{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED088", "name": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks.", "shortDescription": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 104 more): Same pattern found in 104 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 104 more): Same pattern found in 104 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 4 more): Same pattern found in 4 additional files. ", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 222 more): Same pattern found in 222 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 222 more): Same pattern found in 222 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 101 more): Same pattern found in 101 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 101 more): Same pattern found in 101 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 32 more): Same pattern found in 32 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 90 more): Same pattern found in 90 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 90 more): Same pattern found in 90 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED031", "name": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render.", "shortDescription": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC033", "name": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without fil", "shortDescription": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting ever"}, "fullDescription": {"text": "Sanitize keys BEFORE merge:\n  function sanitize(obj) {\n    delete obj.__proto__;\n    delete obj.constructor;\n    delete obj.prototype;\n    return obj;\n  }\nOr use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED027", "name": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated ", "shortDescription": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_DOCUMENTATION_OPS` on a `pull_request` trigger: This workflow triggers o", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_DOCUMENTATION_OPS` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_DOCUMENTATION_OPS }` lets a PR"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/532"}, "properties": {"repository": "strapi/strapi", "repoUrl": "https://github.com/strapi/strapi.git", "branch": "main"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32811, "scanner": "repobility-journey-contract", "fingerprint": "c1d55cdf2c3ed77b9e36d2b1b92bc996b0e794de0f5e78e1c1a36e8c6bc40ff9", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|60|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-type-builder/admin/src/components/AIChat/hooks/useFigmaUpload.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32810, "scanner": "repobility-journey-contract", "fingerprint": "f4cc513b57451dc1122db11332479af63aaa006a25f6ea7a71e35386d4657aae", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|48|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-type-builder/admin/src/components/AIChat/hooks/useFigmaUpload.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32809, "scanner": "repobility-journey-contract", "fingerprint": "5a8a57456e27ebccfb10782061809630d957e5dc17bc2fed9ee4bc4c09521b0e", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|202|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/utils/getFetchClient.ts"}, "region": {"startLine": 202}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32808, "scanner": "repobility-journey-contract", "fingerprint": "58225432b8f8853d14104971ea42bdb36e62f680b1955eb3e8ba8f66bdd63c3d", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|75|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/utils/getFetchClient.ts"}, "region": {"startLine": 75}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32807, "scanner": "repobility-journey-contract", "fingerprint": "db9bc065aa7174a9921293bc274aea4ae56daded82061e85179a1272d2457980", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|72|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/utils/getFetchClient.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32806, "scanner": "repobility-journey-contract", "fingerprint": "e5129bad54c9bd8bca280c3602564cc5a306411702a66e863e539489f026f1fd", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|80|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/reducer.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 32805, "scanner": "repobility-journey-contract", "fingerprint": "e42a1e220e8bfddc1ae918dcfcd6efd8958bc636a056f565e8ed4a3f88e28b28", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|32|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/reducer.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 32804, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js", "Koa"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 32803, "scanner": "repobility-agent-runtime", "fingerprint": "4a0c29bf6c511e8948c4fa84a44b0925178f1f743ceaa4a406f764fbd1882a78", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4a0c29bf6c511e8948c4fa84a44b0925178f1f743ceaa4a406f764fbd1882a78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/setup-v4-project.js"}, "region": {"startLine": 205}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 32771, "scanner": "repobility-threat-engine", "fingerprint": "cc10d101be43c0fe81d1f2563e0cb2864e28ead228b5cbb326080ea950f025aa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server {\n  destroy: () => Promise<void>;\n}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc10d101be43c0fe81d1f2563e0cb2864e28ead228b5cbb326080ea950f025aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/core/src/services/server/http-server.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32768, "scanner": "repobility-threat-engine", "fingerprint": "0d59e9a8306750891d22c4d65faba5c8cd6d968eede2e591b7be117683817a58", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|52|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/openapi/src/assemblers/document/path/path-item/operation/operation-id.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 32767, "scanner": "repobility-threat-engine", "fingerprint": "13a23df4941f0e8ab2ea99eb04080b6729ce9ee70a41b849476bfe4430b7005e", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|32|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/admin/src/pages/EditView/components/FormInputs/Wysiwyg/utils/continueList.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32717, "scanner": "repobility-threat-engine", "fingerprint": "1f4e189d07decf23d663fd447706933cf4cfe79295e3dfb17e1f8f83af72457c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1f4e189d07decf23d663fd447706933cf4cfe79295e3dfb17e1f8f83af72457c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/server/src/services/metrics.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32716, "scanner": "repobility-threat-engine", "fingerprint": "43087b6554c0c75cfe266a609d47da2d84bd9bb0cdceae58a1ade3f25045b31d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|43087b6554c0c75cfe266a609d47da2d84bd9bb0cdceae58a1ade3f25045b31d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/admin/src/preview/utils/previewScript.ts"}, "region": {"startLine": 266}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 32715, "scanner": "repobility-threat-engine", "fingerprint": "62a3f9844fffcb599d4d4f8121422bf989ac13d5d51e64f6c8484be41b4afb59", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|62a3f9844fffcb599d4d4f8121422bf989ac13d5d51e64f6c8484be41b4afb59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/create-strapi-app/src/utils/usage.ts"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 32712, "scanner": "repobility-threat-engine", "fingerprint": "99dc71f9d2a3549755aea663f8f58b6cd88a077c755a67a6920c20beed1423dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (error) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|99dc71f9d2a3549755aea663f8f58b6cd88a077c755a67a6920c20beed1423dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-type-builder/admin/src/components/FormModal/attributes/ConditionForm.tsx"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 32711, "scanner": "repobility-threat-engine", "fingerprint": "e7266a1aff06cbbc69a3bef39beb4d2a73f0b20e87a6b39c2761a8d137962bd3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (error) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e7266a1aff06cbbc69a3bef39beb4d2a73f0b20e87a6b39c2761a8d137962bd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/utils/users.