{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo", "shortDescription": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "fullDescription": {"text": "`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 17 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1314"}, "properties": {"repository": "tbroyer/gradle-errorprone-plugin", "repoUrl": "https://github.com/tbroyer/gradle-errorprone-plugin", "branch": "main"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 134078, "scanner": "repobility-threat-engine", "fingerprint": "417f8768e57380226e479d586bbd21f68d3070ee8396e356bfa1e698ca06ae3d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|build.gradle.kts|197|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.gradle.kts"}, "region": {"startLine": 197}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134056, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5e09fd1686b3fe7040043646f116daa86fc11a47d7eda4dc26134977cfb39b8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/errorprone/ErrorPronePluginIntegrationTest.java", "duplicate_line": 19, "correlation_key": "fp|f5e09fd1686b3fe7040043646f116daa86fc11a47d7eda4dc26134977cfb39b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrationTest/java/net/ltgt/gradle/errorprone/StrongEncapsulationIntegrationTest.java"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134055, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f914b90be8f7bd116b563c85967d8caf932d086822f62979d8a1a0d117d60236", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/errorprone/ErrorPronePluginIntegrationTest.java", "duplicate_line": 113, "correlation_key": "fp|f914b90be8f7bd116b563c85967d8caf932d086822f62979d8a1a0d117d60236"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrationTest/java/net/ltgt/gradle/errorprone/GroovyDslIntegrationTest.java"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134054, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9011bae0f834e59c4d3be075ef56fc7d09261e09c5914d12dee37745fc8b786b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integrationTest/java/net/ltgt/gradle/errorprone/BinaryCompatibilityIntegrationTest.java", "duplicate_line": 109, "correlation_key": "fp|9011bae0f834e59c4d3be075ef56fc7d09261e09c5914d12dee37745fc8b786b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integrationTest/java/net/ltgt/gradle/errorprone/ErrorPronePluginIntegrationTest.java"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 134079, "scanner": "repobility-threat-engine", "fingerprint": "776115b480c1ae75c55e62aebc80d44100c8325e062fe6c5932e9f3056bf7ca4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(cmdarray", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|776115b480c1ae75c55e62aebc80d44100c8325e062fe6c5932e9f3056bf7ca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build.gradle.kts"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "properties": {"repobilityId": 134077, "scanner": "repobility-supply-chain", "fingerprint": "e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134076, "scanner": "repobility-supply-chain", "fingerprint": "997bdbfa42ebd4c4510627b54c1d97a551bed8bc1f0ca48043a5a27f6f7af2a0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|997bdbfa42ebd4c4510627b54c1d97a551bed8bc1f0ca48043a5a27f6f7af2a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134075, "scanner": "repobility-supply-chain", "fingerprint": "2708f28f13bcfa8095fffd66e73cb6afd347ba933031b0eca8d138f8be69a658", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2708f28f13bcfa8095fffd66e73cb6afd347ba933031b0eca8d138f8be69a658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134074, "scanner": "repobility-supply-chain", "fingerprint": "783c6fc9bb59fa217d8a1c054ff402ca838e685ee90f5b147ed41c3df6f871c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|783c6fc9bb59fa217d8a1c054ff402ca838e685ee90f5b147ed41c3df6f871c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134073, "scanner": "repobility-supply-chain", "fingerprint": "a3a4b687e73cf0f62814f1d173d055591eecb91b80bf1322a8b3e58791cc9ac8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a3a4b687e73cf0f62814f1d173d055591eecb91b80bf1322a8b3e58791cc9ac8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134072, "scanner": "repobility-supply-chain", "fingerprint": "b57acd473babdff290bcc15fcf1090fc6491d88988fefdf9d5cd15d385444e90", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b57acd473babdff290bcc15fcf1090fc6491d88988fefdf9d5cd15d385444e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