{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED109", "name": "[MINED109] Mutable default argument in `check_allowed_keys` (list): `def check_allowed_keys(... = []/{}/set())` \u2014 Python", "shortDescription": {"text": "[MINED109] Mutable default argument in `check_allowed_keys` (list): `def check_allowed_keys(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mu"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def check_allowed_keys(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `make_donors_header` has cognitive complexity 12 (SonarSource scale). Cogn", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `make_donors_header` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recu"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `google-github-actions/setup-gcloud` pinned to mutable ref `@v3`: `uses: google-github-actions/setup-g", "shortDescription": {"text": "[MINED115] Action `google-github-actions/setup-gcloud` pinned to mutable ref `@v3`: `uses: google-github-actions/setup-gcloud@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-action"}, "fullDescription": {"text": "Replace with: `uses: google-github-actions/setup-gcloud@<40-char-sha>  # v3` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.next_line` used but never assigned in __init__: Method `next_tag` of class `LicenseReader` reads `self.", "shortDescription": {"text": "[MINED108] `self.next_line` used but never assigned in __init__: Method `next_tag` of class `LicenseReader` reads `self.next_line`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the fir"}, "fullDescription": {"text": "Initialize `self.next_line = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/752"}, "properties": {"repository": "godotengine/godot", "repoUrl": "https://github.com/godotengine/godot", "branch": "master"}, "results": [{"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `check_allowed_keys` (list): `def check_allowed_keys(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 62738, "scanner": "repobility-ast-engine", "fingerprint": "332284857cf5e5a4090731f20f0a976da285a9a3c4306986838b79721541df9f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|332284857cf5e5a4090731f20f0a976da285a9a3c4306986838b79721541df9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/extension/make_interface_header.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 62726, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62736, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d05bc0cc01a1e6023a62c16594b59d3b8cfba2ff459aa7fa9483f196b9406d30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/basis.cpp", "duplicate_line": 462, "correlation_key": "fp|d05bc0cc01a1e6023a62c16594b59d3b8cfba2ff459aa7fa9483f196b9406d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/transform_interpolator.cpp"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62735, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec16f6543b0e431d7c92c06305eb7f86aa23a0210a33a401d61672ae9a06e191", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/rect2.h", "duplicate_line": 31, "correlation_key": "fp|ec16f6543b0e431d7c92c06305eb7f86aa23a0210a33a401d61672ae9a06e191"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/rect2i.h"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62734, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f37f269dd2028ac89b9d2ef623bac08ecd66c0a09545911175ecb924c394700a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/aabb.cpp", "duplicate_line": 114, "correlation_key": "fp|f37f269dd2028ac89b9d2ef623bac08ecd66c0a09545911175ecb924c394700a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/rect2.cpp"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62733, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4339ae162a92caf2698754cfcd39669de9b5683b01f6817cf0e0ab7cb64fda28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/geometry_2d.h", "duplicate_line": 53, "correlation_key": "fp|4339ae162a92caf2698754cfcd39669de9b5683b01f6817cf0e0ab7cb64fda28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/geometry_3d.h"}, "region": {"startLine": 215}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62732, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3b56c91844a362fc1b3e9b8ba0ee0b8e6955ad246d92913988f05ac470d250d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/core_bind.h", "duplicate_line": 245, "correlation_key": "fp|f3b56c91844a362fc1b3e9b8ba0ee0b8e6955ad246d92913988f05ac470d250d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/geometry_2d.h"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62731, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f3d1e14a92ae08e1dac731354e8a7cc6b6e96c268d5feaad984ce5e842f5593", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/face3.cpp", "duplicate_line": 92, "correlation_key": "fp|8f3d1e14a92ae08e1dac731354e8a7cc6b6e96c268d5feaad984ce5e842f5593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/face3.h"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62730, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a07e3fdb3e3f600d623ea99550ec0393f595571986da55b3b360b56c5a09e1ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/aabb.h", "duplicate_line": 189, "correlation_key": "fp|a07e3fdb3e3f600d623ea99550ec0393f595571986da55b3b360b56c5a09e1ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/dynamic_bvh.h"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62729, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e898feb9d7308eb0a6d67973b4f6572ccb1909036e8407f16cdfe2823b571b90", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/a_star.h", "duplicate_line": 19, "correlation_key": "fp|e898feb9d7308eb0a6d67973b4f6572ccb1909036e8407f16cdfe2823b571b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/a_star_grid_2d.h"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62728, "scanner": "repobility-ai-code-hygiene", "fingerprint": "865f2674138e423442b99f82a7836150510665755fb14b86a774bb9ffa50a290", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/math/a_star.cpp", "duplicate_line": 233, "correlation_key": "fp|865f2674138e423442b99f82a7836150510665755fb14b86a774bb9ffa50a290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/math/a_star_grid_2d.cpp"}, "region": {"startLine": 401}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62727, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d82d7851dca87275cea68b3697b7fbe1839b19fdce01d03854bb58c2d1e27e60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/io/file_access_compressed.h", "duplicate_line": 31, "correlation_key": "fp|d82d7851dca87275cea68b3697b7fbe1839b19fdce01d03854bb58c2d1e27e60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/io/file_access_encrypted.