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 32710, "scanner": "repobility-threat-engine", "fingerprint": "c348bb4c20e1dedf4a5b2d41e2b5c7301c1aaa33a77bc964291163f4d64f9ce7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (error) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c348bb4c20e1dedf4a5b2d41e2b5c7301c1aaa33a77bc964291163f4d64f9ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/db-utils.js"}, "region": {"startLine": 60}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 32812, "scanner": "repobility-web-presence", "fingerprint": "5b53ccf57f68b60bb7e13d3ec432b471d17ad3e3a81bf91d1195bdc42057330f", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|5b53ccf57f68b60bb7e13d3ec432b471d17ad3e3a81bf91d1195bdc42057330f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/public/robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a27b94ac81083f401bfdcb6b9b17897538ee0afe6f8e38eca4a14eb17d7f52f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/Role.ts", "duplicate_line": 9, "correlation_key": "fp|a27b94ac81083f401bfdcb6b9b17897538ee0afe6f8e38eca4a14eb17d7f52f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/transfer-token.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b77cc00bd4b41a2a226fd6d9ebb47c40e1f08db43178682a240374d08237ad1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/api-token.ts", "duplicate_line": 9, "correlation_key": "fp|5b77cc00bd4b41a2a226fd6d9ebb47c40e1f08db43178682a240374d08237ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/transfer-token.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32800, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5113de917c846599737039f11c1dcb7cfd2c7d606310d05cdacc3a45fe8e61e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/api-token-permission.ts", "duplicate_line": 15, "correlation_key": "fp|f5113de917c846599737039f11c1dcb7cfd2c7d606310d05cdacc3a45fe8e61e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/transfer-token-permission.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32799, "scanner": "repobility-ai-code-hygiene", "fingerprint": "431d54ae4622b2ea734adaef779bf51b54be00576e26249159310b9d58ae548d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/Permission.ts", "duplicate_line": 9, "correlation_key": "fp|431d54ae4622b2ea734adaef779bf51b54be00576e26249159310b9d58ae548d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/transfer-token-permission.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32798, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e6777a5321d5e95f78248cbfd10acae83eb656163eed4d0b0054f4f772143811", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/Role.ts", "duplicate_line": 9, "correlation_key": "fp|e6777a5321d5e95f78248cbfd10acae83eb656163eed4d0b0054f4f772143811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/api-token.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32797, "scanner": "repobility-ai-code-hygiene", "fingerprint": "98007d1b9cbc73ab6769188751548f959b9c6d4b668385f179791fab030cf31f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/server/src/content-types/Permission.ts", "duplicate_line": 9, "correlation_key": "fp|98007d1b9cbc73ab6769188751548f959b9c6d4b668385f179791fab030cf31f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/server/src/content-types/api-token-permission.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32796, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bad9f5f94b3d0f26e9090dcd04349065b7ff12cbddd8963a42c6e96179a1218c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/Webhooks/EditPage.tsx", "duplicate_line": 82, "correlation_key": "fp|bad9f5f94b3d0f26e9090dcd04349065b7ff12cbddd8963a42c6e96179a1218c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32795, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81a2be29d68f6bb72681af175cd64a08a1986d3be9b92e38b9acb208562a8066", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/Webhooks/EditPage.tsx", "duplicate_line": 114, "correlation_key": "fp|81a2be29d68f6bb72681af175cd64a08a1986d3be9b92e38b9acb208562a8066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.tsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32794, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed3ebdb876732be85d85f3b5f598c34507a70a14c4abbe4fd7652fd512966239", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Auth/components/Register.tsx", "duplicate_line": 129, "correlation_key": "fp|ed3ebdb876732be85d85f3b5f598c34507a70a14c4abbe4fd7652fd512966239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Users/utils/validation.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32793, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edca4064bb1022d96c43f580169ec00e44317df7870ac843d38409b263a63473", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/Users/EditPage.tsx", "duplicate_line": 270, "correlation_key": "fp|edca4064bb1022d96c43f580169ec00e44317df7870ac843d38409b263a63473"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Users/components/NewUserForm.tsx"}, "region": {"startLine": 255}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32792, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3278c61add5588ed477887f9a85cc566ea848c83eb2c8d0b09c3d2b7a3c3e00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.tsx", "duplicate_line": 94, "correlation_key": "fp|c3278c61add5588ed477887f9a85cc566ea848c83eb2c8d0b09c3d2b7a3c3e00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Users/EditPage.tsx"}, "region": {"startLine": 193}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32791, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2eb626b92bde8670fac5a0008c414a57b060c21d4de7c65fcf026ffc96e49f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/features/Widgets.tsx", "duplicate_line": 81, "correlation_key": "fp|a2eb626b92bde8670fac5a0008c414a57b060c21d4de7c65fcf026ffc96e49f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/TransferTokens/ListView.tsx"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32790, "scanner": "repobility-ai-code-hygiene", "fingerprint": "777a1b1814e133e5f4f6259dfff51e9dd105c07e34e5c55160678d50d6467d58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.tsx", "duplicate_line": 90, "correlation_key": "fp|777a1b1814e133e5f4f6259dfff51e9dd105c07e34e5c55160678d50d6467d58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/TransferTokens/EditView.tsx"}, "region": {"startLine": 301}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32789, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85eb77819aad95e69eab6f4825f59c3e87e8eaf71b25fcbad80d6ad82c0601c5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.tsx", "duplicate_line": 127, "correlation_key": "fp|85eb77819aad95e69eab6f4825f59c3e87e8eaf71b25fcbad80d6ad82c0601c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/TransferTokens/EditView.tsx"}, "region": {"startLine": 112}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32788, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8268faba4c22a6af5ee66fc1d5556228149c19f921544be4e1d8e7e1574da4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/InstalledPlugins.tsx", "duplicate_line": 60, "correlation_key": "fp|f8268faba4c22a6af5ee66fc1d5556228149c19f921544be4e1d8e7e1574da4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Roles/ListPage.tsx"}, "region": {"startLine": 167}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32787, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3e4470cdc6d3cd864ff7654c31bda7d6924a50fae52e7861da87c0056094a46", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/Roles/CreatePage.tsx", "duplicate_line": 94, "correlation_key": "fp|e3e4470cdc6d3cd864ff7654c31bda7d6924a50fae52e7861da87c0056094a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Roles/EditPage.