{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED081", "name": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr.", "shortDescription": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED083", "name": "[MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed pool.", "shortDescription": {"text": "[MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed pool."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-664 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `maven-resolver-demos/maven-resolver-demo-snippets/src/main/data/demo.jar` committed in source repo", "shortDescription": {"text": "Binary file `maven-resolver-demos/maven-resolver-demo-snippets/src/main/data/demo.jar` committed in source repo"}, "fullDescription": {"text": "`maven-resolver-demos/maven-resolver-demo-snippets/src/main/data/demo.jar` is a .jar binary (345 bytes) committed to a repo that otherwise has 870 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `apache/maven-gh-actions-shared/.github/workflows/pr-automation.yml` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `apache/maven-gh-actions-shared/.github/workflows/pr-automation.yml` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: apache/maven-gh-actions-shared/.github/workflows/pr-automation.yml@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1024"}, "properties": {"repository": "apache/maven-resolver", "repoUrl": "https://github.com/apache/maven-resolver", "branch": "master"}, "results": [{"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 96158, "scanner": "repobility-threat-engine", "fingerprint": "ff6c77f17604b7f2bd64230f177d27a673a89d8fae68d8ca9590b841160bc771", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Newest version \" + newestVersion + \" from repository \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff6c77f17604b7f2bd64230f177d27a673a89d8fae68d8ca9590b841160bc771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/FindNewestVersion.java"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 96157, "scanner": "repobility-threat-engine", "fingerprint": "c36261e576e817bcaa1b837149759928635dd52bd5ec3551383902c8cc393db0", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"FAILED: one=\" + oneExit + \" two=\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c36261e576e817bcaa1b837149759928635dd52bd5ec3551383902c8cc393db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/demo/TestNioLock.java"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 96156, "scanner": "repobility-threat-engine", "fingerprint": "8fd60b29501425fc86e2f551c03563c25d7b5abb479bfe04539c4c3281bc8095", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\" contains only \" + total\n                            + \" bytes, cannot resume download from offset", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8fd60b29501425fc86e2f551c03563c25d7b5abb479bfe04539c4c3281bc8095"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumCalculator.java"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96141, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85e29f878202701b81f61ef2a86df0491b15d6bedc3abced3c683a1b63790c4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/traverser/FatArtifactTraverser.java", "duplicate_line": 16, "correlation_key": "fp|85e29f878202701b81f61ef2a86df0491b15d6bedc3abced3c683a1b63790c4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/version/ContextualAncestorSnapshotVersionFilter.java"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96140, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a4017bd280c393ae0bb1926e3a9b738f31ebc7fc9f6859884aa8878472d270b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/NoopDependencyManager.java", "duplicate_line": 17, "correlation_key": "fp|4a4017bd280c393ae0bb1926e3a9b738f31ebc7fc9f6859884aa8878472d270b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/traverser/FatArtifactTraverser.java"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96139, "scanner": "repobility-ai-code-hygiene", "fingerprint": "132fbece274de5817fe69f815958306d663729ae5e404405efbd4a64d3bd2c7c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/ClassicConflictResolver.java", "duplicate_line": 27, "correlation_key": "fp|132fbece274de5817fe69f815958306d663729ae5e404405efbd4a64d3bd2c7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/PathConflictResolver.java"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96138, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2445054134a7e6ef5fe1c61a7ee6b22e42e3ddd3693e09c907d2bf44ba36a4d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/ConfigurableVersionSelector.java", "duplicate_line": 72, "correlation_key": "fp|2445054134a7e6ef5fe1c61a7ee6b22e42e3ddd3693e09c907d2bf44ba36a4d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/NearestVersionSelector.java"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96137, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c09e0dcab14d55e29f58e96a98273c3848f2982486c71bf82327ffe61f3648c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/scope/ManagedScopeSelector.java", "duplicate_line": 