{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 41 more): Same pattern found in 41 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `folly/debugging/symbolizer/test/test-xindex.o` committed in source repo: `folly/debugging/symbol", "shortDescription": {"text": "[MINED134] Binary file `folly/debugging/symbolizer/test/test-xindex.o` committed in source repo: `folly/debugging/symbolizer/test/test-xindex.o` is a .o binary (4,194,464 bytes) committed to a repo that otherwise has 2359 source files. Troj"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-actio", "shortDescription": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-action"}, "fullDescription": {"text": "Replace with: `uses: mozilla-actions/sccache-action@<40-char-sha>  # v0.0.9` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_xcheck_eval_once: Test function `test_xcheck_eval_once` runs code but contains no", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_xcheck_eval_once: Test function `test_xcheck_eval_once` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._get_symbol_context` used but never assigned in __init__: Method `get_file_name_and_line` of class `Lld", "shortDescription": {"text": "[MINED108] `self._get_symbol_context` used but never assigned in __init__: Method `get_file_name_and_line` of class `LldbValue` reads `self._get_symbol_context`, but no assignment to it exists in __init__ (and no class-level fallback). This"}, "fullDescription": {"text": "Initialize `self._get_symbol_context = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1396"}, "properties": {"repository": "facebook/folly", "repoUrl": "https://github.com/facebook/folly", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143499, "scanner": "repobility-ast-engine", "fingerprint": "5b88578b9a40c357020c64f86756f5aa7fd67612fe2241438084478e27dc04ec", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b88578b9a40c357020c64f86756f5aa7fd67612fe2241438084478e27dc04ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/python/test/request_context.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143487, "scanner": "repobility-ast-engine", "fingerprint": "2d61baae3d7035ab305412293f289496b76babef0c44fc9aaacc80dc12c29e81", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d61baae3d7035ab305412293f289496b76babef0c44fc9aaacc80dc12c29e81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 503}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 143486, "scanner": "repobility-ast-engine", "fingerprint": "e12dc6e3a32c626163566f25636f2f7297ec5fddd9ad7090df7851c533d7bd68", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e12dc6e3a32c626163566f25636f2f7297ec5fddd9ad7090df7851c533d7bd68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143446, "scanner": "repobility-ai-code-hygiene", "fingerprint": "820f93274424441b9eef61fc4ddd8735c5247122840c4ff29229fa5445f73104", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "folly/coro/BlockingWait.h", "duplicate_line": 218, "correlation_key": "fp|820f93274424441b9eef61fc4ddd8735c5247122840c4ff29229fa5445f73104"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/RustAdaptors.h"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143445, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a104966ad6811bae9a5ed39ec6ad0a1d1b6b88ce5a85d8a6ba8b078265a5dfd8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "folly/container/detail/F14MapFallback.h", "duplicate_line": 273, "correlation_key": "fp|a104966ad6811bae9a5ed39ec6ad0a1d1b6b88ce5a85d8a6ba8b078265a5dfd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/container/detail/F14SetFallback.h"}, "region": {"startLine": 130}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 143444, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ac003479c1c94fcfed342dfe9bc5828b63954d5cbc900a330a8ffaa7f44f18f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "folly/channels/MultiplexChannel-inl.h", "duplicate_line": 182, "correlation_key": "fp|7ac003479c1c94fcfed342dfe9bc5828b63954d5cbc900a330a8ffaa7f44f18f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/channels/Transform-inl.h"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 143443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 143442, "scanner": "repobility-threat-engine", "fingerprint": "1b14a2b514eddd7bfd9ee44816a60b197d8c30bb4245b3b85248cd59d4c0af6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b14a2b514eddd7bfd9ee44816a60b197d8c30bb4245b3b85248cd59d4c0af6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/request_context/request_context.rs"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 143441, "scanner": "repobility-threat-engine", "fingerprint": "f479ee098628a96191aa92863a83c0639a4ec73ea4f699cae980a187da22d83a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f479ee098628a96191aa92863a83c0639a4ec73ea4f699cae980a187da22d83a", "aggregated_count": 1}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143437, "scanner": "repobility-threat-engine", "fingerprint": "2b1157f4a37615753716d3f7bb523d34a7dc0c8185bfc2b6e24adc1b43d49bff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b1157f4a37615753716d3f7bb523d34a7dc0c8185bfc2b6e24adc1b43d49bff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/string/string.