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32786, "scanner": "repobility-ai-code-hygiene", "fingerprint": "423ebe23918dcc347f67c252fde497bb7ccbafc390a6fe4952cde06287e95ce7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.tsx", "duplicate_line": 127, "correlation_key": "fp|423ebe23918dcc347f67c252fde497bb7ccbafc390a6fe4952cde06287e95ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/Roles/EditPage.tsx"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32785, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f015fcc8e20290e10259d01f8a7c05606e5b75028e6255368816116a67c7103", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.tsx", "duplicate_line": 39, "correlation_key": "fp|4f015fcc8e20290e10259d01f8a7c05606e5b75028e6255368816116a67c7103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32784, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18c0bc6ec23cb0401e8b3ce54b067bd9eed66615d5b9227d1c6f4f04599e4e60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.tsx", "duplicate_line": 20, "correlation_key": "fp|18c0bc6ec23cb0401e8b3ce54b067bd9eed66615d5b9227d1c6f4f04599e4e60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32783, "scanner": "repobility-ai-code-hygiene", "fingerprint": "328ebd77ae5aacc66478a647f7fa2fe83f38df2be1439d8d0fad0ac742ea9cc2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.tsx", "duplicate_line": 18, "correlation_key": "fp|328ebd77ae5aacc66478a647f7fa2fe83f38df2be1439d8d0fad0ac742ea9cc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32782, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ab1971dc6cbe9315c1b9131f89551282d87bfda277584591c27eaef0b79ab03", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.tsx", "duplicate_line": 70, "correlation_key": "fp|6ab1971dc6cbe9315c1b9131f89551282d87bfda277584591c27eaef0b79ab03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32781, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5f04c534a93df1fff1909d8bee7ecff9b6fdcd65858936b84dbbff6ab923a33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.tsx", "duplicate_line": 79, "correlation_key": "fp|f5f04c534a93df1fff1909d8bee7ecff9b6fdcd65858936b84dbbff6ab923a33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32780, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3179c8a62c027fd1fbe61476e1dcae0133d2084462bf4a5e9272eb91fa272f1c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/InternalErrorPage.tsx", "duplicate_line": 9, "correlation_key": "fp|3179c8a62c027fd1fbe61476e1dcae0133d2084462bf4a5e9272eb91fa272f1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/NotFoundPage.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32779, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4505f1f8ef699fa832a3f7f8fc0ff5045461bf123fd354b60af80b34b07770e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Home/components/FreeTrialEndedModal.tsx", "duplicate_line": 8, "correlation_key": "fp|4505f1f8ef699fa832a3f7f8fc0ff5045461bf123fd354b60af80b34b07770e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Home/components/FreeTrialWelcomeModal.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32778, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7907c4f75a716cb723f5a584a9e6b4b38742922b83390121ab482f5a068273c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Auth/components/ForgotPassword.tsx", "duplicate_line": 34, "correlation_key": "fp|7907c4f75a716cb723f5a584a9e6b4b38742922b83390121ab482f5a068273c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Auth/components/ResetPassword.tsx"}, "region": {"startLine": 127}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32777, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f3654f5678e0b4019936f66b8de70a81b8e837b4273682e7c56ded3131cb7ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Auth/components/Register.tsx", "duplicate_line": 44, "correlation_key": "fp|1f3654f5678e0b4019936f66b8de70a81b8e837b4273682e7c56ded3131cb7ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Auth/components/ResetPassword.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32776, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c775602a27b7762e1a9754a1e7efaa5a1b633345c72d803fb7ddd78a7508aab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/admin/admin/src/pages/Auth/components/ForgotPasswordSuccess.tsx", "duplicate_line": 38, "correlation_key": "fp|0c775602a27b7762e1a9754a1e7efaa5a1b633345c72d803fb7ddd78a7508aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Auth/components/Oops.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32775, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20e52bf451d31f7e5b8ef1765cddc7727c6986f24e155c86aa2d6c48cb06478b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "jest-preset.front.js", "duplicate_line": 74, "correlation_key": "fp|20e52bf451d31f7e5b8ef1765cddc7727c6986f24e155c86aa2d6c48cb06478b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "jest-preset.unit.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 32774, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1b61b2f2dd9130c9570ba79d08b1b216373a8104eed999c34082b08bc85e183", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/actions/community-pr-triage/src/modes/notion-report.ts", "duplicate_line": 10, "correlation_key": "fp|f1b61b2f2dd9130c9570ba79d08b1b216373a8104eed999c34082b08bc85e183"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/community-pr-triage/src/modes/weekly-report.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 32773, "scanner": "repobility-threat-engine", "fingerprint": "f5ed0e8dd8f5130f0990142c4a8d7406f3a21947520449c2dfcc4ebf302ffc39", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5ed0e8dd8f5130f0990142c4a8d7406f3a21947520449c2dfcc4ebf302ffc39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/strapi/src/cli/commands/admin/reset-user-password.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED088", "level": "none", "message": {"text": "[MINED088] React Conditional Hook: useState/useEffect inside if/loop violates Rules of Hooks."}, "properties": {"repobilityId": 32769, "scanner": "repobility-threat-engine", "fingerprint": "9be724a00f86c8fe6a2b163bee65daf46dd368a4766bda76a44e607d90d765af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-conditional-hook", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348143+00:00", "triaged_in_corpus": 20, "observations_count": 600, "ai_coder_pattern_id": 139}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9be724a00f86c8fe6a2b163bee65daf46dd368a4766bda76a44e607d90d765af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-type-builder/admin/src/components/FormModal/FormModal.tsx"}, "region": {"startLine": 718}}}]}, {"ruleId": "SEC083", "level": "none", "message": {"text": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 32766, "scanner": "repobility-threat-engine", "fingerprint": "f18933be2d43a6f2b86aba60a194501d92b01604e86efa860079d4abf0349f9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f18933be2d43a6f2b86aba60a194501d92b01604e86efa860079d4abf0349f9e"}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 32762, "scanner": "repobility-threat-engine", "fingerprint": "fc475dfcaacbe6e39653b08a2b24bd9cb6198b8df9ea5c905bc15bfdb77b93ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc475dfcaacbe6e39653b08a2b24bd9cb6198b8df9ea5c905bc15bfdb77b93ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/translations/languageNativeNames.