33, "correlation_key": "fp|c09e0dcab14d55e29f58e96a98273c3848f2982486c71bf82327ffe61f3648c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/JavaScopeSelector.java"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96136, "scanner": "repobility-ai-code-hygiene", "fingerprint": "295df083b38ff4d2bec26033d115ef0a1aba3c55a607f1bc086c34d529524bae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/scope/ManagedDependencyContextRefiner.java", "duplicate_line": 17, "correlation_key": "fp|295df083b38ff4d2bec26033d115ef0a1aba3c55a607f1bc086c34d529524bae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/JavaDependencyContextRefiner.java"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96135, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d41c19072477b8bc34fc9991e25df412f2e6026a0d4ec2ca9e1fb13d36f2b2a0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/AbstractDependencyManager.java", "duplicate_line": 318, "correlation_key": "fp|d41c19072477b8bc34fc9991e25df412f2e6026a0d4ec2ca9e1fb13d36f2b2a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/transformer/ConflictMarker.java"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96134, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3c6715179159b74242e8845f13adaaa3b490fe7d0e7607a0549a6bcde5e70de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/DefaultDependencyManager.java", "duplicate_line": 29, "correlation_key": "fp|f3c6715179159b74242e8845f13adaaa3b490fe7d0e7607a0549a6bcde5e70de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/TransitiveDependencyManager.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96133, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17b2fd06fc94bfb132e2033089106cf3584a9a467eeab7bd9599b2fa9caf0f4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/ClassicDependencyManager.java", "duplicate_line": 18, "correlation_key": "fp|17b2fd06fc94bfb132e2033089106cf3584a9a467eeab7bd9599b2fa9caf0f4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/TransitiveDependencyManager.java"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96132, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ffb894a1660d2cdeaab9a179701512fff7fb7f513772eeebe26474700b5894e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/ClassicDependencyManager.java", "duplicate_line": 18, "correlation_key": "fp|ffb894a1660d2cdeaab9a179701512fff7fb7f513772eeebe26474700b5894e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/graph/manager/DefaultDependencyManager.java"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96131, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96d9662a2278f98dca61c26648de7fc65b009cd254f9a092257333a7c6ec49e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-spi/src/main/java/org/eclipse/aether/spi/io/PathProcessorSupport.java", "duplicate_line": 114, "correlation_key": "fp|96d9662a2278f98dca61c26648de7fc65b009cd254f9a092257333a7c6ec49e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/FileUtils.java"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96130, "scanner": "repobility-ai-code-hygiene", "fingerprint": "333b3f98618553213a16dd8f84c4e6ccadebb3e71a4541093cfa6c451e507d5c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultChecksumProcessor.java", "duplicate_line": 25, "correlation_key": "fp|333b3f98618553213a16dd8f84c4e6ccadebb3e71a4541093cfa6c451e507d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/ChecksumUtils.java"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96129, "scanner": "repobility-ai-code-hygiene", "fingerprint": "973477fe25168cce368b10f300a02c9472be0a0897106490fe68b6a05b71bfb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-transport-apache/src/main/java/org/eclipse/aether/transport/apache/ApacheTransporter.java", "duplicate_line": 484, "correlation_key": "fp|973477fe25168cce368b10f300a02c9472be0a0897106490fe68b6a05b71bfb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-transport-jetty/src/main/java/org/eclipse/aether/transport/jetty/JettyTransporter.java"}, "region": {"startLine": 188}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96128, "scanner": "repobility-ai-code-hygiene", "fingerprint": "43b00e17607d12ee4129097cc7bd4829adb9a6663bd52a31aa52503ff2211e08", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk11/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporter.java", "duplicate_line": 121, "correlation_key": "fp|43b00e17607d12ee4129097cc7bd4829adb9a6663bd52a31aa52503ff2211e08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-transport-jetty/src/main/java/org/eclipse/aether/transport/jetty/JettyTransporter.java"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96127, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d44ab2705cda109c52c560150939f4f38045571b52b46a58b32b671cbaacc6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk11/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporterFactory.java", "duplicate_line": 