825e72d80c8c6c9f24d626107736bf503d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(prevLine", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dc88f7a2c11e10a454de8dce7f56b0825e72d80c8c6c9f24d626107736bf503d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/CodeEditor/useCodeEditorExtensions.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 39798, "scanner": "repobility-threat-engine", "fingerprint": "19c0e713d056193c787101621a1ef15c9f793540b7a9395d95e58ba53e4dc344", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(data", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|19c0e713d056193c787101621a1ef15c9f793540b7a9395d95e58ba53e4dc344"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/views/images/import/importImageController.js"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 39793, "scanner": "repobility-threat-engine", "fingerprint": "bd959168f8b9a4f13d8130f1210c459f4e4dc0b02f77cb922cc6224350c52929", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd959168f8b9a4f13d8130f1210c459f4e4dc0b02f77cb922cc6224350c52929"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/views/networks/create/createNetworkController.js"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 39792, "scanner": "repobility-threat-engine", "fingerprint": "4d5f5842f23b2984c750812920a8b619df64b3abf645aee743f355b82bb23454", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d5f5842f23b2984c750812920a8b619df64b3abf645aee743f355b82bb23454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/components/log-viewer/logViewerController.js"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 39790, "scanner": "repobility-threat-engine", "fingerprint": "e3e4f857e793652bc7e00eb4105018cc2aca6014421699da6b47e5584e30b110", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e3e4f857e793652bc7e00eb4105018cc2aca6014421699da6b47e5584e30b110"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/react/components/ImageConfigFieldset/SimpleForm.tsx"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 39789, "scanner": "repobility-threat-engine", "fingerprint": "727c0f81d130f948d578ac4e42915962edd5da65fd766e7da33bd023ea93bedd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(source", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|727c0f81d130f948d578ac4e42915962edd5da65fd766e7da33bd023ea93bedd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/helpers/logHelper/formatZerologLogs.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 39788, "scanner": "repobility-threat-engine", "fingerprint": "a0926c3672125481caa86a5aa691148a0c05966ce3f9a7cc1571f73f99ec00fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a0926c3672125481caa86a5aa691148a0c05966ce3f9a7cc1571f73f99ec00fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/components/imageRegistry/por-image-registry.controller.js"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 39786, "scanner": "repobility-threat-engine", "fingerprint": "0ec4556753843440b69b25083be4f1fe412f056e63261d80e19bcfe938566a0e", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((c) => `%${`00${c.charCodeAt(0).toString(16)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ec4556753843440b69b25083be4f1fe412f056e63261d80e19bcfe938566a0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/models/config.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 39785, "scanner": "repobility-threat-engine", "fingerprint": "1b7425199ee70ca7ed7ecec56e45b1f3393a32d3637bfe529f97c4475348ba1f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((elem) => `'${elem}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b7425199ee70ca7ed7ecec56e45b1f3393a32d3637bfe529f97c4475348ba1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/helpers/containers.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 39784, "scanner": "repobility-threat-engine", "fingerprint": "6d3a642caa69e2c7cc0bb93028a412df60d698efcc4f9299f69c43a773b3e2bc", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `:root {\n  ${Object.entries(colors)\n    .map(([color, hex]) => {\n      if (typeof hex =", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d3a642caa69e2c7cc0bb93028a412df60d698efcc4f9299f69c43a773b3e2bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/assets/css/colors.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED031", "level": "error", "message": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "properties": {"repobilityId": 39781, "scanner": "repobility-threat-engine", "fingerprint": "a6bf5e5b694c111343d8708f821ce43c0f505be708222702fdebece4833b3525", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-direct-state-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347971+00:00", "triaged_in_corpus": 15, "observations_count": 6168, "ai_coder_pattern_id": 137}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6bf5e5b694c111343d8708f821ce43c0f505be708222702fdebece4833b3525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/docker/components/log-viewer/logViewerController.js"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED031", "level": "error", "message": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "properties": {"repobilityId": 39780, "scanner": "repobility-threat-engine", "fingerprint": "f76a62040a784743de94fbe3e763d16032e59264e09051f0365a77f3f2720017", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-direct-state-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347971+00:00", "triaged_in_corpus": 15, "observations_count": 6168, "ai_coder_pattern_id": 137}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f76a62040a784743de94fbe3e763d16032e59264e09051f0365a77f3f2720017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/agent/components/volume-browser/volumeBrowserController.js"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED031", "level": "error", "message": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "properties": {"repobilityId": 39779, "scanner": "repobility-threat-engine", "fingerprint": "7165149ac1b4b86a65be89b59d97428b08bb0a59a813918ddfa9bea1022032dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-direct-state-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347971+00:00", "triaged_in_corpus": 15, "observations_count": 6168, "ai_coder_pattern_id": 137}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7165149ac1b4b86a65be89b59d97428b08bb0a59a813918ddfa9bea1022032dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/agent/components/host-browser/hostBrowserController.js"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 39778, "scanner": "repobility-threat-engine", "fingerprint": "bea4a82d404b452b5ccb52bdd7d3eb97f3b71aa0137e9f29a399057aa0531adb", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "Exec(request", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|token|99|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/proxy/factory/kubernetes/transport.go"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 39777, "scanner": "repobility-threat-engine", "fingerprint": "1673ef7275839c22629d2c415d22a55972c43a532a45645f5ecb3586c3853005", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "Exec(request", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|token|18|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/proxy/factory/kubernetes/pods.