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143436, "scanner": "repobility-threat-engine", "fingerprint": "5ca73f621935aa41fed05be21b97ab1720d36a97ef511cf85df5dbcbab6c6055", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ca73f621935aa41fed05be21b97ab1720d36a97ef511cf85df5dbcbab6c6055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/iobuf/src/iobufmut.rs"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 143435, "scanner": "repobility-threat-engine", "fingerprint": "15676da47c4f01d9ede1395b83f6de99763bb0c15bff367a01b2cf7af0697723", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15676da47c4f01d9ede1395b83f6de99763bb0c15bff367a01b2cf7af0697723"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/iobuf/src/iobuf.rs"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 143434, "scanner": "repobility-threat-engine", "fingerprint": "48c90cabed24d173b8d166703c215aef7d48b4141290ce186f9ec5cfa6679ff6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|48c90cabed24d173b8d166703c215aef7d48b4141290ce186f9ec5cfa6679ff6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/request_context/request_context.rs"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 143433, "scanner": "repobility-threat-engine", "fingerprint": "b06820bf08917f8e069714c08d8b877d7dd59f903614fc1b2d737ea90c124d94", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b06820bf08917f8e069714c08d8b877d7dd59f903614fc1b2d737ea90c124d94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/compression/compression.rs"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 143430, "scanner": "repobility-threat-engine", "fingerprint": "ce901fe3719a836feaf6437b7717eec028790dbe346855f2af4a239baa91a303", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce901fe3719a836feaf6437b7717eec028790dbe346855f2af4a239baa91a303"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/memory/Malloc.cpp"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 143429, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 143425, "scanner": "repobility-threat-engine", "fingerprint": "d5b28c03e0ce365eecb2e87bd2661833c3ef49e8d08bec92909a47ab7d3ee156", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5b28c03e0ce365eecb2e87bd2661833c3ef49e8d08bec92909a47ab7d3ee156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/io/async/ScopedEventBaseThread.cpp"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 143424, "scanner": "repobility-threat-engine", "fingerprint": "8ea7e06585842c35345049840078f5850898151d5bc4e1f10d424e66e99dfc38", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ea7e06585842c35345049840078f5850898151d5bc4e1f10d424e66e99dfc38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/io/async/PasswordInFile.cpp"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 143422, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED017", "level": "none", "message": {"text": "[MINED017] C System Call (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 143418, "scanner": "repobility-threat-engine", "fingerprint": "c5ca79e507ab00f1b87882c1d1ea6e94f55f4a57c36d968c50a2cfaf08a6b57b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c5ca79e507ab00f1b87882c1d1ea6e94f55f4a57c36d968c50a2cfaf08a6b57b", "aggregated_count": 1}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "properties": {"repobilityId": 143414, "scanner": "repobility-threat-engine", "fingerprint": "9fd39eba3f6b1c8208c614435fbeb98ee65a4865820b601812fc50a43e7a8ba9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 41 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9fd39eba3f6b1c8208c614435fbeb98ee65a4865820b601812fc50a43e7a8ba9", "aggregated_count": 41}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 143413, "scanner": "repobility-threat-engine", "fingerprint": "f44a63cbd8cbfd86dd8af4fb8b8da8a23a0d398b12f20e27f0858f2cbf80e63f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f44a63cbd8cbfd86dd8af4fb8b8da8a23a0d398b12f20e27f0858f2cbf80e63f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/ThreadCachedInt.h"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 143412, "scanner": "repobility-threat-engine", "fingerprint": "c42871f9bf2148711b9673a8c1646011ec03792e5bbef2bd97ea43120b1a5fc1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c42871f9bf2148711b9673a8c1646011ec03792e5bbef2bd97ea43120b1a5fc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/Poly-inl.h"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 143411, "scanner": "repobility-threat-engine", "fingerprint": "5efe83ecc829c9ec5dbd6ba2dcaffba7ab7ba3a4dbfa9b95ec297094251e470a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5efe83ecc829c9ec5dbd6ba2dcaffba7ab7ba3a4dbfa9b95ec297094251e470a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/DefaultKeepAliveExecutor.h"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 143410, "scanner": "repobility-threat-engine", "fingerprint": "f6feba9bbd69a0e89af1d6979453f39a1365b0712df3332644ba8bd23176ec09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6feba9bbd69a0e89af1d6979453f39a1365b0712df3332644ba8bd23176ec09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/MoveWrapper.h"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 143409, "scanner": "repobility-threat-engine", "fingerprint": "8c8d4b21bd176d379253dc46295e4c581ffb750eca4b59a4b28af575e1f32390", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c8d4b21bd176d379253dc46295e4c581ffb750eca4b59a4b28af575e1f32390"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/AtomicIntrusiveLinkedList.h"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `folly/debugging/symbolizer/test/test-xindex.o` committed in source repo: `folly/debugging/symbolizer/test/test-xindex.o` is a .o binary (4,194,464 bytes) committed to a repo that otherwise has 2359 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 143525, "scanner": "repobility-supply-chain", "fingerprint": "4b5bea6dc566eb04f4fcc44331d3b664a8de0f1c9f5405565c7eb36b338745c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b5bea6dc566eb04f4fcc44331d3b664a8de0f1c9f5405565c7eb36b338745c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/debugging/symbolizer/test/test-xindex.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143524, "scanner": "repobility-supply-chain", "fingerprint": "5e57861b06404a88e6398f96f06cdf39fcf7d4344708ed21f48fa0571e8f1f17", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e57861b06404a88e6398f96f06cdf39fcf7d4344708ed21f48fa0571e8f1f17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_linux.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143523, "scanner": "repobility-supply-chain", "fingerprint": "01c47083d33ee43fbbf6704e40a6cedd1603cd0429682d87ecb3f2dfcc1b770b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01c47083d33ee43fbbf6704e40a6cedd1603cd0429682d87ecb3f2dfcc1b770b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_linux.