22, "correlation_key": "fp|3d44ab2705cda109c52c560150939f4f38045571b52b46a58b32b671cbaacc6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk8/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporterFactory.java"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96126, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11f480af8527f45633f20338c731240fc601d1b33bb938e6708854488d8a6f9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-transport-apache/src/main/java/org/eclipse/aether/transport/apache/ApacheTransporter.java", "duplicate_line": 484, "correlation_key": "fp|11f480af8527f45633f20338c731240fc601d1b33bb938e6708854488d8a6f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk11/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporter.java"}, "region": {"startLine": 235}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96125, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f189eb96127685a6bf9afe35f0d0fd05d72087e517a58c0b33b1f355b5a6de07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-supplier-mvn3/src/main/java/org/eclipse/aether/supplier/SessionBuilderSupplier.java", "duplicate_line": 73, "correlation_key": "fp|f189eb96127685a6bf9afe35f0d0fd05d72087e517a58c0b33b1f355b5a6de07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-supplier-mvn4/src/main/java/org/eclipse/aether/supplier/SessionBuilderSupplier.java"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96124, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae844f80b9039d3ba4a80bbe370d48b2a3119409fee6f4a136b40a8b3d2f625c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultFileProcessor.java", "duplicate_line": 59, "correlation_key": "fp|ae844f80b9039d3ba4a80bbe370d48b2a3119409fee6f4a136b40a8b3d2f625c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-spi/src/main/java/org/eclipse/aether/spi/io/PathProcessorSupport.java"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96123, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed019401017107c8d57628e6a31529905f290ec1cf7289bac18b6bcb5a7ed1e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/synccontext/named/GAVNameMapper.java", "duplicate_line": 87, "correlation_key": "fp|ed019401017107c8d57628e6a31529905f290ec1cf7289bac18b6bcb5a7ed1e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/synccontext/named/NamedLockFactoryAdapter.java"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96122, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fefafeea3d6a7e3c5cc22292080b67aff6ea6d4591ada27660b2fce31fe313a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-api/src/main/java/org/eclipse/aether/DefaultRepositorySystemSession.java", "duplicate_line": 80, "correlation_key": "fp|fefafeea3d6a7e3c5cc22292080b67aff6ea6d4591ada27660b2fce31fe313a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/session/DefaultSessionBuilder.java"}, "region": {"startLine": 321}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96121, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e38b4afbf83935cb156a445fd31a7c63f43fb9e86f824c2cd22c008cf8e7238", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/filter/ruletree/GroupTree.java", "duplicate_line": 23, "correlation_key": "fp|9e38b4afbf83935cb156a445fd31a7c63f43fb9e86f824c2cd22c008cf8e7238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/filter/ruletree/PrefixTree.java"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96120, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2782dbde4a2bce447f8edc592e6a9325e7e025b7a2686b2eeb463bd218048703", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/filter/GroupIdRemoteRepositoryFilterSource.java", "duplicate_line": 86, "correlation_key": "fp|2782dbde4a2bce447f8edc592e6a9325e7e025b7a2686b2eeb463bd218048703"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/filter/PrefixesRemoteRepositoryFilterSource.java"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96119, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ff929f4d477d6eb5d31f364b1254658ce2ac0bd413c95f00c467b26a17e3638", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/bf/BfDependencyCollector.java", "duplicate_line": 72, "correlation_key": "fp|1ff929f4d477d6eb5d31f364b1254658ce2ac0bd413c95f00c467b26a17e3638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/collect/df/DfDependencyCollector.java"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96118, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4dc1dc99818a16d0374ffc3bb1e47c55c1be08f62668ccbf893f04cfd32a3bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/SparseDirectoryTrustedChecksumsSource.java", "duplicate_line": 45, "correlation_key": "fp|f4dc1dc99818a16d0374ffc3bb1e47c55c1be08f62668ccbf893f04cfd32a3bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/SummaryFileTrustedChecksumsSource.java"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96117, "scanner": "repobility-ai-code-hygiene", "fingerprint": "084fc538eea501577daed602b0ac4eba8fdfd0e575172523d087223eb70bc7fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultDeployer.java", "duplicate_line": 