{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/blobs."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-79cf-xcqc-c78w", "name": "webpack-dev-server: GHSA-79cf-xcqc-c78w", "shortDescription": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "fullDescription": {"text": "webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q6x5-8v7m-xcrf", "name": "protobufjs: GHSA-q6x5-8v7m-xcrf", "shortDescription": {"text": "protobufjs: GHSA-q6x5-8v7m-xcrf"}, "fullDescription": {"text": "protobufjs has overlong UTF-8 decoding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jggg-4jg4-v7c6", "name": "protobufjs: GHSA-jggg-4jg4-v7c6", "shortDescription": {"text": "protobufjs: GHSA-jggg-4jg4-v7c6"}, "fullDescription": {"text": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fx83-v9x8-x52w", "name": "protobufjs: GHSA-fx83-v9x8-x52w", "shortDescription": {"text": "protobufjs: GHSA-fx83-v9x8-x52w"}, "fullDescription": {"text": "protobuf.js: Prototype injection in generated message constructors"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2pr8-phx7-x9h3", "name": "protobufjs: GHSA-2pr8-phx7-x9h3", "shortDescription": {"text": "protobufjs: GHSA-2pr8-phx7-x9h3"}, "fullDescription": {"text": "protobuf.js: Denial of service from crafted field names in generated code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mwcw-c2x4-8c55", "name": "nanoid: GHSA-mwcw-c2x4-8c55", "shortDescription": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "fullDescription": {"text": "Predictable results in nanoid generation when given non-integer values"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r4q5-vmmm-2653", "name": "follow-redirects: GHSA-r4q5-vmmm-2653", "shortDescription": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "fullDescription": {"text": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v9jr-rg53-9pgp", "name": "dompurify: GHSA-v9jr-rg53-9pgp", "shortDescription": {"text": "dompurify: GHSA-v9jr-rg53-9pgp"}, "fullDescription": {"text": "DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-7wpq-c8vv", "name": "dompurify: GHSA-v2wj-7wpq-c8vv", "shortDescription": {"text": "dompurify: GHSA-v2wj-7wpq-c8vv"}, "fullDescription": {"text": "DOMPurify contains a Cross-site Scripting vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h8r8-wccr-v5f2", "name": "dompurify: GHSA-h8r8-wccr-v5f2", "shortDescription": {"text": "dompurify: GHSA-h8r8-wccr-v5f2"}, "fullDescription": {"text": "DOMPurify is vulnerable to mutation-XSS via Re-Contextualization "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h7mw-gpvr-xq4m", "name": "dompurify: GHSA-h7mw-gpvr-xq4m", "shortDescription": {"text": "dompurify: GHSA-h7mw-gpvr-xq4m"}, "fullDescription": {"text": "DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-crv5-9vww-q3g8", "name": "dompurify: GHSA-crv5-9vww-q3g8", "shortDescription": {"text": "dompurify: GHSA-crv5-9vww-q3g8"}, "fullDescription": {"text": "DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cjmm-f4jc-qw8r", "name": "dompurify: GHSA-cjmm-f4jc-qw8r", "shortDescription": {"text": "dompurify: GHSA-cjmm-f4jc-qw8r"}, "fullDescription": {"text": "DOMPurify ADD_ATTR predicate skips URI validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cj63-jhhr-wcxv", "name": "dompurify: GHSA-cj63-jhhr-wcxv", "shortDescription": {"text": "dompurify: GHSA-cj63-jhhr-wcxv"}, "fullDescription": {"text": "DOMPurify USE_PROFILES prototype pollution allows event handlers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-39q2-94rc-95cp", "name": "dompurify: GHSA-39q2-94rc-95cp", "shortDescription": {"text": "dompurify: GHSA-39q2-94rc-95cp"}, "fullDescription": {"text": "DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gc5v-m9x4-r6x2", "name": "requests: GHSA-gc5v-m9x4-r6x2", "shortDescription": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "fullDescription": {"text": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wx4-h78v-vm56", "name": "requests: GHSA-9wx4-h78v-vm56", "shortDescription": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "fullDescription": {"text": "Requests `Session` object does not verify requests after making first request with verify=False"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9hjg-9r4m-mvj7", "name": "requests: GHSA-9hjg-9r4m-mvj7", "shortDescription": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "fullDescription": {"text": "Requests vulnerable to .netrc credentials leak via malicious URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `node-exporter` image uses the latest tag", "shortDescription": {"text": "Compose service `node-exporter` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@types/k6` is 2 major version(s) behind (~0.48.0 -> 2.0.0)", "shortDescription": {"text": "npm package `@types/k6` is 2 major version(s) behind (~0.48.0 -> 2.0.0)"}, "fullDescription": {"text": "`@types/k6` is pinned/resolved at ~0.48.0 but the latest stable release on the npm registry is 2.0.0 (2 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-866g-f22w-33x8", "name": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8", "shortDescription": {"text": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8"}, "fullDescription": {"text": "@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9c48-w39g-hm26", "name": "rsa: GHSA-9c48-w39g-hm26", "shortDescription": {"text": "rsa: GHSA-9c48-w39g-hm26"}, "fullDescription": {"text": "rsa crate has potential panic on a prime being equal to 1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ff9q-rm55-q7qr", "name": "diesel-async: GHSA-ff9q-rm55-q7qr", "shortDescription": {"text": "diesel-async: GHSA-ff9q-rm55-q7qr"}, "fullDescription": {"text": "diesel-async may expose uninitialized padding bytes for MySQL temporal columns"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 4 more): Same pattern found in 4 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3h5v-q93c-6h6q", "name": "ws: GHSA-3h5v-q93c-6h6q", "shortDescription": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "fullDescription": {"text": "ws affected by a DoS when handling a request with many HTTP headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jvwf-75h9-cwgg", "name": "protobufjs: GHSA-jvwf-75h9-cwgg", "shortDescription": {"text": "protobufjs: GHSA-jvwf-75h9-cwgg"}, "fullDescription": {"text": "protobuf.js: Process-wide denial of service through unsafe option paths"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-75px-5xx7-5xc7", "name": "protobufjs: GHSA-75px-5xx7-5xc7", "shortDescription": {"text": "protobufjs: GHSA-75px-5xx7-5xc7"}, "fullDescription": {"text": "protobuf.js: Code generation gadget after prototype pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-685m-2w69-288q", "name": "protobufjs: GHSA-685m-2w69-288q", "shortDescription": {"text": "protobufjs: GHSA-685m-2w69-288q"}, "fullDescription": {"text": "protobuf.js: Denial of service through unbounded protobuf recursion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-66ff-xgx4-vchm", "name": "protobufjs: GHSA-66ff-xgx4-vchm", "shortDescription": {"text": "protobufjs: GHSA-66ff-xgx4-vchm"}, "fullDescription": {"text": "protobuf.js: Code injection through bytes field defaults in generated toObject code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37ch-88jc-xwx2", "name": "path-to-regexp: GHSA-37ch-88jc-xwx2", "shortDescription": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-74", "name": "requests: PYSEC-2023-74", "shortDescription": {"text": "requests: PYSEC-2023-74"}, "fullDescription": {"text": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0320", "name": "yaml-rust: RUSTSEC-2024-0320", "shortDescription": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "fullDescription": {"text": "yaml-rust is unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0104", "name": "rustls-webpki: RUSTSEC-2026-0104", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "fullDescription": {"text": "Reachable panic in certificate revocation list parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0099", "name": "rustls-webpki: RUSTSEC-2026-0099", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "fullDescription": {"text": "Name constraints were accepted for certificates asserting a wildcard name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0098", "name": "rustls-webpki: RUSTSEC-2026-0098", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "fullDescription": {"text": "Name constraints for URI names were incorrectly accepted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0134", "name": "rustls-pemfile: RUSTSEC-2025-0134", "shortDescription": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "fullDescription": {"text": "rustls-pemfile is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0071", "name": "rsa: RUSTSEC-2023-0071", "shortDescription": {"text": "rsa: RUSTSEC-2023-0071"}, "fullDescription": {"text": "Marvin Attack: potential key recovery through timing sidechannels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0370", "name": "proc-macro-error: RUSTSEC-2024-0370", "shortDescription": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "fullDescription": {"text": "proc-macro-error is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0002", "name": "lru: RUSTSEC-2026-0002", "shortDescription": {"text": "lru: RUSTSEC-2026-0002"}, "fullDescription": {"text": "`IterMut` violates Stacked Borrows by invalidating internal pointer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0384", "name": "instant: RUSTSEC-2024-0384", "shortDescription": {"text": "instant: RUSTSEC-2024-0384"}, "fullDescription": {"text": "`instant` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0057", "name": "fxhash: RUSTSEC-2025-0057", "shortDescription": {"text": "fxhash: RUSTSEC-2025-0057"}, "fullDescription": {"text": "fxhash - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0138", "name": "diesel-async: RUSTSEC-2026-0138", "shortDescription": {"text": "diesel-async: RUSTSEC-2026-0138"}, "fullDescription": {"text": "Unsound access to padding bytes while serializing date/time values using the Mysql backend"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0172", "name": "diesel: RUSTSEC-2026-0172", "shortDescription": {"text": "diesel: RUSTSEC-2026-0172"}, "fullDescription": {"text": "Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0137", "name": "diesel: RUSTSEC-2026-0137", "shortDescription": {"text": "diesel: RUSTSEC-2026-0137"}, "fullDescription": {"text": "Possible unaligned data access for implementations of `SqliteAggregate`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0136", "name": "diesel: RUSTSEC-2026-0136", "shortDescription": {"text": "diesel: RUSTSEC-2026-0136"}, "fullDescription": {"text": "Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0135", "name": "diesel: RUSTSEC-2026-0135", "shortDescription": {"text": "diesel: RUSTSEC-2026-0135"}, "fullDescription": {"text": "Unsound transmute while debug/display printing batch Insert statements in Diesel's SQLite backend"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0134", "name": "diesel: RUSTSEC-2026-0134", "shortDescription": {"text": "diesel: RUSTSEC-2026-0134"}, "fullDescription": {"text": "Unsound access to padding bytes while serializing date/time values using the Mysql backend"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0111", "name": "diesel: RUSTSEC-2026-0111", "shortDescription": {"text": "diesel: RUSTSEC-2026-0111"}, "fullDescription": {"text": "Possible UTF-8 corruption in Diesels SQLite backend"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0388", "name": "derivative: RUSTSEC-2024-0388", "shortDescription": {"text": "derivative: RUSTSEC-2024-0388"}, "fullDescription": {"text": "`derivative` is unmaintained; consider using an alternative"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0012", "name": "backoff: RUSTSEC-2025-0012", "shortDescription": {"text": "backoff: RUSTSEC-2025-0012"}, "fullDescription": {"text": "`backoff` is unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC009", "name": "Compose service bind-mounts a sensitive host path", "shortDescription": {"text": "Compose service bind-mounts a sensitive host path"}, "fullDescription": {"text": "Mounting broad host paths exposes host files to the container and can turn app compromise into host compromise."