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 62724, "scanner": "repobility-threat-engine", "fingerprint": "92b1c7caea1f6c7ff48f1b6f669935612c2447d106c328d0f277231047ec9f11", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\\n/* Extension Wrapper \" + str(i) + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|92b1c7caea1f6c7ff48f1b6f669935612c2447d106c328d0f277231047ec9f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/extension/make_wrappers.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `make_donors_header` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=1, if=4, nested_bonus=6."}, "properties": {"repobilityId": 62718, "scanner": "repobility-threat-engine", "fingerprint": "d3012d4caeeaaf489545782347fa2aa1f091a3146b2e7ec148a4af470fa78008", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "make_donors_header", "breakdown": {"if": 4, "for": 1, "elif": 1, "nested_bonus": 6}, "complexity": 12, "correlation_key": "fp|d3012d4caeeaaf489545782347fa2aa1f091a3146b2e7ec148a4af470fa78008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/core_builders.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `make_authors_header` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=1, if=4, nested_bonus=6."}, "properties": {"repobilityId": 62717, "scanner": "repobility-threat-engine", "fingerprint": "df19e14f68663ddfb21f88bbb775a6cc98919b653507c645cf054b8329ce8aef", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "make_authors_header", "breakdown": {"if": 4, "for": 1, "elif": 1, "nested_bonus": 6}, "complexity": 12, "correlation_key": "fp|df19e14f68663ddfb21f88bbb775a6cc98919b653507c645cf054b8329ce8aef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/core_builders.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 62725, "scanner": "repobility-threat-engine", "fingerprint": "49e81dab6ed8936f14e38ddf8c8dcebac786c9c192a78714684abedfe1018ed0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49e81dab6ed8936f14e38ddf8c8dcebac786c9c192a78714684abedfe1018ed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/os/memory.cpp"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 62723, "scanner": "repobility-threat-engine", "fingerprint": "38940797db9a4ebd3facf8160ccaacf7d8d0df50516b6420787f039016894fd9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|38940797db9a4ebd3facf8160ccaacf7d8d0df50516b6420787f039016894fd9", "aggregated_count": 5}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 62719, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "make_license_header", "breakdown": {"if": 4, "for": 9, "elif": 1, "else": 1, "while": 1, "nested_bonus": 10}, "aggregated": true, "complexity": 26, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google-github-actions/setup-gcloud` pinned to mutable ref `@v3`: `uses: google-github-actions/setup-gcloud@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62753, "scanner": "repobility-supply-chain", "fingerprint": "873b42aa5d910b29a5eff1a6f7237a6d70e722e361b35bec8b16ec273405e393", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|873b42aa5d910b29a5eff1a6f7237a6d70e722e361b35bec8b16ec273405e393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/android_builds.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `google-github-actions/auth` pinned to mutable ref `@v3`: `uses: google-github-actions/auth@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62752, "scanner": "repobility-supply-chain", "fingerprint": "390535f59609525488e9fb502c892db24f99c00207b26590ac76ad312cc9514d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|390535f59609525488e9fb502c892db24f99c00207b26590ac76ad312cc9514d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/android_builds.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v5`: `uses: actions/setup-java@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62751, "scanner": "repobility-supply-chain", "fingerprint": "d96e93fc0aec85460c465e4a62dbfd8b4e92bd2922e1b973a2ec53c469b40711", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d96e93fc0aec85460c465e4a62dbfd8b4e92bd2922e1b973a2ec53c469b40711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/android_builds.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62750, "scanner": "repobility-supply-chain", "fingerprint": "c89a9b2be77db242c6585f2d0c28d4ec8d13e2f2c669a934811dc9b28c1c0935", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c89a9b2be77db242c6585f2d0c28d4ec8d13e2f2c669a934811dc9b28c1c0935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/android_builds.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `emscripten-core/setup-emsdk` pinned to mutable ref `@v16`: `uses: emscripten-core/setup-emsdk@v16` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62749, "scanner": "repobility-supply-chain", "fingerprint": "1f1a247ae66269f41f48cd09b117cd12da24071f9937303a3910a3afd1972629", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f1a247ae66269f41f48cd09b117cd12da24071f9937303a3910a3afd1972629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/web_builds.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62748, "scanner": "repobility-supply-chain", "fingerprint": "ef4af678c35b4494712842da98047267073866bcdf3132145dbf93cbdea93066", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef4af678c35b4494712842da98047267073866bcdf3132145dbf93cbdea93066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/web_builds.