130, "correlation_key": "fp|084fc538eea501577daed602b0ac4eba8fdfd0e575172523d087223eb70bc7fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultInstaller.java"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96116, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bbea171b7c8ce5ebf1d21e0734c1f4ef6a10240b9776bfd83f43853013907d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultChecksumProcessor.java", "duplicate_line": 25, "correlation_key": "fp|1bbea171b7c8ce5ebf1d21e0734c1f4ef6a10240b9776bfd83f43853013907d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultFileProcessor.java"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96115, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c618f731c552f5ba767abd52362e4143a6403ac71de85102bcba3a2cace63b7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-impl/src/main/java/org/eclipse/aether/impl/scope/BuildScopeMatrixSource.java", "duplicate_line": 134, "correlation_key": "fp|c618f731c552f5ba767abd52362e4143a6403ac71de85102bcba3a2cace63b7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/impl/scope/CommonBuilds.java"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96114, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72d62a54d9a74c56969a60383985c691cec477307314fa113abb74ce5f21977e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGenerator.java", "duplicate_line": 85, "correlation_key": "fp|72d62a54d9a74c56969a60383985c691cec477307314fa113abb74ce5f21977e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java"}, "region": {"startLine": 112}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96113, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9486a454935aceaa53bf7b2a661a968bfce7f1a53f97039b1c80d68d4014d7f4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-api/src/main/java/org/eclipse/aether/artifact/AbstractArtifact.java", "duplicate_line": 80, "correlation_key": "fp|9486a454935aceaa53bf7b2a661a968bfce7f1a53f97039b1c80d68d4014d7f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-api/src/main/java/org/eclipse/aether/metadata/AbstractMetadata.java"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 96112, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d067494b61086c0385393419e1ff5e88a4cf481f7787bd4c1901103a1290a66", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "maven-resolver-api/src/main/java/org/eclipse/aether/deployment/DeployResult.java", "duplicate_line": 53, "correlation_key": "fp|6d067494b61086c0385393419e1ff5e88a4cf481f7787bd4c1901103a1290a66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-api/src/main/java/org/eclipse/aether/installation/InstallResult.java"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 96167, "scanner": "repobility-threat-engine", "fingerprint": "602f8d641d70cc1fc6ba8a1608f0fddac1bea06c194b4890385e35e79f668296", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|602f8d641d70cc1fc6ba8a1608f0fddac1bea06c194b4890385e35e79f668296"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGeneratorFactory.java"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 96166, "scanner": "repobility-threat-engine", "fingerprint": "7567f7bf87c3376bbb1203c60fd7d31ead369b261e1bd83189acc602ef593bdf", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "print(false, secretKey)", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|20|print false secretkey"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGeneratorFactory.java"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 96165, "scanner": "repobility-threat-engine", "fingerprint": "21c368acc9b2f0e6fa87126e44d8db450c6419bceb2d50342ff0cbfa2d781928", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|21c368acc9b2f0e6fa87126e44d8db450c6419bceb2d50342ff0cbfa2d781928"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/util/Booter.java"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 96164, "scanner": "repobility-threat-engine", "fingerprint": "4ecc75108d307e32b54aed4d1ef4247393db6d5d6c10650dd42e32154481ea92", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ecc75108d307e32b54aed4d1ef4247393db6d5d6c10650dd42e32154481ea92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/GetDependencyHierarchyWithConflicts.java"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 96163, "scanner": "repobility-threat-engine", "fingerprint": "5c157d2f5fbb7d09f975ee5b1de16384c9247d6611eb21e88ff11818cdbae6bc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c157d2f5fbb7d09f975ee5b1de16384c9247d6611eb21e88ff11818cdbae6bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/demo/TestNioLock.java"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED083", "level": "none", "message": {"text": "[MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed pool."