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `postgres:16` unpinned", "shortDescription": {"text": "Workflow container/services image `postgres:16` unpinned"}, "fullDescription": {"text": "`container/services image: postgres:16` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/github-script` pinned to mutable ref `@v8`", "shortDescription": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "fullDescription": {"text": "`uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "package.json dep `k6-jslib-utils` pulled from URL/Git", "shortDescription": {"text": "package.json dep `k6-jslib-utils` pulled from URL/Git"}, "fullDescription": {"text": "`dependencies.k6-jslib-utils` = `github:grafana/k6-jslib-utils` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "fullDescription": {"text": "`FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/EmbarkStudios/cargo-deny` pinned to mutable rev `0.19.0`", "shortDescription": {"text": "pre-commit hook `https://github.com/EmbarkStudios/cargo-deny` pinned to mutable rev `0.19.0`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/EmbarkStudios/cargo-deny` at `rev: 0.19.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.assertFalse` used but never assigned in __init__", "shortDescription": {"text": "`self.assertFalse` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_pr_without_release_notes_section` of class `TestPrHasReleaseNotes` reads `self.assertFalse`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-xq3m-2v4x-88gg", "name": "protobufjs: GHSA-xq3m-2v4x-88gg", "shortDescription": {"text": "protobufjs: GHSA-xq3m-2v4x-88gg"}, "fullDescription": {"text": "Arbitrary code execution in protobufjs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g38r-8gmr-ghrf", "name": "mysten-metrics: GHSA-g38r-8gmr-ghrf", "shortDescription": {"text": "mysten-metrics: GHSA-g38r-8gmr-ghrf"}, "fullDescription": {"text": "`mysten-metrics` was removed from crates.io for malicious code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1410"}, "properties": {"repository": "MystenLabs/walrus", "repoUrl": "https://github.com/MystenLabs/walrus", "branch": "main"}, "results": [{"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/blobs."}, "properties": {"repobilityId": 144849, "scanner": "repobility-access-control", "fingerprint": "c71ce344cfdb7bd7aa41c5f4761fa7289ed3b18a93dab9f56586d964f5135f33", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/blobs", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|961|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/client/daemon/auth.rs"}, "region": {"startLine": 961}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/blobs."}, "properties": {"repobilityId": 144848, "scanner": "repobility-access-control", "fingerprint": "ae0494637d0ff196ab36e49f2e92da6960d5c1d1b9de8653460628246e3898c0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/blobs", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|472|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/client/daemon/auth.rs"}, "region": {"startLine": 472}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 144847, "scanner": "repobility-access-control", "fingerprint": "428bba7e78ca5dadacd769b0ae359888a4bbbdef443ba24eb50394e8f889518f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 3, "correlation_key": "fp|428bba7e78ca5dadacd769b0ae359888a4bbbdef443ba24eb50394e8f889518f", "auth_visible_percent": 33.3}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 144846, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Axum"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 144844, "scanner": "osv-scanner", "fingerprint": "84d1eb4c20cb827c7b81fdeb135283964f439ba00c17440e635d5ea32f01a0a4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cache-inference/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 144843, "scanner": "osv-scanner", "fingerprint": "cdd9057958b3746207601ed7e80b0656837fbc03b5afe2bb9a219079f2962327", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cache-inference/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 144842, "scanner": "osv-scanner", "fingerprint": "c580acbd67e9ef0ed5db2ebdfe385d51221087bd44cf9054e9dce513b968301d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 144841, "scanner": "osv-scanner", "fingerprint": "fffa7c8c489d62edebda1a6eda48f9302175dc76544d21fb6c88b312d5228925", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 144839, "scanner": "osv-scanner", "fingerprint": "23e794f6d29c15f8f9877bcbbf79b5cc0f9f63dcb365581ce8324577a34dffcf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 144838, "scanner": "osv-scanner", "fingerprint": "1e7c4a23a483e30989fa1db6263417c103908934a08bdc71c5a5dce73a2c3222", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 144835, "scanner": "osv-scanner", "fingerprint": "131092cfb3dbd5e461d03e19e46f56dcdafd9183165f96677d1c26688a974972", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 144833, "scanner": "osv-scanner", "fingerprint": "b89044fbe76a6b8d4f6665201e74ebc80cecb69c5532d02ede39adbc01601c9d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "protobufjs: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 144831, "scanner": "osv-scanner", "fingerprint": "0389ca41327de1a4be4fef2d8445b61a18037d244e1e6ca47e94b3b2112e9cf8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "protobufjs", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44288|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jggg-4jg4-v7c6", "level": "warning", "message": {"text": "protobufjs: GHSA-jggg-4jg4-v7c6"}, "properties": {"repobilityId": 144829, "scanner": "osv-scanner", "fingerprint": "0314d07e92eb4723810990a21934b818b12cc424d43d9c5207d71ce61c3727ee", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45740"], "package": "protobufjs", "rule_id": "GHSA-jggg-4jg4-v7c6", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-45740|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fx83-v9x8-x52w", "level": "warning", "message": {"text": "protobufjs: GHSA-fx83-v9x8-x52w"}, "properties": {"repobilityId": 144828, "scanner": "osv-scanner", "fingerprint": "9d0a2e5826465299d24decb58d68d39b69f30e5712d78d0db447c9a0c861b552", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44292"], "package": "protobufjs", "rule_id": "GHSA-fx83-v9x8-x52w", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44292|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2pr8-phx7-x9h3", "level": "warning", "message": {"text": "protobufjs: GHSA-2pr8-phx7-x9h3"}, "properties": {"repobilityId": 144824, "scanner": "osv-scanner", "fingerprint": "478b02eff6b7388cbdf0e80db5a59ec8149d8b259e17c6837c68b1fe14396f25", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44294"], "package": "protobufjs", "rule_id": "GHSA-2pr8-phx7-x9h3", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44294|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 144823, "scanner": "osv-scanner", "fingerprint": "70024178bc34c5a412554ad2360a58c333e15fd7371d4961ad2ce29e61a4b6cc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 144821, "scanner": "osv-scanner", "fingerprint": "be1a4bd08b93e6c234e7d8f8100fce70a3bfd49bdd872381effe3cb3947fe66f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 144819, "scanner": "osv-scanner", "fingerprint": "c0cd1a1f72238fdf30f934db46f7a8874a03b420ace045e3376f6c4248e1460d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 144814, "scanner": "osv-scanner", "fingerprint": "2008a8a5ef449ca64d566897fa8d2c327567600db9a33e1dd1804b144d5d7b1f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 144813, "scanner": "osv-scanner", "fingerprint": "6dbb01986f0f31736af490b30b6a9b2b589d622378d7b214e2c1fe8519c88831", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9jr-rg53-9pgp", "level": "warning", "message": {"text": "dompurify: GHSA-v9jr-rg53-9pgp"}, "properties": {"repobilityId": 144810, "scanner": "osv-scanner", "fingerprint": "1370191caac7d29c6d2dd26e8f7ac2856728590a7fc6efd0497ede16baf5409b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41238"], "package": "dompurify", "rule_id": "GHSA-v9jr-rg53-9pgp", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41238|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-7wpq-c8vv", "level": "warning", "message": {"text": "dompurify: GHSA-v2wj-7wpq-c8vv"}, "properties": {"repobilityId": 144809, "scanner": "osv-scanner", "fingerprint": "d25a28dbaa66254bcc0530a07c68265009e847c8b71f456a01e7b912169f2f77", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-0540"], "package": "dompurify", "rule_id": "GHSA-v2wj-7wpq-c8vv", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-0540|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h8r8-wccr-v5f2", "level": "warning", "message": {"text": "dompurify: GHSA-h8r8-wccr-v5f2"}, "properties": {"repobilityId": 144808, "scanner": "osv-scanner", "fingerprint": "5f1aa0364040ef57b8d44793c48e0ef7d65be3c261e644992276f8e61d34a83c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-h8r8-wccr-v5f2", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-H8R8-WCCR-V5F2|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h7mw-gpvr-xq4m", "level": "warning", "message": {"text": "dompurify: GHSA-h7mw-gpvr-xq4m"}, "properties": {"repobilityId": 144807, "scanner": "osv-scanner", "fingerprint": "5f61e9e62f070e8ca2c67ca229be2fa92ba132f7b2e8346f217976a655c7eedd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41240"], "package": "dompurify", "rule_id": "GHSA-h7mw-gpvr-xq4m", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41240|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-crv5-9vww-q3g8", "level": "warning", "message": {"text": "dompurify: GHSA-crv5-9vww-q3g8"}, "properties": {"repobilityId": 144806, "scanner": "osv-scanner", "fingerprint": "1a0fc8fecc63758fd57cafea4a97f901ebafac92cfe3f075f38d4af9999e9dde", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41239"], "package": "dompurify", "rule_id": "GHSA-crv5-9vww-q3g8", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|CVE-2026-41239|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cjmm-f4jc-qw8r", "level": "warning", "message": {"text": "dompurify: GHSA-cjmm-f4jc-qw8r"}, "properties": {"repobilityId": 144805, "scanner": "osv-scanner", "fingerprint": "87766dc7d7bf3af489c4be2c0b2b3cf22d90a367a9c88f3c23fd5f101b604d5e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-cjmm-f4jc-qw8r", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-CJMM-F4JC-QW8R|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cj63-jhhr-wcxv", "level": "warning", "message": {"text": "dompurify: GHSA-cj63-jhhr-wcxv"}, "properties": {"repobilityId": 144804, "scanner": "osv-scanner", "fingerprint": "95524659a58e39c43313fe4f53e21c915acde3a1cd1308070ce3dcda50f8876e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-cj63-jhhr-wcxv", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-CJ63-JHHR-WCXV|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-39q2-94rc-95cp", "level": "warning", "message": {"text": "dompurify: GHSA-39q2-94rc-95cp"}, "properties": {"repobilityId": 144803, "scanner": "osv-scanner", "fingerprint": "1deaf18df066c9376e6a75b0c49059a67a416779ad9d2b809042e06b483a29c0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dompurify", "rule_id": "GHSA-39q2-94rc-95cp", "scanner": "osv-scanner", "correlation_key": "vuln|dompurify|GHSA-39Q2-94RC-95CP|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 144802, "scanner": "osv-scanner", "fingerprint": "f920a3f7897d75f89af4bd54076ca2538d703a81de88cc99917954ed7c799a37", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "@protobufjs/utf8: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 144801, "scanner": "osv-scanner", "fingerprint": "6f7d471cac03faf8111c676d1b5050f3d354b2626dbe5714b546fc6365306185", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "@protobufjs/utf8", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs/utf8|CVE-2026-44288|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gc5v-m9x4-r6x2", "level": "warning", "message": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "properties": {"repobilityId": 144798, "scanner": "osv-scanner", "fingerprint": "ab44e7b2b2b2c44a1205c22bd15094be9d9c762498df72fd10c4aca81ab0c59e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25645"], "package": "requests", "rule_id": "GHSA-gc5v-m9x4-r6x2", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2026-25645|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wx4-h78v-vm56", "level": "warning", "message": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "properties": {"repobilityId": 