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143522, "scanner": "repobility-supply-chain", "fingerprint": "3d249256a0f36f504f534bfc0086d6737d4da11998de0ce475cf3b6e1804eaf4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d249256a0f36f504f534bfc0086d6737d4da11998de0ce475cf3b6e1804eaf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_windows.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143521, "scanner": "repobility-supply-chain", "fingerprint": "ade495b9216716eb50e8a8197c4246f6dd28a2a1adc01bbc3d6872c0350360da", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ade495b9216716eb50e8a8197c4246f6dd28a2a1adc01bbc3d6872c0350360da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_windows.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143520, "scanner": "repobility-supply-chain", "fingerprint": "751bb61bfff2c97eca63f07d654cde49e950bf0d37dce34fab2261659aa34d39", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|751bb61bfff2c97eca63f07d654cde49e950bf0d37dce34fab2261659aa34d39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_windows.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143519, "scanner": "repobility-supply-chain", "fingerprint": "32baf8ef94c8581fcf53888e759f6d96a29be7b19dbdbb214f85745510574d4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32baf8ef94c8581fcf53888e759f6d96a29be7b19dbdbb214f85745510574d4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ocaml/setup-ocaml` pinned to mutable ref `@v2`: `uses: ocaml/setup-ocaml@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143518, "scanner": "repobility-supply-chain", "fingerprint": "33a82dd94fb97bb1e17063397b5335166219b76587023d593b716541ea2faaa1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33a82dd94fb97bb1e17063397b5335166219b76587023d593b716541ea2faaa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143517, "scanner": "repobility-supply-chain", "fingerprint": "7873e779df4010e0925ed344894b0f043921c7fda0c8c069e30011aef5acf7a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7873e779df4010e0925ed344894b0f043921c7fda0c8c069e30011aef5acf7a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `facebook/install-dotslash` pinned to mutable ref `@latest`: `uses: facebook/install-dotslash@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143516, "scanner": "repobility-supply-chain", "fingerprint": "cd6615efc4b718d32dbf039d64a4c1a212a4159ca5776bf37397c84892df3f13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cd6615efc4b718d32dbf039d64a4c1a212a4159ca5776bf37397c84892df3f13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143515, "scanner": "repobility-supply-chain", "fingerprint": "b44a3dae0fd0a01ec7c51f35e0654533ce8588e06dca95c4a689e562c6ff1814", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b44a3dae0fd0a01ec7c51f35e0654533ce8588e06dca95c4a689e562c6ff1814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143514, "scanner": "repobility-supply-chain", "fingerprint": "8083fff73480f6d9f9c0ee5232af90eac0b8462d8585ec325c9755c708005fa4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8083fff73480f6d9f9c0ee5232af90eac0b8462d8585ec325c9755c708005fa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ocaml/setup-ocaml` pinned to mutable ref `@v2`: `uses: ocaml/setup-ocaml@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143513, "scanner": "repobility-supply-chain", "fingerprint": "08dae4a987fc1c4062cb759c73b8a7a5ed26d1b6ec85ac9733ec7351e40092a4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|08dae4a987fc1c4062cb759c73b8a7a5ed26d1b6ec85ac9733ec7351e40092a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143512, "scanner": "repobility-supply-chain", "fingerprint": "349f76b41922fb8cc215c1d54f03c50de1108075b4657ede4e645522c047939e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|349f76b41922fb8cc215c1d54f03c50de1108075b4657ede4e645522c047939e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `facebook/install-dotslash` pinned to mutable ref `@latest`: `uses: facebook/install-dotslash@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143511, "scanner": "repobility-supply-chain", "fingerprint": "cd402b2599fda8b858bd94e589209a563b20401dfe4e9124c7e2e60cd5f74396", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cd402b2599fda8b858bd94e589209a563b20401dfe4e9124c7e2e60cd5f74396"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143510, "scanner": "repobility-supply-chain", "fingerprint": "f2949ded1520db9c4da2bf2454940a05f399043d026ed05a38728dc9c866e395", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2949ded1520db9c4da2bf2454940a05f399043d026ed05a38728dc9c866e395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143509, "scanner": "repobility-supply-chain", "fingerprint": "409ac1a9538571f365dfb07c075a0c4c756972bbbdc39de93cfaec0fa57c0f66", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|409ac1a9538571f365dfb07c075a0c4c756972bbbdc39de93cfaec0fa57c0f66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ocaml/setup-ocaml` pinned to mutable ref `@v2`: `uses: ocaml/setup-ocaml@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143508, "scanner": "repobility-supply-chain", "fingerprint": "3a82f022cf520d8d200cdb712b5aafec2354141f393f23c90941647f17f28a5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a82f022cf520d8d200cdb712b5aafec2354141f393f23c90941647f17f28a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143507, "scanner": "repobility-supply-chain", "fingerprint": "9de12cb099b57a5fcc3e2c97fb9f8073ba58ad6060e23bb4062863de5179acf7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9de12cb099b57a5fcc3e2c97fb9f8073ba58ad6060e23bb4062863de5179acf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `facebook/install-dotslash` pinned to mutable ref `@latest`: `uses: facebook/install-dotslash@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143506, "scanner": "repobility-supply-chain", "fingerprint": "6a04bee2ae151e17c0b5a5f9855daa74fe1eeb858b3a1dbe9b6a65516dd33be5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a04bee2ae151e17c0b5a5f9855daa74fe1eeb858b3a1dbe9b6a65516dd33be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143505, "scanner": "repobility-supply-chain", "fingerprint": "dd58067827b2d9b9a73341fa690f2505d05a13669afac3af1908159a12f85ad1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd58067827b2d9b9a73341fa690f2505d05a13669afac3af1908159a12f85ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `facebook/install-dotslash` pinned to mutable ref `@latest`: `uses: facebook/install-dotslash@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143504, "scanner": "repobility-supply-chain", "fingerprint": "a8cf84c96717e917030809d5e6d9b02128ef123678fa60a74730e8d3e4fdc8c9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a8cf84c96717e917030809d5e6d9b02128ef123678fa60a74730e8d3e4fdc8c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143503, "scanner": "repobility-supply-chain", "fingerprint": "185db5a67472b5f8ca42222543c67199d476265e30249c7f50533d8a9aa8f4d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|185db5a67472b5f8ca42222543c67199d476265e30249c7f50533d8a9aa8f4d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/oss-build-and-test.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143502, "scanner": "repobility-supply-chain", "fingerprint": "8423a7146b6493b8965fef8b3e2633b508030cce191b929616ba6c30e1e78700", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8423a7146b6493b8965fef8b3e2633b508030cce191b929616ba6c30e1e78700"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_shared-lib_linux.yml"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143501, "scanner": "repobility-supply-chain", "fingerprint": "0b690a7a2f5ba12edff8cc73beac8129d50422e60893b7dad645891cb83cdcc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b690a7a2f5ba12edff8cc73beac8129d50422e60893b7dad645891cb83cdcc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_shared-lib_linux.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 143500, "scanner": "repobility-supply-chain", "fingerprint": "8b767f6675265f8d2037ea0f3bb86599b9aa2e2f7551024e191f28e643b30c36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b767f6675265f8d2037ea0f3bb86599b9aa2e2f7551024e191f28e643b30c36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getdeps_shared-lib_linux.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_xcheck_eval_once: Test function `test_xcheck_eval_once` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143498, "scanner": "repobility-ast-engine", "fingerprint": "1a97b489e0da8e675d7cfdc9e609bfa28c3b96bfb38c0fcb10b9b2f1bcda7f34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a97b489e0da8e675d7cfdc9e609bfa28c3b96bfb38c0fcb10b9b2f1bcda7f34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_xcheck_comparisons: Test function `test_xcheck_comparisons` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143497, "scanner": "repobility-ast-engine", "fingerprint": "53ced1716f3428d379b3ec77b5111ae43e519b1ca327691db06a93e8164c0dbe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53ced1716f3428d379b3ec77b5111ae43e519b1ca327691db06a93e8164c0dbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_xcheck_nomsg: Test function `test_xcheck_nomsg` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143496, "scanner": "repobility-ast-engine", "fingerprint": "8e3bf5ee0b6c75ba5004465bbfac55e59d795ec3fd7201422c76ede0cc5da070", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e3bf5ee0b6c75ba5004465bbfac55e59d795ec3fd7201422c76ede0cc5da070"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_xcheck: Test function `test_xcheck` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143495, "scanner": "repobility-ast-engine", "fingerprint": "90dd944f46a86821aa7c40c65ae3800bc7b8aae4dee53cbfcab6773500e95a55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90dd944f46a86821aa7c40c65ae3800bc7b8aae4dee53cbfcab6773500e95a55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fatal_xlog_if: Test function `test_fatal_xlog_if` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143494, "scanner": "repobility-ast-engine", "fingerprint": "081b3f1771527d72fb2eacc69213d337c2393585f0bda84d0943bf218f8dfade", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|081b3f1771527d72fb2eacc69213d337c2393585f0bda84d0943bf218f8dfade"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_static_destruction: Test function `test_static_destruction` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143493, "scanner": "repobility-ast-engine", "fingerprint": "812f0b3045776f454603d754231fdb3463ca4495ce9ec4803f7e3369c809f9a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|812f0b3045776f454603d754231fdb3463ca4495ce9ec4803f7e3369c809f9a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_static_init: Test function `test_static_init` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143492, "scanner": "repobility-ast-engine", "fingerprint": "6e5c9d8b9d58a5c985162170e648d0985b92a289647714eb134a2f5149dcdc8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e5c9d8b9d58a5c985162170e648d0985b92a289647714eb134a2f5149dcdc8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_other_category: Test function `test_other_category` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143491, "scanner": "repobility-ast-engine", "fingerprint": "5e69a606dc5ad683a41073e69d37a8751f001eaeb746440315432e1fd2f3c7f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e69a606dc5ad683a41073e69d37a8751f001eaeb746440315432e1fd2f3c7f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_none: Test function `test_none` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143490, "scanner": "repobility-ast-engine", "fingerprint": "3604bd14262ac17a583cc7701b030d72f50b11a19a833a0e11d2dfdd6162bcb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3604bd14262ac17a583cc7701b030d72f50b11a19a833a0e11d2dfdd6162bcb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_immediate: Test function `test_immediate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143489, "scanner": "repobility-ast-engine", "fingerprint": "4d84438f58fc91fee8168e8baffa773c7eb926c0cabbffe93e0d31c8145bb480", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d84438f58fc91fee8168e8baffa773c7eb926c0cabbffe93e0d31c8145bb480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_async: Test function `test_async` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143488, "scanner": "repobility-ast-engine", "fingerprint": "d2802af9ae01691b60d5e4119f7ae2fae84ea01dd0faf705b5f13e1a98d5fbcb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2802af9ae01691b60d5e4119f7ae2fae84ea01dd0faf705b5f13e1a98d5fbcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/logging/test/fatal_test.