{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.", "shortDescription": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/991"}, "properties": {"repository": "JuliaPackaging/Yggdrasil", "repoUrl": "https://github.com/JuliaPackaging/Yggdrasil", "branch": "master"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 93245, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a05e343bb3759c0d412d0be3a23d4c5bf998bd76f5c23b18030eb2ad34bacf4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "S/satsuma/bundled/tsl/robin_map.h", "duplicate_line": 93, "correlation_key": "fp|0a05e343bb3759c0d412d0be3a23d4c5bf998bd76f5c23b18030eb2ad34bacf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "S/satsuma/bundled/tsl/robin_set.h"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73e91a4f0b2d50d91635c22a863f6a504388625264c9e997935201f327effdae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "G/GStreamer/bundled/headers/pthread_time.h", "duplicate_line": 1, "correlation_key": "fp|73e91a4f0b2d50d91635c22a863f6a504388625264c9e997935201f327effdae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "N/Notcurses/bundled/headers/pthread_time.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81210f854c9e8dca92f4fc4ab41289bee0b9d81a4c8e100fb667efdb2794aad2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm64v8/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|81210f854c9e8dca92f4fc4ab41289bee0b9d81a4c8e100fb667efdb2794aad2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-riscv64/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93253, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c89f3325f0a91bfadb1543d2f97bb0df5d9ae1656eca97f4e844faa45adfc81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm64v8/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|3c89f3325f0a91bfadb1543d2f97bb0df5d9ae1656eca97f4e844faa45adfc81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-ppc64le/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93252, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe4f9a6d357cfbae5fbed09ff5079ce982046b18f2e221a7c9603bfcc3ea886e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-i386/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|fe4f9a6d357cfbae5fbed09ff5079ce982046b18f2e221a7c9603bfcc3ea886e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-i386/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93251, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4c1bc69222e252f22fdfb5538c07d3cdf06524c263c9df8e44c4b0a4b18191f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm64v8/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|f4c1bc69222e252f22fdfb5538c07d3cdf06524c263c9df8e44c4b0a4b18191f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-arm64v8/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93250, "scanner": "repobility-ai-code-hygiene", "fingerprint": "efc55968559f975858f5e0f5b772d53fde1872e3127f5a7b034ab42e1229f7f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm32v7/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|efc55968559f975858f5e0f5b772d53fde1872e3127f5a7b034ab42e1229f7f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-arm32v7/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93249, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8635e3fe3608e712cd8faf60b395f496d69ed1cb0f7b3886b4715d91a9fb1d0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-amd64/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|8635e3fe3608e712cd8faf60b395f496d69ed1cb0f7b3886b4715d91a9fb1d0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/generate-H5Tinit/debian-amd64/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93248, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2740dab9bf081193ce4d911dea7680f5243c409e74983e0490ecb18ea1a0ed5a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "G/GStreamer/bundled/headers/pthread_time.h", "duplicate_line": 1, "correlation_key": "fp|2740dab9bf081193ce4d911dea7680f5243c409e74983e0490ecb18ea1a0ed5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/bundled/headers/pthread_time.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4357386c69c2874f39018435ad67b23bb2a0d2632817a93cef4bb7d0d0cc7218", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm64v8/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|4357386c69c2874f39018435ad67b23bb2a0d2632817a93cef4bb7d0d0cc7218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/bundled/files/debian-riscv64/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 93246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "15dc5e77e82697f094eed42fa2579b95ebc187e03a00fe89cf747903367db7bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "H/HDF5/bundled/files/debian-arm64v8/H5f90i_gen.h", "duplicate_line": 1, "correlation_key": "fp|15dc5e77e82697f094eed42fa2579b95ebc187e03a00fe89cf747903367db7bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "H/HDF5/bundled/files/debian-ppc64le/H5f90i_gen.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 93244, "scanner": "repobility-threat-engine", "fingerprint": "fb10db8c0dbdf91adc178dec8f8faf732042059bb7fb0332bddd4d599bbc2d9c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb10db8c0dbdf91adc178dec8f8faf732042059bb7fb0332bddd4d599bbc2d9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "X/xrootdgo/bundled/main.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 93243, "scanner": "repobility-threat-engine", "fingerprint": "71e02b402d60b5dc24f6726dfc71a3f8dfd5fb234356f62033644aca2108c38a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|71e02b402d60b5dc24f6726dfc71a3f8dfd5fb234356f62033644aca2108c38a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "L/LEMON/bundled/cxxwrap/lemoncxxwrap.cpp"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 93242, "scanner": "repobility-threat-engine", "fingerprint": "f870fd592a236811500660019fb18946342724ac444c86999a228701095e50d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f870fd592a236811500660019fb18946342724ac444c86999a228701095e50d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "C/cliquer/bundled/wrappers_for_julia.c"}, "region": {"startLine": 36}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 93241, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}