144797, "scanner": "osv-scanner", "fingerprint": "73f271c8d2e3a0583fcf27b9ee7da33211b2c77374e8da663b62d39490a7cc81", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-35195"], "package": "requests", "rule_id": "GHSA-9wx4-h78v-vm56", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-35195|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9hjg-9r4m-mvj7", "level": "warning", "message": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "properties": {"repobilityId": 144796, "scanner": "osv-scanner", "fingerprint": "bfb2e1accac43dade09fc0912956536db8c20282edb83a4491bfdb61803264c5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47081"], "package": "requests", "rule_id": "GHSA-9hjg-9r4m-mvj7", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-47081|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `node-exporter` image uses the latest tag"}, "properties": {"repobilityId": 144751, "scanner": "repobility-docker", "fingerprint": "5ebb590792940b47ef7fab2dd32779cf55ac41d75677fdbf153b2544a836ad56", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/node-exporter:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5ebb590792940b47ef7fab2dd32779cf55ac41d75677fdbf153b2544a836ad56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 144746, "scanner": "repobility-docker", "fingerprint": "fffc4b3cf81a735f6b8eff46f6af0728cf9af6d2279b72820e93913f507402ed", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fffc4b3cf81a735f6b8eff46f6af0728cf9af6d2279b72820e93913f507402ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `tempo` image uses the latest tag"}, "properties": {"repobilityId": 144743, "scanner": "repobility-docker", "fingerprint": "116c8eeb1de600b1c6bfe78cb0f3ffe4b1c4312a28cad8f477f5ea2c0ca39bef", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/tempo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|116c8eeb1de600b1c6bfe78cb0f3ffe4b1c4312a28cad8f477f5ea2c0ca39bef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144742, "scanner": "repobility-docker", "fingerprint": "36a8b07d5920ede558f184e0a0672bc7abcc7cd3801785c9b08adece40a7787f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|36a8b07d5920ede558f184e0a0672bc7abcc7cd3801785c9b08adece40a7787f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-upload-relay/Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144739, "scanner": "repobility-docker", "fingerprint": "ec2ec74a90bb215b45bd52f027900f6d41c6b7586f31d55ee9f281255d0b6a31", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ec2ec74a90bb215b45bd52f027900f6d41c6b7586f31d55ee9f281255d0b6a31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-stress/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144736, "scanner": "repobility-docker", "fingerprint": "a5f18c862a0a13602760ef862dc8e40233f04695a677b3c08b738f3e38470155", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a5f18c862a0a13602760ef862dc8e40233f04695a677b3c08b738f3e38470155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile.walrus-backup"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144733, "scanner": "repobility-docker", "fingerprint": "9408b9ccae39a82db35775d9e0de7ae11ec8d3e991a15fc92067978e32fc6cbc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9408b9ccae39a82db35775d9e0de7ae11ec8d3e991a15fc92067978e32fc6cbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 74}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 144724, "scanner": "repobility-docker", "fingerprint": "6a43ab5f083d16039c8214b33d82a5a3c766071548dadc4d7a8e1cd1370b70ec", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "gcr.io/distroless/cc-debian12", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6a43ab5f083d16039c8214b33d82a5a3c766071548dadc4d7a8e1cd1370b70ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-proxy/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144723, "scanner": "repobility-docker", "fingerprint": "9b4f48cfa06e2bbadde8fa63a27621545ff859266a3609ae6c42600f5dcc69bf", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9b4f48cfa06e2bbadde8fa63a27621545ff859266a3609ae6c42600f5dcc69bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-orchestrator/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 144720, "scanner": "repobility-docker", "fingerprint": "206949552a67ce6b77c1196a20753cc57fcce51010813cc72039f15ee35693d7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|206949552a67ce6b77c1196a20753cc57fcce51010813cc72039f15ee35693d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-walrus-image-for-antithesis/Dockerfile"}, "region": {"startLine": 80}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 144717, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 144715, "scanner": "repobility-docker", "fingerprint": "45469df17f2ab31c5a9467f6bd1b4e8981ff65f437ff2eb0b78c2f89bab21b83", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|45469df17f2ab31c5a9467f6bd1b4e8981ff65f437ff2eb0b78c2f89bab21b83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 144705, "scanner": "repobility-threat-engine", "fingerprint": "6ca385b224f6e92e8a56eb5f2eb715c777960241766264f3ce4d6c8bddc6d65c", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(command, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|36|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/simtest/seed-search.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144698, "scanner": "repobility-threat-engine", "fingerprint": "83feb83d4d7b25b99cd949ab2c8b4897fd54e62e1c9e7cb0f51427406b90b164", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|86|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/js/check-links.mjs"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144697, "scanner": "repobility-threat-engine", "fingerprint": "0b78c70c2c0c65f6956812ae3a5c9dac2a5348fc7e0af3e784821461ce4bd6e9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|131|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/RelatedLink/index.tsx"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144696, "scanner": "repobility-threat-engine", "fingerprint": "2bb92ac165ccd01b492920d7dbd172db327c777b317066f3e6cdbebb26d890b2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|31|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/generate-import-context.js"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 144692, "scanner": "repobility-threat-engine", "fingerprint": "6a6bfb8aa71a94e75295b3edd7030ac9927e3a8c2d2bafe8080b5d9be916e059", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|56|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-yaml-files.