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_symbol_context` used but never assigned in __init__: Method `get_file_name_and_line` of class `LldbValue` reads `self._get_symbol_context`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143485, "scanner": "repobility-ast-engine", "fingerprint": "875c92817b301f3632df892d3a6a98bcf88e50e5580ff248fe6d2f1ae3f3e0bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|875c92817b301f3632df892d3a6a98bcf88e50e5580ff248fe6d2f1ae3f3e0bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 763}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.int_value` used but never assigned in __init__: Method `_get_symbol_context` of class `LldbValue` reads `self.int_value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143484, "scanner": "repobility-ast-engine", "fingerprint": "2861c0ef20b1bf1b78fa1863382b13a349220836f2632d599ca183a862990e2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2861c0ef20b1bf1b78fa1863382b13a349220836f2632d599ca183a862990e2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 756}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.int_value` used but never assigned in __init__: Method `get_field` of class `LldbValue` reads `self.int_value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143483, "scanner": "repobility-ast-engine", "fingerprint": "f8b35ee0fe15b0f44dd71964550ebe5d999f502185dbc2d91c81ce850bf5d2ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8b35ee0fe15b0f44dd71964550ebe5d999f502185dbc2d91c81ce850bf5d2ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 731}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.int_value` used but never assigned in __init__: Method `__eq__` of class `GdbValue` reads `self.int_value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143482, "scanner": "repobility-ast-engine", "fingerprint": "10859c8f8fb524a35e0506aed9815226b959c1f494b075007927288dcc81c8db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10859c8f8fb524a35e0506aed9815226b959c1f494b075007927288dcc81c8db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 622}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.to_hex` used but never assigned in __init__: Method `get_func_name` of class `GdbValue` reads `self.to_hex`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143481, "scanner": "repobility-ast-engine", "fingerprint": "9b547f3ffe33b83ffc174e771783ad9e24f1ca10754bc7ca217aeb28d64e8640", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b547f3ffe33b83ffc174e771783ad9e24f1ca10754bc7ca217aeb28d64e8640"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 616}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.to_hex` used but never assigned in __init__: Method `get_file_name_and_line` of class `GdbValue` reads `self.to_hex`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143480, "scanner": "repobility-ast-engine", "fingerprint": "5cc28dd974097ce4a9a922bbcefa4c71676faaf9c24a77b34102e2bda8128947", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cc28dd974097ce4a9a922bbcefa4c71676faaf9c24a77b34102e2bda8128947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/scripts/co_bt.py"}, "region": {"startLine": 604}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_already_fractional_values_are_unchanged` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143479, "scanner": "repobility-ast-engine", "fingerprint": "5615a0a296992f99fe93956afbd23153401bcf204577e3f8448547afdee9a9bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5615a0a296992f99fe93956afbd23153401bcf204577e3f8448547afdee9a9bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_already_fractional_values_are_unchanged` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143478, "scanner": "repobility-ast-engine", "fingerprint": "04218fc13ecfa6c0815f3395f3e1ef067463f7b32a02912aa8db1aa31685dc41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04218fc13ecfa6c0815f3395f3e1ef067463f7b32a02912aa8db1aa31685dc41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_integer_valued_doubles_have_trailing_dot_zero` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143477, "scanner": "repobility-ast-engine", "fingerprint": "e50082d9927b24aa2ef37b8cc9a9a1bcc32d74a1b067d726c15561fa26c22950", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e50082d9927b24aa2ef37b8cc9a9a1bcc32d74a1b067d726c15561fa26c22950"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_integer_valued_doubles_have_trailing_dot_zero` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143476, "scanner": "repobility-ast-engine", "fingerprint": "1fde7c3589b257276cf985313d95b60f6aa6a667df8dcf1f4efbc64d86d97cd7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fde7c3589b257276cf985313d95b60f6aa6a667df8dcf1f4efbc64d86d97cd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_scientific_integer_mantissa_has_fractional_digit` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143475, "scanner": "repobility-ast-engine", "fingerprint": "ced96035c8f24c42dae1d2c1a59ce118559b59e133172bac1eb56acc7e1847ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ced96035c8f24c42dae1d2c1a59ce118559b59e133172bac1eb56acc7e1847ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_scientific_integer_mantissa_has_fractional_digit` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143474, "scanner": "repobility-ast-engine", "fingerprint": "f208ee74ee4d5d8df907ee09983d9931f6ba4b6fb54375bc7fd055520d6b4ddb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f208ee74ee4d5d8df907ee09983d9931f6ba4b6fb54375bc7fd055520d6b4ddb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_scientific_integer_mantissa_has_fractional_digit` of class `ShortestTrailingDotZeroExactOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143473, "scanner": "repobility-ast-engine", "fingerprint": "63b26b31862954ede499737415661afb94b4d7532647d7eb59d8acaa690ccc83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63b26b31862954ede499737415661afb94b4d7532647d7eb59d8acaa690ccc83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fractional_values: Test function `test_fractional_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143472, "scanner": "repobility-ast-engine", "fingerprint": "e2d2bcf4bd5e75147b281f2c9b1ad52d29296d2a9c2dea31bde8e00a6ce32360", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2d2bcf4bd5e75147b281f2c9b1ad52d29296d2a9c2dea31bde8e00a6ce32360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_integer_valued_doubles: Test function `test_integer_valued_doubles` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143471, "scanner": "repobility-ast-engine", "fingerprint": "c4123543d0d863e0e012bd2c18a3a14b3996b0d6978577781b5378afeaf3b563", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4123543d0d863e0e012bd2c18a3a14b3996b0d6978577781b5378afeaf3b563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scientific_integer_mantissa: Test function `test_scientific_integer_mantissa` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143470, "scanner": "repobility-ast-engine", "fingerprint": "fe8ef0b5fe7020e00889b45b6a780fb4c7494cffb8e364c4b5e854740753b334", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe8ef0b5fe7020e00889b45b6a780fb4c7494cffb8e364c4b5e854740753b334"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fractional_values: Test function `test_fractional_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143469, "scanner": "repobility-ast-engine", "fingerprint": "e70d674724c4f319d2473424374963bcc89d41cee7c564c0f601ed5709710359", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e70d674724c4f319d2473424374963bcc89d41cee7c564c0f601ed5709710359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_integer_valued_doubles: Test function `test_integer_valued_doubles` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143468, "scanner": "repobility-ast-engine", "fingerprint": "b962ac4b6f41bf4f014345ccc606e3341c3122753a1ce8f51ab29547cdbc336b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b962ac4b6f41bf4f014345ccc606e3341c3122753a1ce8f51ab29547cdbc336b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scientific_integer_mantissa: Test function `test_scientific_integer_mantissa` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143467, "scanner": "repobility-ast-engine", "fingerprint": "f39ff9ea4940ddf11c1bf259db8ffb5f900f8569993b4bdf02b59da1781c8a10", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f39ff9ea4940ddf11c1bf259db8ffb5f900f8569993b4bdf02b59da1781c8a10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scientific_integer_mantissa: Test function `test_scientific_integer_mantissa` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143466, "scanner": "repobility-ast-engine", "fingerprint": "a090900f3daedfa47810360cd9d35803429bc82a93df48aa5eb1bc4bc32dd9ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a090900f3daedfa47810360cd9d35803429bc82a93df48aa5eb1bc4bc32dd9ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fractional_values: Test function `test_fractional_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143465, "scanner": "repobility-ast-engine", "fingerprint": "92400d1e92706103dc9bbfd8a98506278715dae222f3cf4fb838f0c5e3f7b7a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|92400d1e92706103dc9bbfd8a98506278715dae222f3cf4fb838f0c5e3f7b7a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scientific_integer_mantissa: Test function `test_scientific_integer_mantissa` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143464, "scanner": "repobility-ast-engine", "fingerprint": "f30cb2351ac9e51c20c276f73f0c556fedfdf5099a0478940f764b4ddd1ec936", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f30cb2351ac9e51c20c276f73f0c556fedfdf5099a0478940f764b4ddd1ec936"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_integer_valued_doubles: Test function `test_integer_valued_doubles` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143463, "scanner": "repobility-ast-engine", "fingerprint": "d7a0839cd0a677f4fccc7fe44fe5f045ab28801b91cbe80393f07c16af299952", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7a0839cd0a677f4fccc7fe44fe5f045ab28801b91cbe80393f07c16af299952"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fractional_values: Test function `test_fractional_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143462, "scanner": "repobility-ast-engine", "fingerprint": "974f8ba664607597f599f6afc14db8022e98b23316f100a9400228adc216066c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|974f8ba664607597f599f6afc14db8022e98b23316f100a9400228adc216066c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scientific_integer_mantissa: Test function `test_scientific_integer_mantissa` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143461, "scanner": "repobility-ast-engine", "fingerprint": "af5949ebb22d2592eb8008e4decb747f9196755f2d5e44a66dc19915b6aaecd7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af5949ebb22d2592eb8008e4decb747f9196755f2d5e44a66dc19915b6aaecd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_integer_valued_doubles: Test function `test_integer_valued_doubles` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143460, "scanner": "repobility-ast-engine", "fingerprint": "085745c4bb7d8c9e87d8a8930e96e8e28482efab2495cb6bbca4d2334f5d2eb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|085745c4bb7d8c9e87d8a8930e96e8e28482efab2495cb6bbca4d2334f5d2eb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fractional_values: Test function `test_fractional_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 143459, "scanner": "repobility-ast-engine", "fingerprint": "49503ec1433cb0d8008d56c48a9fcd0a14b1d25f7a897beb23247cc4e688c6ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49503ec1433cb0d8008d56c48a9fcd0a14b1d25f7a897beb23247cc4e688c6ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/json/test/tests/test_float_format_python_json.