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 32758, "scanner": "repobility-threat-engine", "fingerprint": "83c834c81b7f766f4f566e4ec1f48f9439a0562269037b43653f93c21c9c5815", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|83c834c81b7f766f4f566e4ec1f48f9439a0562269037b43653f93c21c9c5815", "aggregated_count": 2}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32757, "scanner": "repobility-threat-engine", "fingerprint": "320d312c112b87fa433b8897d75609aea28198a850f9d65308bfc8995caf1b59", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|320d312c112b87fa433b8897d75609aea28198a850f9d65308bfc8995caf1b59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/jest.config.front.js"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32756, "scanner": "repobility-threat-engine", "fingerprint": "74ef7666cb9e09cdd20a10011c0abe9498b1376a62149713b4b837fc6f68bc22", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74ef7666cb9e09cdd20a10011c0abe9498b1376a62149713b4b837fc6f68bc22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/services/apiTokens.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 32755, "scanner": "repobility-threat-engine", "fingerprint": "2f10a9e17abfd051a0d34a133bb218fddf0a234f82a0fdcf9645e0c111f21994", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f10a9e17abfd051a0d34a133bb218fddf0a234f82a0fdcf9645e0c111f21994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.tsx"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32754, "scanner": "repobility-threat-engine", "fingerprint": "82fdcb9f2e57e5b36cfcb49c8e2995d1ea6b2fdb07b4aa8ce26f66017524cf79", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|82fdcb9f2e57e5b36cfcb49c8e2995d1ea6b2fdb07b4aa8ce26f66017524cf79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/core/src/configuration/urls.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 32753, "scanner": "repobility-threat-engine", "fingerprint": "e4dc29f94a165edeceaac24adc1d6c6aede35319cea4d470cb0e99f542bf79b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4dc29f94a165edeceaac24adc1d6c6aede35319cea4d470cb0e99f542bf79b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/components/MainNav/NavLink.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 32752, "scanner": "repobility-threat-engine", "fingerprint": "35f82c0787e424ff95757890015c05985457199994f821f4dd6e3178c4770f12", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35f82c0787e424ff95757890015c05985457199994f821f4dd6e3178c4770f12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/admin/src/pages/EditView/components/FormInputs/Wysiwyg/PreviewWysiwyg.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 32751, "scanner": "repobility-threat-engine", "fingerprint": "5074a917a4e77efbb5ac14bdbc08b075c82dd34a586389e82c308ed368dc09a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5074a917a4e77efbb5ac14bdbc08b075c82dd34a586389e82c308ed368dc09a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/components/GuidedTour/Steps/Step.tsx"}, "region": {"startLine": 265}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 32750, "scanner": "repobility-threat-engine", "fingerprint": "a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7"}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32746, "scanner": "repobility-threat-engine", "fingerprint": "42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|42fc4030f57c04d8ace60c0c7e321d52477b44af5460a2f3247591bde9511d4d"}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 32745, "scanner": "repobility-threat-engine", "fingerprint": "493f4ebf376d843aeacd444e15a18dda47c32fd19a8e1beda3b3618515c09ba9", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.json' detected on same line", "evidence": {"match": "require(path", "reason": "Safe pattern '\\.json' detected on same line", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|493f4ebf376d843aeacd444e15a18dda47c32fd19a8e1beda3b3618515c09ba9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/core/src/configuration/index.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 32744, "scanner": "repobility-threat-engine", "fingerprint": "6c196c71927602d50980376c9a21974a753ec0d8f0eb76d9ea4c17c14ccc1982", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.json' detected on same line", "evidence": {"match": "require(`${", "reason": "Safe pattern '\\.json' detected on same line", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|6c196c71927602d50980376c9a21974a753ec0d8f0eb76d9ea4c17c14ccc1982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/utils/helpers.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32742, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 32741, "scanner": "repobility-threat-engine", "fingerprint": "50e4dba2ee779f2e2f3e4ce5e67a33804f4cc366923f24919633e2c59e13d45a", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.warn('[Auth] Token refresh failed with status:', response.status)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|console.warn auth token refresh failed with status: response.status"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/utils/getFetchClient.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 32740, "scanner": "repobility-threat-engine", "fingerprint": "87e3370d67f70d99590543f85952af7f3ffcf5a796ec72584ee40d7d80782af9", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.error('There was a problem saving your token. Please try again.')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|2|logger.error there was a problem saving your token. please try again."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/services/token.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 32739, "scanner": "repobility-threat-engine", "fingerprint": "f7fa3608c17b4a9e36cf92bf3151c39f1acd620bb6f285cdf1beb47a9f3de606", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.debug('\ud83d\udd10 Validating token...')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|13|logger.debug validating token..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/login/action.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 104 more): Same pattern found in 104 additional files. Review if needed."}, "properties": {"repobilityId": 32738, "scanner": "repobility-threat-engine", "fingerprint": "9b0f094f93e7be6247281a0151b1adb82708431a6ff1fc6b4fe8cfb96a1d87b2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 104 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9b0f094f93e7be6247281a0151b1adb82708431a6ff1fc6b4fe8cfb96a1d87b2", "aggregated_count": 104}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 32737, "scanner": "repobility-threat-engine", "fingerprint": "2ddcfda3ddac371e12b1467db1018874b57b28322a5aa6f6581b6f510a18a35b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ddcfda3ddac371e12b1467db1018874b57b28322a5aa6f6581b6f510a18a35b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/services/token.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 32736, "scanner": "repobility-threat-engine", "fingerprint": "299cfe29cc8e7c605e491a4879608456b3093025ce40869cbfb85824f4ea4da2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|299cfe29cc8e7c605e491a4879608456b3093025ce40869cbfb85824f4ea4da2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/login/action.ts"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 32735, "scanner": "repobility-threat-engine", "fingerprint": "96cc53711ae78d8e825877aa1386f989d718725f66bb2679ecc0e98ef55de42d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96cc53711ae78d8e825877aa1386f989d718725f66bb2679ecc0e98ef55de42d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/link/action.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 32734, "scanner": "repobility-threat-engine", "fingerprint": "9d09085a62f5d2dbdd36535f5fd5dba87bc903f20f48c46050db095c0a21fb0a", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9d09085a62f5d2dbdd36535f5fd5dba87bc903f20f48c46050db095c0a21fb0a"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 32733, "scanner": "repobility-threat-engine", "fingerprint": "5af8ec9e11720cfa142addecf65be5187001b98f8037353e905abd1d80ac8333", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|9|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/create-strapi-app/src/utils/install-id.