}, "properties": {"repobilityId": 96162, "scanner": "repobility-threat-engine", "fingerprint": "01e3506c7da5c9fc9c9a283c159fba09b0bff6769934d0bc9ebb2a1c27cd40d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-thread-start", "owasp": null, "cwe_ids": ["CWE-664"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348131+00:00", "triaged_in_corpus": 12, "observations_count": 1591, "ai_coder_pattern_id": 128}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01e3506c7da5c9fc9c9a283c159fba09b0bff6769934d0bc9ebb2a1c27cd40d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/version/GenericVersionScheme.java"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED083", "level": "none", "message": {"text": "[MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed pool."}, "properties": {"repobilityId": 96161, "scanner": "repobility-threat-engine", "fingerprint": "c27e72bd903be856711aa677bc795f375ad00dbcd094ba29e3756f9dac36398c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-thread-start", "owasp": null, "cwe_ids": ["CWE-664"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348131+00:00", "triaged_in_corpus": 12, "observations_count": 1591, "ai_coder_pattern_id": 128}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c27e72bd903be856711aa677bc795f375ad00dbcd094ba29e3756f9dac36398c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/ResolveTransitiveDependenciesParallel.java"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED083", "level": "none", "message": {"text": "[MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed pool."}, "properties": {"repobilityId": 96160, "scanner": "repobility-threat-engine", "fingerprint": "01d334ecabdb6f7b758564cbb55ee879e430bfa5f4aafdd85c14e5513768ccd5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-thread-start", "owasp": null, "cwe_ids": ["CWE-664"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348131+00:00", "triaged_in_corpus": 12, "observations_count": 1591, "ai_coder_pattern_id": 128}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01d334ecabdb6f7b758564cbb55ee879e430bfa5f4aafdd85c14e5513768ccd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/demo/TestNioLock.java"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 96159, "scanner": "repobility-threat-engine", "fingerprint": "5134ba67b8ed6497b08de31fab74f32c7fddcd1b4cdf063410937f25f8c61de3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5134ba67b8ed6497b08de31fab74f32c7fddcd1b4cdf063410937f25f8c61de3"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 96155, "scanner": "repobility-threat-engine", "fingerprint": "739a736414e38719f3401d29945d241354f544495ac1ddde186b2a2bc2cfb421", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|143|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/repository/JreProxySelector.java"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 96154, "scanner": "repobility-threat-engine", "fingerprint": "35a60ee0830d101a9f5c98ec92c629badc995bc861bd910bbc2346057236c39d", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|64|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-api/src/main/java/org/eclipse/aether/repository/WorkspaceRepository.java"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 96153, "scanner": "repobility-threat-engine", "fingerprint": "2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2eaab8f590234775531b0af5c0b5d781dabb04b06006b4e2a5ef6e77992ce9f7", "aggregated_count": 8}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 96149, "scanner": "repobility-threat-engine", "fingerprint": "4e858a56c34b65b0912e3fe629971d6d32fcda68cee02eb1f3bab34175679dd4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4e858a56c34b65b0912e3fe629971d6d32fcda68cee02eb1f3bab34175679dd4"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 96169, "scanner": "repobility-threat-engine", "fingerprint": "ec191bd0ed7830d27cea713acff052047382e2df2bb008c7d68dae08415dd565", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ec191bd0ed7830d27cea713acff052047382e2df2bb008c7d68dae08415dd565"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-util/src/main/java/org/eclipse/aether/util/repository/JreProxySelector.java"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 96168, "scanner": "repobility-threat-engine", "fingerprint": "c0341ae6d104f9b17bfdd4ac2640386eef02de58c212f328b4748eeeac50056c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c0341ae6d104f9b17bfdd4ac2640386eef02de58c212f328b4748eeeac50056c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-transport-minio/src/main/java/org/eclipse/aether/transport/minio/MinioTransporterFactory.java"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 96152, "scanner": "repobility-threat-engine", "fingerprint": "281710489e7fee74b5ae61396759d227a8b50cc9929266dcd7da09ad4a10a28a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|281710489e7fee74b5ae61396759d227a8b50cc9929266dcd7da09ad4a10a28a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/Md5ChecksumAlgorithmFactory.java"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 96151, "scanner": "repobility-threat-engine", "fingerprint": "2f61ed06b6a94c28c1d61e70a0415ee7bf55f1e9596eebe564a2d42e2ea42ca8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f61ed06b6a94c28c1d61e70a0415ee7bf55f1e9596eebe564a2d42e2ea42ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/NamedLocksTrackingFileManager.java"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 