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 39774, "scanner": "repobility-threat-engine", "fingerprint": "8322a954d5d350a49f59ff73f428ec40b98b8d514cb378ce1e8ead50bcc2ecee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8322a954d5d350a49f59ff73f428ec40b98b8d514cb378ce1e8ead50bcc2ecee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/pendingactions/pendingactions.go"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 39773, "scanner": "repobility-threat-engine", "fingerprint": "208651cba5855893f889fd6f19dc12a2da019045a00ca4aef557b02f31c95ac0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|208651cba5855893f889fd6f19dc12a2da019045a00ca4aef557b02f31c95ac0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/middlewares/panic_logger.go"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 39772, "scanner": "repobility-threat-engine", "fingerprint": "3f32e2ace39af883cb73c2ab75a2c4f8e38beb405967d0158079ed9c34c942f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f32e2ace39af883cb73c2ab75a2c4f8e38beb405967d0158079ed9c34c942f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/models/endpoint/formValues.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 39771, "scanner": "repobility-threat-engine", "fingerprint": "5f60844616d51d7ec8609fa66bac3a267f18d860d80329184b28ecb3a7861680", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f60844616d51d7ec8609fa66bac3a267f18d860d80329184b28ecb3a7861680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/endpoints/endpoint_update.go"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 39752, "scanner": "repobility-threat-engine", "fingerprint": "ad5a4f49c3b7cd803faf2a2ebbf1ae842bd2ee232eb12b735ff206e0b57724be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad5a4f49c3b7cd803faf2a2ebbf1ae842bd2ee232eb12b735ff206e0b57724be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/backup/backup.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 39751, "scanner": "repobility-threat-engine", "fingerprint": "7f64f09ed43ea797a009c0083275e27506fc6db7a1b24c4919a071acbb0b99d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f64f09ed43ea797a009c0083275e27506fc6db7a1b24c4919a071acbb0b99d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/archive/targz.go"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 39750, "scanner": "repobility-threat-engine", "fingerprint": "b21744f78091e7fc6dd832c579edb17500c2f79f583f161e3b9ea9ccc13871ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b21744f78091e7fc6dd832c579edb17500c2f79f583f161e3b9ea9ccc13871ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/archive/tar.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 39744, "scanner": "repobility-threat-engine", "fingerprint": "7315687ddf70accedf3dc7bb8038932c51429862a2968ac43f32bcdbb8507861", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7315687ddf70accedf3dc7bb8038932c51429862a2968ac43f32bcdbb8507861"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/exec/kubernetes_deploy.go"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 39743, "scanner": "repobility-threat-engine", "fingerprint": "05c1f5dbbb9781c17961ae21457fcc0cc9652085d756a4516b5288feaf47dd67", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|05c1f5dbbb9781c17961ae21457fcc0cc9652085d756a4516b5288feaf47dd67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/cli/cli.go"}, "region": {"startLine": 183}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 39742, "scanner": "repobility-threat-engine", "fingerprint": "e656f2e71d078169affcc520e9e84b7ef0795eb55bb8f91b1e7a5c9f68245ef1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e656f2e71d078169affcc520e9e84b7ef0795eb55bb8f91b1e7a5c9f68245ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/agent/version.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 39740, "scanner": "repobility-threat-engine", "fingerprint": "94f25d7cdc8784e14d54e1d46359ff34a16f09705fb606182245cd4152214328", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "statusCache.Delete(resourceID)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94f25d7cdc8784e14d54e1d46359ff34a16f09705fb606182245cd4152214328"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/docker/images/status.go"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 39739, "scanner": "repobility-threat-engine", "fingerprint": "351fa3c4bff1ad69cbc17822604f0ed56428de46c9109be5bb3dc4b32483cc12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "a.cache.Delete(apiKey.Digest)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|351fa3c4bff1ad69cbc17822604f0ed56428de46c9109be5bb3dc4b32483cc12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/apikey/service.go"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 39738, "scanner": "repobility-threat-engine", "fingerprint": "0f178718e481edbd22b8b14fb0b2702ed73bb0cb306bfdac835af368c6324382", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "activeClientIds.delete(clientId);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f178718e481edbd22b8b14fb0b2702ed73bb0cb306bfdac835af368c6324382"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".storybook/public/mockServiceWorker.js"}, "region": {"startLine": 75}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 39876, "scanner": "repobility-docker", "fingerprint": "0219b6701f1430449d6aed0d29747cc65681ebc9f8f6d10fd8d6ae7913cbe30e", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "portainer", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0219b6701f1430449d6aed0d29747cc65681ebc9f8f6d10fd8d6ae7913cbe30e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build/docker-extension/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 39805, "scanner": "repobility-threat-engine", "fingerprint": "928d6ca6534a9be7caa9db8bf576a3e345abc16c296e118ecd1b480b0e4fc8f1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|928d6ca6534a9be7caa9db8bf576a3e345abc16c296e118ecd1b480b0e4fc8f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/components/onEnterKey.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 39804, "scanner": "repobility-threat-engine", "fingerprint": "06aa2593cff3e5b2363a6b9153f356503151adc45949614cb5ea3e1f142980cd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06aa2593cff3e5b2363a6b9153f356503151adc45949614cb5ea3e1f142980cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/components/focusIf.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 39801, "scanner": "repobility-threat-engine", "fingerprint": "c545439724bce858397b89a40b0afd04827ecd8e03c6f9ffc705ba0d039fe371", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.0 bits) \u2014 likely real secret", "evidence": {"match": "PASSWORD = '<redacted>'", "reason": "High entropy value (4.0 bits) \u2014 likely real secret", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|token|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/portainer/services/authentication.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 39768, "scanner": "repobility-threat-engine", "fingerprint": "2b7dca5aa3b85201d683d1b446b2b2d98604aaaa9720bcc4f33af77c576ff242", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b7dca5aa3b85201d683d1b446b2b2d98604aaaa9720bcc4f33af77c576ff242"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/http/handler/customtemplates/handler.go"}, "region": {"startLine": 50}}}]}]}]}