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 32732, "scanner": "repobility-threat-engine", "fingerprint": "4c297b75a80926e05c7b2152b8edb55305b0d506ce63ea0e185c370c7a8e722d", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|143|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/create-strapi-app/src/index.ts"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 32731, "scanner": "repobility-threat-engine", "fingerprint": "ce43c8f5a98686bb9338b5e08515e1020f4a780b652b0915b502a3377152a1e1", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|42|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/index.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 222 more): Same pattern found in 222 additional files. Review if needed."}, "properties": {"repobilityId": 32730, "scanner": "repobility-threat-engine", "fingerprint": "f0a12d8f2baf6b6d9559961269c6eaad8e50f1c0bea9a53d535ae3173ac237d6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 222 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f0a12d8f2baf6b6d9559961269c6eaad8e50f1c0bea9a53d535ae3173ac237d6", "aggregated_count": 222}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 32729, "scanner": "repobility-threat-engine", "fingerprint": "68754e4983a3a45d618ce5318b11d04701765dec2a0ea9bf33c59e4cf2f9e6d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68754e4983a3a45d618ce5318b11d04701765dec2a0ea9bf33c59e4cf2f9e6d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/environment/list/action.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 32728, "scanner": "repobility-threat-engine", "fingerprint": "5133ed79a6cd4cacb5510c1577a9b57100eb29e91ed1928f8a6708eed684e431", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5133ed79a6cd4cacb5510c1577a9b57100eb29e91ed1928f8a6708eed684e431"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/environment/link/action.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 32727, "scanner": "repobility-threat-engine", "fingerprint": "92d153b55a121ec3b8122de008869cdcf30a474dff03acc12c2bd6de2e644f3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92d153b55a121ec3b8122de008869cdcf30a474dff03acc12c2bd6de2e644f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/deploy-project/action.ts"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 101 more): Same pattern found in 101 additional files. Review if needed."}, "properties": {"repobilityId": 32726, "scanner": "repobility-threat-engine", "fingerprint": "584818fbf95725a6edb983db035f1e62fb3d984c66b215a65c835d21859429f5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 101 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|584818fbf95725a6edb983db035f1e62fb3d984c66b215a65c835d21859429f5", "aggregated_count": 101}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 32725, "scanner": "repobility-threat-engine", "fingerprint": "cec97305753a304b8607bf8a263c0b4d15a69ddd4931338ae3d63bedcf08c3fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cec97305753a304b8607bf8a263c0b4d15a69ddd4931338ae3d63bedcf08c3fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/core/store/configure.ts"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 32724, "scanner": "repobility-threat-engine", "fingerprint": "5588fe0af58d22ac3123d3ebf0473dac439d620102ca24b0b4ec9acf1d8b5f68", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5588fe0af58d22ac3123d3ebf0473dac439d620102ca24b0b4ec9acf1d8b5f68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/components/DescriptionComponentRenderer.tsx"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 32723, "scanner": "repobility-threat-engine", "fingerprint": "8c4bbbbf7670c58495da795cc99d1686168e28915ef7f2b59395dc5e58b3cf01", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c4bbbbf7670c58495da795cc99d1686168e28915ef7f2b59395dc5e58b3cf01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/admin-test-utils/src/setup.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 32722, "scanner": "repobility-threat-engine", "fingerprint": "da09a0e109d8491397c79f85ac498a8a3f321cda8bb454968b775da40d045a81", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|da09a0e109d8491397c79f85ac498a8a3f321cda8bb454968b775da40d045a81", "aggregated_count": 7}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 32721, "scanner": "repobility-threat-engine", "fingerprint": "d5308073b023ef1f0c493518c5511e591313fded8f7a0d8e821b2247fa8db845", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5308073b023ef1f0c493518c5511e591313fded8f7a0d8e821b2247fa8db845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/ProfilePage.tsx"}, "region": {"startLine": 296}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 32720, "scanner": "repobility-threat-engine", "fingerprint": "540165fdb6cabc8fbd6a4b135798b93453c80a3879ac2d31f21e2ac5969bc6af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|540165fdb6cabc8fbd6a4b135798b93453c80a3879ac2d31f21e2ac5969bc6af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/components/SubNav.tsx"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 32719, "scanner": "repobility-threat-engine", "fingerprint": "470371b395715507f19da6ad2f03754f2d696c42c999fff998da6b9095968b9e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|470371b395715507f19da6ad2f03754f2d696c42c999fff998da6b9095968b9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/getstarted/src/admin/preview/dummy-preview.jsx"}, "region": {"startLine": 155}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 32718, "scanner": "repobility-threat-engine", "fingerprint": "2949c2702d7166dac258164d4c52ef70add92ecb6c82892fbc20aaf8046756af", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2949c2702d7166dac258164d4c52ef70add92ecb6c82892fbc20aaf8046756af"}}}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 32713, "scanner": "repobility-threat-engine", "fingerprint": "8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 32709, "scanner": "repobility-threat-engine", "fingerprint": "606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 32705, "scanner": "repobility-threat-engine", "fingerprint": "62000d257fb045d0b197c75562c02a591e1fa59e97f0c2640bf74e1047aa2ced", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|62000d257fb045d0b197c75562c02a591e1fa59e97f0c2640bf74e1047aa2ced"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 90 more): Same pattern found in 90 additional files. Review if needed."}, "properties": {"repobilityId": 32701, "scanner": "repobility-threat-engine", "fingerprint": "2dcbe5dbad7727a08f176e5fa639255eb5daf77a79a9afa7ada5823c3d353612", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 90 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2dcbe5dbad7727a08f176e5fa639255eb5daf77a79a9afa7ada5823c3d353612", "aggregated_count": 90}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32700, "scanner": "repobility-threat-engine", "fingerprint": "5ae794229bb21d9072ae9017f562c02d8b3715b2e034b2b6205b4db2cea3b9ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ae794229bb21d9072ae9017f562c02d8b3715b2e034b2b6205b4db2cea3b9ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/bench.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32699, "scanner": "repobility-threat-engine", "fingerprint": "ce531b9ddc7f017aef8ab14b9dde59edf35e277625b8dc46219d3888f2787f2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce531b9ddc7f017aef8ab14b9dde59edf35e277625b8dc46219d3888f2787f2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/bench-hook.js"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 32698, "scanner": "repobility-threat-engine", "fingerprint": "8365191473865d966eb71fb46d3dfb031f43363dc1d5c221ff46f6cbb25c4dad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8365191473865d966eb71fb46d3dfb031f43363dc1d5c221ff46f6cbb25c4dad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/bench-compare.js"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 32697, "scanner": "repobility-threat-engine", "fingerprint": "e6b12850e54eb1ffa424becfb0f6a8e7a5c6d257d13b26934f0112681066c89f", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e6b12850e54eb1ffa424becfb0f6a8e7a5c6d257d13b26934f0112681066c89f"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32838, "scanner": "repobility-supply-chain", "fingerprint": "45ba03277d9c4e9ba3e9312810758f0568f6c0cb6ed94b0a11f363c92a37b56e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45ba03277d9c4e9ba3e9312810758f0568f6c0cb6ed94b0a11f363c92a37b56e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-reviewer.