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.capacity` used but never assigned in __init__: Method `to_string` of class `SmallVectorPrinter` reads `self.capacity`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143458, "scanner": "repobility-ast-engine", "fingerprint": "0b2702fd47aa93aaeacfb4c16c3efabf1f6ad1b3f57809d2eacfb56e7307407d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b2702fd47aa93aaeacfb4c16c3efabf1f6ad1b3f57809d2eacfb56e7307407d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.size` used but never assigned in __init__: Method `to_string` of class `SmallVectorPrinter` reads `self.size`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143457, "scanner": "repobility-ast-engine", "fingerprint": "9164058deff3f0aa9ab547d2b9503ff498b50fc5ce5de83dce0255e5c987c1c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9164058deff3f0aa9ab547d2b9503ff498b50fc5ce5de83dce0255e5c987c1c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 381}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.size` used but never assigned in __init__: Method `children` of class `SmallVectorPrinter` reads `self.size`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143456, "scanner": "repobility-ast-engine", "fingerprint": "65b688b68f2d1cbef2e3f6e98d877883bd0c41ca9a6dedfc842f01168af3b8bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65b688b68f2d1cbef2e3f6e98d877883bd0c41ca9a6dedfc842f01168af3b8bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.hashtable` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.hashtable`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143455, "scanner": "repobility-ast-engine", "fingerprint": "5ef6df17e77c8bf841b4b81ab97e03060657ff5260b8ad17d23abdd1b3222b15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ef6df17e77c8bf841b4b81ab97e03060657ff5260b8ad17d23abdd1b3222b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.format_one_map` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.format_one_map`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143454, "scanner": "repobility-ast-engine", "fingerprint": "363cc8ed4a35571b19cb6b904ca6201d34b8ec2a94cbb0ee96409fabf848d199", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|363cc8ed4a35571b19cb6b904ca6201d34b8ec2a94cbb0ee96409fabf848d199"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 327}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.hashtable` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.hashtable`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143453, "scanner": "repobility-ast-engine", "fingerprint": "e310b34cdee25c3edec8767eecaff9e23ea107602d373aa1db744c29da502756", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e310b34cdee25c3edec8767eecaff9e23ea107602d373aa1db744c29da502756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.size` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.size`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143452, "scanner": "repobility-ast-engine", "fingerprint": "74e02ca3f037f68318626733ab75c1e1dc4a9138b7a709ae90eab8faa106e014", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74e02ca3f037f68318626733ab75c1e1dc4a9138b7a709ae90eab8faa106e014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.flatten` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.flatten`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143451, "scanner": "repobility-ast-engine", "fingerprint": "e398151a35041b21eecdb82ffd2a8f927b846e22e209efc61cc26db1fa41b41b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e398151a35041b21eecdb82ffd2a8f927b846e22e209efc61cc26db1fa41b41b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 327}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.format_count` used but never assigned in __init__: Method `children` of class `F14Printer` reads `self.format_count`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143450, "scanner": "repobility-ast-engine", "fingerprint": "79c250d72a463e0c0fc1ce57277e408858c62b67675d7f796ab9719aaf2cb74a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79c250d72a463e0c0fc1ce57277e408858c62b67675d7f796ab9719aaf2cb74a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 321}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.size` used but never assigned in __init__: Method `to_string` of class `F14Printer` reads `self.size`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143449, "scanner": "repobility-ast-engine", "fingerprint": "027c4638230e99e8c92b9f25f930038d1c08435cc2b945a539e704a2c6074ef3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|027c4638230e99e8c92b9f25f930038d1c08435cc2b945a539e704a2c6074ef3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.hashtable` used but never assigned in __init__: Method `size` of class `F14Printer` reads `self.hashtable`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143448, "scanner": "repobility-ast-engine", "fingerprint": "cfcfbd855daa453561be1e844f75c0bd1fc7215e9e511ef89e216ca9b1a20fce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfcfbd855daa453561be1e844f75c0bd1fc7215e9e511ef89e216ca9b1a20fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.chunk_iter` used but never assigned in __init__: Method `__next__` of class `F14HashtableIterator` reads `self.chunk_iter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 143447, "scanner": "repobility-ast-engine", "fingerprint": "dab50efee25bb4fe2a0142a6f00bafd45fd3140826a66c07ed0139a8a795e735", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dab50efee25bb4fe2a0142a6f00bafd45fd3140826a66c07ed0139a8a795e735"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/support/gdb.