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 144680, "scanner": "repobility-threat-engine", "fingerprint": "ac1c05d4ad28129b082f9229330723bdefb94f731c77a3f66724fabf89b0edaa", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(url, \"_blank\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|21|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/Cards/index.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 144679, "scanner": "repobility-threat-engine", "fingerprint": "6c7f5e85a5a5682b8134b4e3d3a5c51d623cb8a96af1ebd79c703b93da951cf1", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://github.com/MystenLabs/sui/issues/new/choose\" ` +\n            `target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|24|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/Search/CustomHitsContent.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 144670, "scanner": "repobility-threat-engine", "fingerprint": "448d9a60d94be020e44b09c4328a077196fbe165a967c7e6a16cb4772fa107fa", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|448d9a60d94be020e44b09c4328a077196fbe165a967c7e6a16cb4772fa107fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/middleware.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 144638, "scanner": "repobility-agent-runtime", "fingerprint": "c03df52b645c5358958b29c91d171d20bfd48581e6280d5d59a78f881bba2a52", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c03df52b645c5358958b29c91d171d20bfd48581e6280d5d59a78f881bba2a52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/walrus-client/walrus-cli.mdx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 144637, "scanner": "repobility-agent-runtime", "fingerprint": "011be7a553688cf17503f498ff30a08428b0b92a5b74fdf085af9fcf80dadd1a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|011be7a553688cf17503f498ff30a08428b0b92a5b74fdf085af9fcf80dadd1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/sites/portals/deploy-locally.mdx"}, "region": {"startLine": 163}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 144636, "scanner": "repobility-agent-runtime", "fingerprint": "f71fb429108279ef7acec326d58dfee077bbf3efd58f0bdfed8a9654cdaeb4c2", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f71fb429108279ef7acec326d58dfee077bbf3efd58f0bdfed8a9654cdaeb4c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/getting-started/index.mdx"}, "region": {"startLine": 55}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 144635, "scanner": "repobility-agent-runtime", "fingerprint": "1bd7045d366db4922f62d060cd4adc6546592c6ad0811ecd411a75da25e98985", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1bd7045d366db4922f62d060cd4adc6546592c6ad0811ecd411a75da25e98985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/content/getting-started/advanced-setup.mdx"}, "region": {"startLine": 38}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 144634, "scanner": "repobility-agent-runtime", "fingerprint": "dc11822e1ae7e6b6660595136477172f498ad030ae627ef5f13b26a3de6c1bce", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|dc11822e1ae7e6b6660595136477172f498ad030ae627ef5f13b26a3de6c1bce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 144633, "scanner": "repobility-agent-runtime", "fingerprint": "495714fddd87112f26ceeef85bb86f4c056369bd9ff1dce7a8ef0f516abc1c1d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|495714fddd87112f26ceeef85bb86f4c056369bd9ff1dce7a8ef0f516abc1c1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gen-sui-upgrade-version-pr.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/k6` is 2 major version(s) behind (~0.48.0 -> 2.0.0)"}, "properties": {"repobilityId": 144632, "scanner": "repobility-dependency-currency", "fingerprint": "2b6465b2d91257830cf0b9366013aca2093d05a073b19532f0f5d345f543c6ee", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/k6", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.0.0", "correlation_key": "fp|2b6465b2d91257830cf0b9366013aca2093d05a073b19532f0f5d345f543c6ee", "current_version": "~0.48.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/k6/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@eslint/js` is 1 major version(s) behind (9.32.0 -> 10.0.1)"}, "properties": {"repobilityId": 144630, "scanner": "repobility-dependency-currency", "fingerprint": "e4bc640a917cad985dbe4ee565565ef085b78283980bb9b67e9554b1b1075e32", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@eslint/js", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.0.1", "correlation_key": "fp|e4bc640a917cad985dbe4ee565565ef085b78283980bb9b67e9554b1b1075e32", "current_version": "9.32.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cache-inference/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144579, "scanner": "repobility-ast-engine", "fingerprint": "69cca288b26ff324869b89911c6ee4fcf530991af95ddca2e20bacd920dca380", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69cca288b26ff324869b89911c6ee4fcf530991af95ddca2e20bacd920dca380"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 144578, "scanner": "repobility-ast-engine", "fingerprint": "01aaba38cc4703315a62639f4286f9d804574f5621450b316a221caba3eddf4c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01aaba38cc4703315a62639f4286f9d804574f5621450b316a221caba3eddf4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 144850, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Axum"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 144836, "scanner": "osv-scanner", "fingerprint": "c697dcc9cc20a23123879908fd222189410c882b2ff145d3b6a6609486498a66", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-866g-f22w-33x8", "level": "note", "message": {"text": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8"}, "properties": {"repobilityId": 