134071, "scanner": "repobility-supply-chain", "fingerprint": "0c8942d6c0e0406ffd8cc39a115f42a8ba2ce9f092ff8c9955edaeec9ac8568b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c8942d6c0e0406ffd8cc39a115f42a8ba2ce9f092ff8c9955edaeec9ac8568b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134070, "scanner": "repobility-supply-chain", "fingerprint": "54b45b2b5c269f94a8db76a60903d5983cd0e80e09173fcbb2c786b6466ed2a4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54b45b2b5c269f94a8db76a60903d5983cd0e80e09173fcbb2c786b6466ed2a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134069, "scanner": "repobility-supply-chain", "fingerprint": "2f9ec03886ad9168130ded5cb439b738754bc99e57d59b963cdd68a7728698c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f9ec03886ad9168130ded5cb439b738754bc99e57d59b963cdd68a7728698c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134068, "scanner": "repobility-supply-chain", "fingerprint": "57b49ce071e65894c18fe47ec0b0fe9c3f27067968c113ba00ce9ac281c18f5a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57b49ce071e65894c18fe47ec0b0fe9c3f27067968c113ba00ce9ac281c18f5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134067, "scanner": "repobility-supply-chain", "fingerprint": "116c93eb74efcdaceb992ebcee33bc265cd5901f931a216632c6b2ab8042e235", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|116c93eb74efcdaceb992ebcee33bc265cd5901f931a216632c6b2ab8042e235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134066, "scanner": "repobility-supply-chain", "fingerprint": "5bf498bb6f37fe0e5d52515cf34a9bda9b54f87875e4b789e8255d91b26cd3c0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5bf498bb6f37fe0e5d52515cf34a9bda9b54f87875e4b789e8255d91b26cd3c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134065, "scanner": "repobility-supply-chain", "fingerprint": "cb505dd9409a189618cb09c579cbcdfeacb7a70ee124d3ef4b33f6f0b9c574be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb505dd9409a189618cb09c579cbcdfeacb7a70ee124d3ef4b33f6f0b9c574be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134064, "scanner": "repobility-supply-chain", "fingerprint": "f25870b1bd905c012ab8a5d844cfb050287d4b25bc52415029deaa38f9a52501", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f25870b1bd905c012ab8a5d844cfb050287d4b25bc52415029deaa38f9a52501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134063, "scanner": "repobility-supply-chain", "fingerprint": "973e75d52c4571c203237fec805bbef0f366eff0f75c1648b84eed338f73cbb1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|973e75d52c4571c203237fec805bbef0f366eff0f75c1648b84eed338f73cbb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134062, "scanner": "repobility-supply-chain", "fingerprint": "3a3a1564eb2790ab15b37a9e63753c0105a1a0320d6084b0e77352b2b17be76b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a3a1564eb2790ab15b37a9e63753c0105a1a0320d6084b0e77352b2b17be76b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134061, "scanner": "repobility-supply-chain", "fingerprint": "f7f58e88530edef65b72bbe51c7b794a512ce2f4bd590840742f26337a7d352c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7f58e88530edef65b72bbe51c7b794a512ce2f4bd590840742f26337a7d352c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134060, "scanner": "repobility-supply-chain", "fingerprint": "932c336ce3f1dee3a2ceceea693b1651233042d1a6931a83304d6d10f3c23b48", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|932c336ce3f1dee3a2ceceea693b1651233042d1a6931a83304d6d10f3c23b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134059, "scanner": "repobility-supply-chain", "fingerprint": "25f42fc3496ece52ed00b6a186c76213e6df4b9c880ff7040b00eddda57ee230", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25f42fc3496ece52ed00b6a186c76213e6df4b9c880ff7040b00eddda57ee230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134058, "scanner": "repobility-supply-chain", "fingerprint": "375310d5a9166386d1749b1bd45d69818abaf959cfd61a2ea39590c84f143930", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|375310d5a9166386d1749b1bd45d69818abaf959cfd61a2ea39590c84f143930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 134057, "scanner": "repobility-supply-chain", "fingerprint": "7075b8a3950b62a3792bdeb203f8bc79eff928f35cbf453a91892b3897663450", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7075b8a3950b62a3792bdeb203f8bc79eff928f35cbf453a91892b3897663450"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yaml"}, "region": {"startLine": 17}}}]}]}]}