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143440, "scanner": "repobility-threat-engine", "fingerprint": "f14535aa7ba740984852372159b871ddd565d07fd03ac60291c4677e60b4b176", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f14535aa7ba740984852372159b871ddd565d07fd03ac60291c4677e60b4b176"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/request_context/request_context.rs"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143439, "scanner": "repobility-threat-engine", "fingerprint": "7dd4e0681b9f84bcf504f740a8094df24d536486c58c7705e5b293b95bb8a60e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7dd4e0681b9f84bcf504f740a8094df24d536486c58c7705e5b293b95bb8a60e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/request_context/benches/request_context_tokio_bench.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 143438, "scanner": "repobility-threat-engine", "fingerprint": "3f1de6cd5efab8b963d62067ee5d39e453ecb14665b5139e788a66ce8fe1c78c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f1de6cd5efab8b963d62067ee5d39e453ecb14665b5139e788a66ce8fe1c78c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/rust/memory/lib.rs"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 143428, "scanner": "repobility-threat-engine", "fingerprint": "4d62eb54297ea7133f5e39677027649318ac5d35f66134d19bd2e37bf7a38696", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d62eb54297ea7133f5e39677027649318ac5d35f66134d19bd2e37bf7a38696"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/ssl/OpenSSLHash.h"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 143427, "scanner": "repobility-threat-engine", "fingerprint": "5bcf8c9a155b005fe030f01b66b18a1c649a62f867650b32c0dc28af73f1110c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5bcf8c9a155b005fe030f01b66b18a1c649a62f867650b32c0dc28af73f1110c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/io/async/ssl/TLSDefinitions.h"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 143426, "scanner": "repobility-threat-engine", "fingerprint": "b365dc747ac03bcca0e9f144319ee41c24e87e12937ce188c27ef4a9f4a1e01e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b365dc747ac03bcca0e9f144319ee41c24e87e12937ce188c27ef4a9f4a1e01e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/io/async/SSLOptions.h"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 143423, "scanner": "repobility-threat-engine", "fingerprint": "727f79cdabc7b770bd7af160b348c8e37a6acdb370bda58d8de48083d934df06", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|727f79cdabc7b770bd7af160b348c8e37a6acdb370bda58d8de48083d934df06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/detail/base64_detail/Base64Api.h"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 143421, "scanner": "repobility-threat-engine", "fingerprint": "ffd3129821d93ba01152cd2881c406e7d8c3ec41675e11c5dbf032fc50542e99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "coro_.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ffd3129821d93ba01152cd2881c406e7d8c3ec41675e11c5dbf032fc50542e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/detail/InlineTask.h"}, "region": {"startLine": 167}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 143420, "scanner": "repobility-threat-engine", "fingerprint": "98233fd1741edda9c55db0417ed386f3baeb6987cbcbff1513b39c950f28fc00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "coro_.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|98233fd1741edda9c55db0417ed386f3baeb6987cbcbff1513b39c950f28fc00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/detail/BarrierTask.h"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 143419, "scanner": "repobility-threat-engine", "fingerprint": "17c2c46d2c5b3caabb9ae2f8432bf544c0165ee4195280470dce4defb535b424", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "coro_.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|17c2c46d2c5b3caabb9ae2f8432bf544c0165ee4195280470dce4defb535b424"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/coro/WithAsyncStack.h"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 143417, "scanner": "repobility-threat-engine", "fingerprint": "6040b2e34cd9911bc58fc5a127882d4eecc260bf1bc2ff54d5992a397a645ff1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6040b2e34cd9911bc58fc5a127882d4eecc260bf1bc2ff54d5992a397a645ff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/detail/MemoryIdler.cpp"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 143416, "scanner": "repobility-threat-engine", "fingerprint": "3f603e287b9eff3c4b20c640eb723f5a8f2c780099eab27ee8ea0db8b999683d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f603e287b9eff3c4b20c640eb723f5a8f2c780099eab27ee8ea0db8b999683d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/concurrency/CoreCachedSharedPtr.h"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 143415, "scanner": "repobility-threat-engine", "fingerprint": "18481de822ce0135e1647b4ddaad5fa0ebb6a34aa1f50aea4c41a986d751299a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18481de822ce0135e1647b4ddaad5fa0ebb6a34aa1f50aea4c41a986d751299a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/SharedMutex.cpp"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 143432, "scanner": "repobility-threat-engine", "fingerprint": "85d5be6c595cdfc789fc5a452e812790d204494d3adc184ff58b8391c193945c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85d5be6c595cdfc789fc5a452e812790d204494d3adc184ff58b8391c193945c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/portability/Time.cpp"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 143431, "scanner": "repobility-threat-engine", "fingerprint": "b874efa8ba50c2962f970d9814142c3a20c5ffe67016e01e9a31796830b6f4ff", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b874efa8ba50c2962f970d9814142c3a20c5ffe67016e01e9a31796830b6f4ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "folly/portability/Stdlib.cpp"}, "region": {"startLine": 44}}}]}]}]}