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32837, "scanner": "repobility-supply-chain", "fingerprint": "7103327d171d9af37e4b056346ec28dbcbfba3e6292accdd20057fa1a6f67f40", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7103327d171d9af37e4b056346ec28dbcbfba3e6292accdd20057fa1a6f67f40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32836, "scanner": "repobility-supply-chain", "fingerprint": "012683596ec53613246096b3b930e5ffdbeb025c7142cb8164ae39891ed2611f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|012683596ec53613246096b3b930e5ffdbeb025c7142cb8164ae39891ed2611f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32835, "scanner": "repobility-supply-chain", "fingerprint": "7ac9ccef73d8effcdb20767553798718b66179cd59106f523e81c776ec49d387", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ac9ccef73d8effcdb20767553798718b66179cd59106f523e81c776ec49d387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32834, "scanner": "repobility-supply-chain", "fingerprint": "6a4ee28c1b9fd62ba10047e3df4270020e04f3c3189bcb9110e268d673918d30", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a4ee28c1b9fd62ba10047e3df4270020e04f3c3189bcb9110e268d673918d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32833, "scanner": "repobility-supply-chain", "fingerprint": "a8f21337ad2d0a1c8676116443e04263261c721a419cfa05a6413a4acf1107f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a8f21337ad2d0a1c8676116443e04263261c721a419cfa05a6413a4acf1107f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32832, "scanner": "repobility-supply-chain", "fingerprint": "8a42d7063e6a7e04f291455994b21e0235570b393e25532d877f7f1755e2e9f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a42d7063e6a7e04f291455994b21e0235570b393e25532d877f7f1755e2e9f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32831, "scanner": "repobility-supply-chain", "fingerprint": "5985504a69cc2e5b16b6031e96face52246723a6bce20e377d779c3423fa57fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5985504a69cc2e5b16b6031e96face52246723a6bce20e377d779c3423fa57fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32830, "scanner": "repobility-supply-chain", "fingerprint": "6fdd8130b88f3fd49fc03ed74a4790f4a087a39bd7d6862709a67891dc4acc76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6fdd8130b88f3fd49fc03ed74a4790f4a087a39bd7d6862709a67891dc4acc76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32829, "scanner": "repobility-supply-chain", "fingerprint": "8012c8e3158602ae25f34cc91028414b4d5d5c659833d4216659c89d017993ed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8012c8e3158602ae25f34cc91028414b4d5d5c659833d4216659c89d017993ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32828, "scanner": "repobility-supply-chain", "fingerprint": "a9b505369146ec57eba0cf01b4287457e4064d666931e9f4452a38070b261114", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9b505369146ec57eba0cf01b4287457e4064d666931e9f4452a38070b261114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32827, "scanner": "repobility-supply-chain", "fingerprint": "bae6844ab8551670fde7bf5caaa048462695e8c780cb6ca37658e5720935d9a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bae6844ab8551670fde7bf5caaa048462695e8c780cb6ca37658e5720935d9a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-cool/issues-helper` pinned to mutable ref `@v3`: `uses: actions-cool/issues-helper@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32826, "scanner": "repobility-supply-chain", "fingerprint": "34b5dbcd9a238fefd77654fb8d82a49a8cc049cbf8d2d9f3e9010bc59d08fe6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34b5dbcd9a238fefd77654fb8d82a49a8cc049cbf8d2d9f3e9010bc59d08fe6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues_handleLabel.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/stale` pinned to mutable ref `@v10`: `uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32825, "scanner": "repobility-supply-chain", "fingerprint": "5892a3fe404b32d10c6cba622a09b29126c165bf3f7f25c0afca2d86e4749b99", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5892a3fe404b32d10c6cba622a09b29126c165bf3f7f25c0afca2d86e4749b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close_stale_issues.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `c2corg/browserslist-update-action` pinned to mutable ref `@v2`: `uses: c2corg/browserslist-update-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32824, "scanner": "repobility-supply-chain", "fingerprint": "f21a81e2649c026dc05bf16825cd624f44edbd77f9cd527ead298af75212e8e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f21a81e2649c026dc05bf16825cd624f44edbd77f9cd527ead298af75212e8e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/caniuse.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32823, "scanner": "repobility-supply-chain", "fingerprint": "e43a7e1ec7d56e38cc68345589e3b7bd14a230cfbb215f5631be81c40840fa9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e43a7e1ec7d56e38cc68345589e3b7bd14a230cfbb215f5631be81c40840fa9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/caniuse.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `thollander/actions-comment-pull-request` pinned to mutable ref `@v2`: `uses: thollander/actions-comment-pull-request@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32821, "scanner": "repobility-supply-chain", "fingerprint": "d545a4d0e7442b4fe06b939d531fb60f75b47e5ee8847645e7eb1dbf1a681017", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d545a4d0e7442b4fe06b939d531fb60f75b47e5ee8847645e7eb1dbf1a681017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/changeFreeze.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tspascoal/get-user-teams-membership` pinned to mutable ref `@v3`: `uses: tspascoal/get-user-teams-membership@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32820, "scanner": "repobility-supply-chain", "fingerprint": "9a185c738a52a41589a2fbb956750c4fc8d8d1f7eebd0197a2b59bd89d9e1dba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a185c738a52a41589a2fbb956750c4fc8d8d1f7eebd0197a2b59bd89d9e1dba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/changeFreeze.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32819, "scanner": "repobility-supply-chain", "fingerprint": "a63eba80359155d087b371a99423f9995ffd164e8dfcd7e232d6eff32dd3e0c0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a63eba80359155d087b371a99423f9995ffd164e8dfcd7e232d6eff32dd3e0c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-release.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32818, "scanner": "repobility-supply-chain", "fingerprint": "0c2bd77fe1623e1b46f470a0554b3cdccab4b9b73495afc40245c897d796f826", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c2bd77fe1623e1b46f470a0554b3cdccab4b9b73495afc40245c897d796f826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-release.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/create-github-app-token` pinned to mutable ref `@v1`: `uses: actions/create-github-app-token@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32817, "scanner": "repobility-supply-chain", "fingerprint": "c803fab52ec78550e84148ba5172f31b2b71dfdbd5d737b27ceae9d82b0c71cd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c803fab52ec78550e84148ba5172f31b2b71dfdbd5d737b27ceae9d82b0c71cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-release.