144799, "scanner": "osv-scanner", "fingerprint": "6efaa9863d70445a3a8569ed94a90a860f77050ea98314378dca330035d8e406", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8769"], "package": "@ai-sdk/provider-utils", "rule_id": "GHSA-866g-f22w-33x8", "scanner": "osv-scanner", "correlation_key": "vuln|ai-sdk/provider-utils|CVE-2026-8769|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c48-w39g-hm26", "level": "note", "message": {"text": "rsa: GHSA-9c48-w39g-hm26"}, "properties": {"repobilityId": 144789, "scanner": "osv-scanner", "fingerprint": "32721c15a31d95160522b469e70c2b90d0875223098f81acdd7e8f03d5bce2dc", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-21895"], "package": "rsa", "rule_id": "GHSA-9c48-w39g-hm26", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2026-21895|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ff9q-rm55-q7qr", "level": "note", "message": {"text": "diesel-async: GHSA-ff9q-rm55-q7qr"}, "properties": {"repobilityId": 144780, "scanner": "osv-scanner", "fingerprint": "ca4a24c63148c9d454fd58279d7d9709b390bc811f80ffffacc7b46438cc825d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "diesel-async", "rule_id": "GHSA-ff9q-rm55-q7qr", "scanner": "osv-scanner", "correlation_key": "vuln|diesel-async|GHSA-FF9Q-RM55-Q7QR|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 144754, "scanner": "repobility-docker", "fingerprint": "b7dbfaf594700d355b86120129905e7d4e4c63891383d9ad2f191d981ff51966", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "node-exporter", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b7dbfaf594700d355b86120129905e7d4e4c63891383d9ad2f191d981ff51966"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 144752, "scanner": "repobility-docker", "fingerprint": "6dc49afdad74a01d0acd3ffb4aaf8e82ab832c72fc7001cc77c5a042f49115ed", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "node-exporter", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6dc49afdad74a01d0acd3ffb4aaf8e82ab832c72fc7001cc77c5a042f49115ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 144750, "scanner": "repobility-docker", "fingerprint": "22e67eb8cfcc8b46df7a036647e640e58305889f6afa64ff4dec2c6e149aebec", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|22e67eb8cfcc8b46df7a036647e640e58305889f6afa64ff4dec2c6e149aebec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 144749, "scanner": "repobility-docker", "fingerprint": "62b3aaa2ffaa98151de13b8d984a6c397e25a01c1adf665d5fc79aacb714a38e", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|62b3aaa2ffaa98151de13b8d984a6c397e25a01c1adf665d5fc79aacb714a38e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 144748, "scanner": "repobility-docker", "fingerprint": "259d302fb8afa959fcf30765f791557ee09ebdb58a60957e5624f8ca9fa7764a", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|259d302fb8afa959fcf30765f791557ee09ebdb58a60957e5624f8ca9fa7764a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 144747, "scanner": "repobility-docker", "fingerprint": "8787614f680ce34a1a13e9e02874888204eac76f1d3a1137857829985975c21d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8787614f680ce34a1a13e9e02874888204eac76f1d3a1137857829985975c21d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 144745, "scanner": "repobility-docker", "fingerprint": "d241ec5ac45706f748a56cd2a17b830686935d4a24520571215dd8dc05e3ec73", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d241ec5ac45706f748a56cd2a17b830686935d4a24520571215dd8dc05e3ec73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 144744, "scanner": "repobility-docker", "fingerprint": "62b1f02592745fdb08b8b2c9c649ddfe3c70ec6ed400a8bfa1e9ddc997781069", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "tempo", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|62b1f02592745fdb08b8b2c9c649ddfe3c70ec6ed400a8bfa1e9ddc997781069"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144741, "scanner": "repobility-docker", "fingerprint": "8625c8e8f08f3b46298ceeba005d58843f27a0d838843bdeb8ae348070784e22", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8625c8e8f08f3b46298ceeba005d58843f27a0d838843bdeb8ae348070784e22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-upload-relay/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144740, "scanner": "repobility-docker", "fingerprint": "d6450401e65558a78f3c3e4e87e805ec5695e9e63ecb4e0209cbae7a8ca7809d", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d6450401e65558a78f3c3e4e87e805ec5695e9e63ecb4e0209cbae7a8ca7809d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-upload-relay/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144738, "scanner": "repobility-docker", "fingerprint": "4358c5bc5830caed2c324c2a0d28f86edf4f66b476c7b4a296b630e9ac85dd2b", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4358c5bc5830caed2c324c2a0d28f86edf4f66b476c7b4a296b630e9ac85dd2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-stress/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144737, "scanner": "repobility-docker", "fingerprint": "47f11332f54c96a9c372da8c300d3dc0deeceb8e2e64d4504cee30b581bc3e84", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|47f11332f54c96a9c372da8c300d3dc0deeceb8e2e64d4504cee30b581bc3e84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-stress/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144735, "scanner": "repobility-docker", "fingerprint": "24d28b9216b3bcbf737d2cc53c1872968b791ac17d69b96216c6740a3bacde70", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|24d28b9216b3bcbf737d2cc53c1872968b791ac17d69b96216c6740a3bacde70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile.walrus-backup"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144734, "scanner": "repobility-docker", "fingerprint": "d7fec65186daa48892c11270c49ef614d15e6c1a937db580b7fb8b5385115325", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d7fec65186daa48892c11270c49ef614d15e6c1a937db580b7fb8b5385115325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile.walrus-backup"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144732, "scanner": "repobility-docker", "fingerprint": "23f725da0967dc8f01ff53349af62dc1bf2575361d9a0e22630a777cdcdc7736", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|23f725da0967dc8f01ff53349af62dc1bf2575361d9a0e22630a777cdcdc7736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 