{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/453"}, "properties": {"repository": "colbymchenry/codegraph", "repoUrl": "https://github.com/colbymchenry/codegraph.git", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 23486, "scanner": "repobility-threat-engine", "fingerprint": "00008430e33f728d201fb14e3e670d92457c08a03c301421e7279693b4ff14ab", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|00008430e33f728d201fb14e3e670d92457c08a03c301421e7279693b4ff14ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/index.ts"}, "region": {"startLine": 661}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 23466, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23485, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b89171cb0202ff2fc82fee1e862589acffb385e6a9dc9b18cbb242f2845ee0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/svelte.ts", "duplicate_line": 75, "correlation_key": "fp|1b89171cb0202ff2fc82fee1e862589acffb385e6a9dc9b18cbb242f2845ee0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/vue.ts"}, "region": {"startLine": 99}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23484, "scanner": "repobility-ai-code-hygiene", "fingerprint": "553d807420ca268fc2e9d0835bc963cacd743036dfa54f100c600426d51c20d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/python.ts", "duplicate_line": 225, "correlation_key": "fp|553d807420ca268fc2e9d0835bc963cacd743036dfa54f100c600426d51c20d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/swift.ts"}, "region": {"startLine": 328}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23483, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69d067f4b872ba0b6d726aded999a2b8d90d59cab991a11263f7cd7e7219aebc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/laravel.ts", "duplicate_line": 75, "correlation_key": "fp|69d067f4b872ba0b6d726aded999a2b8d90d59cab991a11263f7cd7e7219aebc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/swift.ts"}, "region": {"startLine": 278}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23482, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a5b6a5adae4c01c394e2dc7f35b99217209c4f9cce9f1a8da7875902a19e274", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 81, "correlation_key": "fp|7a5b6a5adae4c01c394e2dc7f35b99217209c4f9cce9f1a8da7875902a19e274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/swift.ts"}, "region": {"startLine": 160}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23481, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b27c834a8c6ee93c99dddb65f3bac7423c8d35fdc07389841c124fbfb61cbe9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/go.ts", "duplicate_line": 51, "correlation_key": "fp|b27c834a8c6ee93c99dddb65f3bac7423c8d35fdc07389841c124fbfb61cbe9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/swift.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23480, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c5830df3975c6727845a2dbbd37928bdc136c2b0cb872a568d46bdaceb9d2c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 179, "correlation_key": "fp|3c5830df3975c6727845a2dbbd37928bdc136c2b0cb872a568d46bdaceb9d2c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/rust.ts"}, "region": {"startLine": 144}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23479, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33113d61fcff7c8bfddbb3bd80330a4d60c1b6e9a6062b51a2e39dc0c400e577", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/laravel.ts", "duplicate_line": 78, "correlation_key": "fp|33113d61fcff7c8bfddbb3bd80330a4d60c1b6e9a6062b51a2e39dc0c400e577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/rust.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23478, "scanner": "repobility-ai-code-hygiene", "fingerprint": "233397b6b36c6660a1d15e0c929984ae113dec486111ff0f078158eb0c3de396", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/laravel.ts", "duplicate_line": 78, "correlation_key": "fp|233397b6b36c6660a1d15e0c929984ae113dec486111ff0f078158eb0c3de396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/ruby.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23477, "scanner": "repobility-ai-code-hygiene", "fingerprint": "590f0d55064b6c8cb8a6a50abeb37c4f3775f361e8fc579d8c7673db79eb4866", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 81, "correlation_key": "fp|590f0d55064b6c8cb8a6a50abeb37c4f3775f361e8fc579d8c7673db79eb4866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/ruby.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23476, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d4bec30b2270a0e5a2412478ef4d590fb4b74f8ec786f4f2ac042a4f16098422", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 81, "correlation_key": "fp|d4bec30b2270a0e5a2412478ef4d590fb4b74f8ec786f4f2ac042a4f16098422"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/react.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23475, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da368e6e1db04af335b24d5dcb29108901f4427885c00bc001c22e7983603611", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 47, "correlation_key": "fp|da368e6e1db04af335b24d5dcb29108901f4427885c00bc001c22e7983603611"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/java.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23474, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d837eb61177e1172888c4882b0da49555e0996e83b8c4eb6e0c3d4a3bbb1b7e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resolution/frameworks/csharp.ts", "duplicate_line": 81, "correlation_key": "fp|1d837eb61177e1172888c4882b0da49555e0996e83b8c4eb6e0c3d4a3bbb1b7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resolution/frameworks/express.ts"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23473, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fafb48d404f66c66cf377a29cbd26a44aeb90b73c97ba83ae1257213085df628", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/svelte-extractor.ts", "duplicate_line": 12, "correlation_key": "fp|fafb48d404f66c66cf377a29cbd26a44aeb90b73c97ba83ae1257213085df628"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/vue-extractor.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23472, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e92d519d8c66ecb110b22cf97f56c021a571147507903f20a12352722ad2c03e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/dfm-extractor.ts", "duplicate_line": 4, "correlation_key": "fp|e92d519d8c66ecb110b22cf97f56c021a571147507903f20a12352722ad2c03e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/vue-extractor.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23471, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2d17f92facefa7e8eb0396cb187db72174b3d0acb8bef0b63371042da12ea76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/dfm-extractor.ts", "duplicate_line": 4, "correlation_key": "fp|e2d17f92facefa7e8eb0396cb187db72174b3d0acb8bef0b63371042da12ea76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/svelte-extractor.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23470, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07b5f901096aa4c519124d2341a16d3876e5a77b789083cd8d1f6dd52016b3b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/dfm-extractor.ts", "duplicate_line": 4, "correlation_key": "fp|07b5f901096aa4c519124d2341a16d3876e5a77b789083cd8d1f6dd52016b3b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/liquid-extractor.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23469, "scanner": "repobility-ai-code-hygiene", "fingerprint": "101c9d2dce2ace6c332a20c33aed8ab70903e2594c0f4055bd085d8aadcb7a69", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/languages/javascript.ts", "duplicate_line": 18, "correlation_key": "fp|101c9d2dce2ace6c332a20c33aed8ab70903e2594c0f4055bd085d8aadcb7a69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/languages/typescript.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23468, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7cdcab9a5c6de2ffd20bb0bae5445ec976fd5916374169e6603ad4ce950af86e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/languages/kotlin.ts", "duplicate_line": 173, "correlation_key": "fp|7cdcab9a5c6de2ffd20bb0bae5445ec976fd5916374169e6603ad4ce950af86e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/languages/swift.ts"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23467, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6be795ea50ff20f39df637b19f9ef6064b23a4f26448f53e0222bad12454dc12", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/extraction/languages/python.ts", "duplicate_line": 14, "correlation_key": "fp|6be795ea50ff20f39df637b19f9ef6064b23a4f26448f53e0222bad12454dc12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/extraction/languages/rust.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23487, "scanner": "repobility-threat-engine", "fingerprint": "358da84b30c3edb8e8c66613388cd14f77c996d2eded9308721624a79727c1ab", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|358da84b30c3edb8e8c66613388cd14f77c996d2eded9308721624a79727c1ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/index.ts"}, "region": {"startLine": 30}}}]}]}]}