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62747, "scanner": "repobility-supply-chain", "fingerprint": "07c5dee08eeaef2c7b9528dc63c36098ef53c83ef54e25ef675d634fc903dbeb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|07c5dee08eeaef2c7b9528dc63c36098ef53c83ef54e25ef675d634fc903dbeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/macos_builds.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62746, "scanner": "repobility-supply-chain", "fingerprint": "0738e11de84d264e3274855d9779c3a08e4c142236d3f2bb3d15299f35bb6b82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0738e11de84d264e3274855d9779c3a08e4c142236d3f2bb3d15299f35bb6b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows_builds.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62745, "scanner": "repobility-supply-chain", "fingerprint": "0e5bceb4b545994a5fccec76def1dde07a6f1727423cad791312cc6adebaba14", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e5bceb4b545994a5fccec76def1dde07a6f1727423cad791312cc6adebaba14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ios_builds.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `j178/prek-action` pinned to mutable ref `@v2`: `uses: j178/prek-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62744, "scanner": "repobility-supply-chain", "fingerprint": "c84e3e20e230dd5487140babb0d68eac5f6f2dca37afc5a36fb525c83f7866ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c84e3e20e230dd5487140babb0d68eac5f6f2dca37afc5a36fb525c83f7866ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/static_checks.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tj-actions/changed-files` pinned to mutable ref `@v47`: `uses: tj-actions/changed-files@v47` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62743, "scanner": "repobility-supply-chain", "fingerprint": "6bc1cbbf7e5bc23fb9fe15e575707be1201188efc19d79c1e4e003eeba603e90", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6bc1cbbf7e5bc23fb9fe15e575707be1201188efc19d79c1e4e003eeba603e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/static_checks.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62742, "scanner": "repobility-supply-chain", "fingerprint": "76bdee2aaa670716ada61c08afe2ed79237417368c70ed622f7558f47600d899", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76bdee2aaa670716ada61c08afe2ed79237417368c70ed622f7558f47600d899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/static_checks.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rui314/setup-mold` pinned to mutable ref `@v1`: `uses: rui314/setup-mold@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62741, "scanner": "repobility-supply-chain", "fingerprint": "3b97966f24f48d6153887fd9653b79f97cff6a82dc9dc2d1f481d6e0d7253c5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b97966f24f48d6153887fd9653b79f97cff6a82dc9dc2d1f481d6e0d7253c5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_builds.yml"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-dotnet` pinned to mutable ref `@v5`: `uses: actions/setup-dotnet@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62740, "scanner": "repobility-supply-chain", "fingerprint": "ea3fe88be3d728ebfd90da7a9819bfb77fbdf3fcdec4ae059913338f013b6ebb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea3fe88be3d728ebfd90da7a9819bfb77fbdf3fcdec4ae059913338f013b6ebb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_builds.yml"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62739, "scanner": "repobility-supply-chain", "fingerprint": "81705334053db0ae1fbb94463d39036a1755b6531953e1530f8a39b3ac4e5c4f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81705334053db0ae1fbb94463d39036a1755b6531953e1530f8a39b3ac4e5c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/linux_builds.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.next_line` used but never assigned in __init__: Method `next_tag` of class `LicenseReader` reads `self.next_line`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62737, "scanner": "repobility-ast-engine", "fingerprint": "7d6a97ca7db1460e3a5d9a73e6a1867e2e33983ba273d8a1a55be4719d1c98ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d6a97ca7db1460e3a5d9a73e6a1867e2e33983ba273d8a1a55be4719d1c98ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/core_builders.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 62722, "scanner": "repobility-threat-engine", "fingerprint": "c7f6019277829f5c1dcb558ced5373197851d9aa15bb5f317829226c4c784b7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7f6019277829f5c1dcb558ced5373197851d9aa15bb5f317829226c4c784b7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/io/file_access_encrypted.cpp"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 62721, "scanner": "repobility-threat-engine", "fingerprint": "2b92c5209011af981f78fa43b835dbbb2fc1d608381b10330dce4bb213e7aff7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b92c5209011af981f78fa43b835dbbb2fc1d608381b10330dce4bb213e7aff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/crypto/crypto_core.h"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 62720, "scanner": "repobility-threat-engine", "fingerprint": "fb5eb7a66cbd7a9f18e792fb4c2b238707ada6439504975f09806c78e093cea4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb5eb7a66cbd7a9f18e792fb4c2b238707ada6439504975f09806c78e093cea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/crypto/crypto_core.cpp"}, "region": {"startLine": 239}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `make_license_header` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, for=9, if=4, nested_bonus=10, while=1."}, "properties": {"repobilityId": 62716, "scanner": "repobility-threat-engine", "fingerprint": "412ad0ff0ca48acaf21f21077223204f829ae3a3f663b42777937bc5b0df248e", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 26 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "make_license_header", "breakdown": {"if": 4, "for": 9, "elif": 1, "else": 1, "while": 1, "nested_bonus": 10}, "complexity": 26, "correlation_key": "fp|412ad0ff0ca48acaf21f21077223204f829ae3a3f663b42777937bc5b0df248e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/core_builders.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 62715, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}