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `preactjs/compressed-size-action` pinned to mutable ref `@v2`: `uses: preactjs/compressed-size-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32816, "scanner": "repobility-supply-chain", "fingerprint": "c1cd9ad5cda89581dc695bf8b90a825f90c5fad86b105df60631f0b04a6078f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c1cd9ad5cda89581dc695bf8b90a825f90c5fad86b105df60631f0b04a6078f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/adminBundleSize.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32815, "scanner": "repobility-supply-chain", "fingerprint": "06553b7d2edb15193b29457b07a3a3f4613e4764d66a432a4b1417b8b8065dfc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|06553b7d2edb15193b29457b07a3a3f4613e4764d66a432a4b1417b8b8065dfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/adminBundleSize.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32814, "scanner": "repobility-supply-chain", "fingerprint": "3d95d2137f64f6d701c08d9d339ba91cb72c3c09cebf2b10ad57cf8e01bcb5c1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d95d2137f64f6d701c08d9d339ba91cb72c3c09cebf2b10ad57cf8e01bcb5c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/adminBundleSize.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 32813, "scanner": "repobility-supply-chain", "fingerprint": "104a41e5c62649f32e726ffacc6ae35d565d8512d87206da0673054a26df2ad8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|104a41e5c62649f32e726ffacc6ae35d565d8512d87206da0673054a26df2ad8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clean-up-pr-caches.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED031", "level": "error", "message": {"text": "[MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render."}, "properties": {"repobilityId": 32772, "scanner": "repobility-threat-engine", "fingerprint": "0f615f83657b7f48ba2782b5b395eeeadb0f7ce0d82ff2e8c09a37143b280254", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-direct-state-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347971+00:00", "triaged_in_corpus": 15, "observations_count": 6168, "ai_coder_pattern_id": 137}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f615f83657b7f48ba2782b5b395eeeadb0f7ce0d82ff2e8c09a37143b280254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/database/src/query/query-builder.ts"}, "region": {"startLine": 457}}}]}, {"ruleId": "SEC033", "level": "error", "message": {"text": "[SEC033] Prototype Pollution \u2014 unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie)."}, "properties": {"repobilityId": 32770, "scanner": "repobility-threat-engine", "fingerprint": "4d6c88214c8a3c8969941ab7ef8bb3cb5b77d572edfe6a89b71f3884b4990a43", "category": "prototype_pollution", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_.merge(strapi.admin?.config, user", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC033", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4d6c88214c8a3c8969941ab7ef8bb3cb5b77d572edfe6a89b71f3884b4990a43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/core/src/loaders/admin.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 32765, "scanner": "repobility-threat-engine", "fingerprint": "b32882f68c4f41a61eb789ddb0c5f65cb582d23f648903ed1aa1b4f800fd4545", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(regex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b32882f68c4f41a61eb789ddb0c5f65cb582d23f648903ed1aa1b4f800fd4545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/server/src/controllers/validation/index.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 32764, "scanner": "repobility-threat-engine", "fingerprint": "5c777bd268e385baf11e9120c6670cbac253eaade9fa115b2712f2b1a0480da6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(attribute", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c777bd268e385baf11e9120c6670cbac253eaade9fa115b2712f2b1a0480da6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/admin/src/utils/validation.ts"}, "region": {"startLine": 263}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 32763, "scanner": "repobility-threat-engine", "fingerprint": "17868d1d9d40df44b81223dfacc6a893566be5088d7053e3dfec2ec3e69571c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(regex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|17868d1d9d40df44b81223dfacc6a893566be5088d7053e3dfec2ec3e69571c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/admin/src/pages/EditView/components/FormInputs/UID.tsx"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 32761, "scanner": "repobility-threat-engine", "fingerprint": "d989a0b9586754fd7f791f1d9baa48979fd7200666e18de63985480ab3ffb24a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d989a0b9586754fd7f791f1d9baa48979fd7200666e18de63985480ab3ffb24a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/database/src/query/query-builder.ts"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 32760, "scanner": "repobility-threat-engine", "fingerprint": "dafa973f36ff9c600e84b4750c12df8ea5237e1d28eb0a041b30a8da3ff1413a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dafa973f36ff9c600e84b4750c12df8ea5237e1d28eb0a041b30a8da3ff1413a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-type-builder/admin/src/components/DataManager/undoRedo.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 32759, "scanner": "repobility-threat-engine", "fingerprint": "444e4cf6da0f503cee5d72edc633c857850ee9d5fb861e36b6cce702c14d42f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|444e4cf6da0f503cee5d72edc633c857850ee9d5fb861e36b6cce702c14d42f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/reducer.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32749, "scanner": "repobility-threat-engine", "fingerprint": "4ae3ee0ac4a9351a2a5a1a44157aabf19f6abeaec55f93837a3719f2a7ed856f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ae3ee0ac4a9351a2a5a1a44157aabf19f6abeaec55f93837a3719f2a7ed856f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/ApplicationInfo/utils/files.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32748, "scanner": "repobility-threat-engine", "fingerprint": "79ce1173a9ed96360ad086464e30da63c018d3876e1fb31c0c934bc20f68ce8d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|79ce1173a9ed96360ad086464e30da63c018d3876e1fb31c0c934bc20f68ce8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.tsx"}, "region": {"startLine": 234}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 32747, "scanner": "repobility-threat-engine", "fingerprint": "4d3527c8b66bbb36480a92f045c240027e27ccb6c65fbb6861cb2357622a299c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4d3527c8b66bbb36480a92f045c240027e27ccb6c65fbb6861cb2357622a299c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/create-strapi-app/src/utils/template.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 32714, "scanner": "repobility-threat-engine", "fingerprint": "b34d1e0f19d534ee727ea5bc28757eb11a7296b50318374902b40e19bae4b18b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b34d1e0f19d534ee727ea5bc28757eb11a7296b50318374902b40e19bae4b18b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/setup-v4-project.js"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32708, "scanner": "repobility-threat-engine", "fingerprint": "336fb254b95d7841d847c508ff8eb3163aff379d82456e7853050fcf4ae05314", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(cmd", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|336fb254b95d7841d847c508ff8eb3163aff379d82456e7853050fcf4ae05314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/db-postgres.js"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32707, "scanner": "repobility-threat-engine", "fingerprint": "f1e15b5ee19c96558b56b5503cea2c8f9c200cbd57e9dc3e253fe318bd3401f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(cmd", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1e15b5ee19c96558b56b5503cea2c8f9c200cbd57e9dc3e253fe318bd3401f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/db-mysql.js"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 