96150, "scanner": "repobility-threat-engine", "fingerprint": "2b8c75e3f21127d5dc2b7df06a89b6e1c63a5699d5beafde9b7243f7b6ec6fc4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b8c75e3f21127d5dc2b7df06a89b6e1c63a5699d5beafde9b7243f7b6ec6fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationDigest.java"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 96148, "scanner": "repobility-threat-engine", "fingerprint": "442dda6e98677d237e0166cc98ea9c7fad61495e600a582943e361af37a3e26e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "checksumCalculator.update(data);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|442dda6e98677d237e0166cc98ea9c7fad61495e600a582943e361af37a3e26e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/TransferTransportListener.java"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 96147, "scanner": "repobility-threat-engine", "fingerprint": "a07e95c1d2d61f860b44bf831c4d75a20bc52ed239e34950ad20e5cb51779dc7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.algorithm.update(buffer);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a07e95c1d2d61f860b44bf831c4d75a20bc52ed239e34950ad20e5cb51779dc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-connector-basic/src/main/java/org/eclipse/aether/connector/basic/ChecksumCalculator.java"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 96146, "scanner": "repobility-threat-engine", "fingerprint": "af6f3464aa29668df1279e08d0a1c6ff107ecc81d78a0e608c838a11eb84b71a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "digest.update(bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|af6f3464aa29668df1279e08d0a1c6ff107ecc81d78a0e608c838a11eb84b71a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationDigest.java"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `maven-resolver-demos/maven-resolver-demo-snippets/src/main/data/demo.jar` committed in source repo"}, "properties": {"repobilityId": 96145, "scanner": "repobility-supply-chain", "fingerprint": "4f0dcb1b3c0d930b9fcbd77d37e3a5f4d2ee11ae8b82475c4ce080b5266dd7b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f0dcb1b3c0d930b9fcbd77d37e3a5f4d2ee11ae8b82475c4ce080b5266dd7b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-demos/maven-resolver-demo-snippets/src/main/data/demo.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `apache/maven-gh-actions-shared/.github/workflows/pr-automation.yml` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 96144, "scanner": "repobility-supply-chain", "fingerprint": "15c50b8cd304fc81949ca89c61cbceabf0a6b612e385ef7f9d671184d543b6bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15c50b8cd304fc81949ca89c61cbceabf0a6b612e385ef7f9d671184d543b6bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-automation.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `apache/maven-gh-actions-shared/.github/workflows/release-drafter.yml` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 96143, "scanner": "repobility-supply-chain", "fingerprint": "c40c061af29834ff97b89ea04d287444a71eedb25cf32c0f5e28b451f67a0168", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c40c061af29834ff97b89ea04d287444a71eedb25cf32c0f5e28b451f67a0168"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-drafter.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `apache/maven-gh-actions-shared/.github/workflows/maven-verify.yml` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 96142, "scanner": "repobility-supply-chain", "fingerprint": "a76e654560d8ae1e22347d051783b55ab8ac4bdedbef94771071c0d3ecfd845f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a76e654560d8ae1e22347d051783b55ab8ac4bdedbef94771071c0d3ecfd845f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/maven-verify.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 96171, "scanner": "gitleaks", "fingerprint": "13d784ca83d54d4a4ca95e6c6ad80dbff279ae684d6d1946aae2fc93c50414af", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "keyPass, \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|18|keypass redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-generator-gnupg/src/test/java/org/eclipse/aether/generator/gnupg/GpgSignerFactoryTest.java"}, "region": {"startLine": 188}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 96170, "scanner": "gitleaks", "fingerprint": "c1342b567a47cbaa5738a4d2067ea4f9dba5718ee7295897e2842255238821b0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|1|redacted", "duplicate_count": 1, "duplicate_rule_ids": ["private-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2d31c03e593e3e6d6562ecb9db200c226e948d6035a862b9f0559c542a362497", "c1342b567a47cbaa5738a4d2067ea4f9dba5718ee7295897e2842255238821b0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "maven-resolver-generator-gnupg/src/test/resources/gpg-signing/gpg-secret.key"}, "region": {"startLine": 1}}}]}]}]}