32706, "scanner": "repobility-threat-engine", "fingerprint": "dc3ffa1a285f0216a27f0ec15ecd39aa835046df4a94692c4afeae14265dd83c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(cmd", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dc3ffa1a285f0216a27f0ec15ecd39aa835046df4a94692c4afeae14265dd83c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/db-mariadb.js"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32704, "scanner": "repobility-threat-engine", "fingerprint": "67543034d4829e4ab0a3ba21abdea0692a9ef76e2c5712f343c4d3f1f5367ead", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "progressBar.update(percentage);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|67543034d4829e4ab0a3ba21abdea0692a9ef76e2c5712f343c4d3f1f5367ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/cloud/src/deploy-project/action.ts"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32703, "scanner": "repobility-threat-engine", "fingerprint": "7e73ab3258a0556813ad9188412cfa5fac8efdabf3c7a95cfdd37cba07ceb6f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.store.delete(key);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e73ab3258a0556813ad9188412cfa5fac8efdabf3c7a95cfdd37cba07ceb6f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/admin-test-utils/src/setup.ts"}, "region": {"startLine": 222}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 32702, "scanner": "repobility-threat-engine", "fingerprint": "d3e7bad24b3be93162d0874b3cec44d8eeb03cd489be0779141abdac38108c59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "inflight.delete(name);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3e7bad24b3be93162d0874b3cec44d8eeb03cd489be0779141abdac38108c59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/bench-hook.js"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 32696, "scanner": "repobility-threat-engine", "fingerprint": "35983517661936f9d793f94d41589d34664fd8b05b77e1a777984869f58ca745", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((uid) => `components::${uid}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|35983517661936f9d793f94d41589d34664fd8b05b77e1a777984869f58ca745"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/server/src/services/components.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 32695, "scanner": "repobility-threat-engine", "fingerprint": "fad0bbeb30003c55568f14191e808b792463853606ce4b9c18f37c0a026bdd21", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n            (contentType) => `plugin_content_manager_configuration_content_types::${contentType", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fad0bbeb30003c55568f14191e808b792463853606ce4b9c18f37c0a026bdd21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/content-manager/server/src/homepage/services/homepage.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 32694, "scanner": "repobility-threat-engine", "fingerprint": "e838bdf30f8f985a64ecb9c15208de49c738755c2eae5ac1068a253b2cb1dda3", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((db) => `<th>${escapeHtml(db)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e838bdf30f8f985a64ecb9c15208de49c738755c2eae5ac1068a253b2cb1dda3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/complex/scripts/bench-compare.js"}, "region": {"startLine": 490}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_DOCUMENTATION_OPS` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_DOCUMENTATION_OPS }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32846, "scanner": "repobility-supply-chain", "fingerprint": "31a1d5a0733d0e0f1e450d4003604eed1cc97973103a48468f4b706300b54beb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31a1d5a0733d0e0f1e450d4003604eed1cc97973103a48468f4b706300b54beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-flag-notification.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SONAR_HOST_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SONAR_HOST_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32845, "scanner": "repobility-supply-chain", "fingerprint": "8c067280ea75ddf1b9c045ea5910686f23e66a1e1f5c3c6858ff665dc08f2557", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c067280ea75ddf1b9c045ea5910686f23e66a1e1f5c3c6858ff665dc08f2557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SONAR_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SONAR_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32844, "scanner": "repobility-supply-chain", "fingerprint": "b8ccd8dce96562da60750c5033a9aafa48bd10245ab870078a6e0baf8ca4bb28", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8ccd8dce96562da60750c5033a9aafa48bd10245ab870078a6e0baf8ca4bb28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 622}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SONAR_HOST_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SONAR_HOST_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32843, "scanner": "repobility-supply-chain", "fingerprint": "42266dcad463b4e1fc466ce23325f170bb818338b289b1806cc0a6a6d50b58b5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42266dcad463b4e1fc466ce23325f170bb818338b289b1806cc0a6a6d50b58b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 614}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SONAR_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SONAR_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32842, "scanner": "repobility-supply-chain", "fingerprint": "8663c042c10684aa06c96f74c14f65662c91043dc3cb76fc0f75a955d258ed59", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8663c042c10684aa06c96f74c14f65662c91043dc3cb76fc0f75a955d258ed59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 613}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.TRUNK_API_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.TRUNK_API_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32841, "scanner": "repobility-supply-chain", "fingerprint": "e6dcaa7ef4bab53e90ddc65e9c674e6d8710ec611dd9805b764ce1c2e46cb18d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6dcaa7ef4bab53e90ddc65e9c674e6d8710ec611dd9805b764ce1c2e46cb18d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 335}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.TRUNK_API_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.TRUNK_API_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32840, "scanner": "repobility-supply-chain", "fingerprint": "ded26253800eab6f281de2c28998d44149d1d029444c619415fab3a3aadd1e4d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ded26253800eab6f281de2c28998d44149d1d029444c619415fab3a3aadd1e4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.PR_REVIEW_ANTHROPIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.PR_REVIEW_ANTHROPIC_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32839, "scanner": "repobility-supply-chain", "fingerprint": "f0056d23c3511c72c6e948610b0af88adce2ee735c780eba2f4500aca746adda", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0056d23c3511c72c6e948610b0af88adce2ee735c780eba2f4500aca746adda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-reviewer.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CHECK_OWNERSHIP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CHECK_OWNERSHIP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 32822, "scanner": "repobility-supply-chain", "fingerprint": "981cccfdfbefb9aec9f79e40c31dee855c74a918faa85699093614ca48c0fbf8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|981cccfdfbefb9aec9f79e40c31dee855c74a918faa85699093614ca48c0fbf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/changeFreeze.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 32743, "scanner": "repobility-threat-engine", "fingerprint": "c48152486b3a3031e77ef6a0e10571e6a49ff65927b3db45424b83c2e667b16d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(packageModulePath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c48152486b3a3031e77ef6a0e10571e6a49ff65927b3db45424b83c2e667b16d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/core/src/loaders/plugins/get-enabled-plugins.ts"}, "region": {"startLine": 100}}}]}]}]}