75}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144731, "scanner": "repobility-docker", "fingerprint": "146bf245e576e70279b8972551fdcf608d8b84e40976673b89280c19bcd9b38d", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|146bf245e576e70279b8972551fdcf608d8b84e40976673b89280c19bcd9b38d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 75}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144730, "scanner": "repobility-docker", "fingerprint": "316ceefd3ffb5a6077f591c6e66427776d46fc48adf9f63aeda11c2f5aff3585", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|316ceefd3ffb5a6077f591c6e66427776d46fc48adf9f63aeda11c2f5aff3585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144729, "scanner": "repobility-docker", "fingerprint": "0daeea3511be932027b36af047e021bb8d40bbf6d674c1569e9c4671bd46a7bf", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0daeea3511be932027b36af047e021bb8d40bbf6d674c1569e9c4671bd46a7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144728, "scanner": "repobility-docker", "fingerprint": "82c04875d4fb865134f22bee5bd7baca67f6ea3f34daac5961bd6becc0ca8fa7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|82c04875d4fb865134f22bee5bd7baca67f6ea3f34daac5961bd6becc0ca8fa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144727, "scanner": "repobility-docker", "fingerprint": "fb44ec25e8c9749fef6ea8b69c4677b02edc1cdb23152cb58b2cd7bdf36d3885", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fb44ec25e8c9749fef6ea8b69c4677b02edc1cdb23152cb58b2cd7bdf36d3885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 49}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144726, "scanner": "repobility-docker", "fingerprint": "e66854e308b9f4b7e7e7f9b28529a2ffc91a98d6de0ffbbfe2ae101b5c21b239", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e66854e308b9f4b7e7e7f9b28529a2ffc91a98d6de0ffbbfe2ae101b5c21b239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144725, "scanner": "repobility-docker", "fingerprint": "71ae30c2c48fcf7306ace58a57c9372c21bbaf91a6ed09ebda1c8daab3f00041", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|71ae30c2c48fcf7306ace58a57c9372c21bbaf91a6ed09ebda1c8daab3f00041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144722, "scanner": "repobility-docker", "fingerprint": "66e9e11c1db96b5c5529f26a9428880b163abd8cb5026871a6f78ff9de1c5471", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|66e9e11c1db96b5c5529f26a9428880b163abd8cb5026871a6f78ff9de1c5471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-orchestrator/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144721, "scanner": "repobility-docker", "fingerprint": "00ffdb275c250f9143ecd63cc70ab9829e191646a2b3b2ebdd857ca20e814fa9", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|00ffdb275c250f9143ecd63cc70ab9829e191646a2b3b2ebdd857ca20e814fa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-orchestrator/Dockerfile"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144719, "scanner": "repobility-docker", "fingerprint": "5881f9906761f8f64d9db00052d7ea3cbeecad80d8a1d2d69a5bb2f80755c3a1", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5881f9906761f8f64d9db00052d7ea3cbeecad80d8a1d2d69a5bb2f80755c3a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-walrus-image-for-antithesis/Dockerfile"}, "region": {"startLine": 82}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 144718, "scanner": "repobility-docker", "fingerprint": "ee61baa32cb22f92cff105feae62f046b6dd6f7bb27b9b435a7d0d9be0a2120d", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ee61baa32cb22f92cff105feae62f046b6dd6f7bb27b9b435a7d0d9be0a2120d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-walrus-image-for-antithesis/Dockerfile"}, "region": {"startLine": 82}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 144716, "scanner": "repobility-docker", "fingerprint": "91ad63de42b97a2b8337889f22b4282eefb0e67225163663d91b5a089fce241e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|91ad63de42b97a2b8337889f22b4282eefb0e67225163663d91b5a089fce241e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=3, if=2, nested_bonus=3."}, "properties": {"repobilityId": 144713, "scanner": "repobility-threat-engine", "fingerprint": "915a778bbdee24b657d086047b4dc39930f060842353993e5f8a8bd881164481", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "except": 3, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|915a778bbdee24b657d086047b4dc39930f060842353993e5f8a8bd881164481"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `autoprefixer` is minor version(s) behind (^10.4.27 -> 10.5.0)"}, "properties": {"repobilityId": 144628, "scanner": "repobility-dependency-currency", "fingerprint": "e1c6a9d377a3e1575625814e14994c9a1aba41569227b2e014f015b972f54f05", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "autoprefixer", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.5.0", "correlation_key": "fp|e1c6a9d377a3e1575625814e14994c9a1aba41569227b2e014f015b972f54f05", "current_version": "^10.4.27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `react-instantsearch` is minor version(s) behind (^7.22.1 -> 7.35.0)"}, "properties": {"repobilityId": 144626, "scanner": "repobility-dependency-currency", "fingerprint": "19f2d02702d214dac6de8c58ffe029bc782d603338d1d4f0fc0facd566105d65", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "react-instantsearch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.35.0", "correlation_key": "fp|19f2d02702d214dac6de8c58ffe029bc782d603338d1d4f0fc0facd566105d65", "current_version": "^7.22.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `markdown-it` is minor version(s) behind (^14.1.1 -> 14.2.0)"}, "properties": {"repobilityId": 144625, "scanner": "repobility-dependency-currency", "fingerprint": "23a3c8611014a5307f480dbdaea74c36423f15db2a1c40cf1d7edd3212fa104c", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "markdown-it", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.2.0", "correlation_key": "fp|23a3c8611014a5307f480dbdaea74c36423f15db2a1c40cf1d7edd3212fa104c", "current_version": "^14.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `js-yaml` is minor version(s) behind (4.1.1 -> 4.2.0)"}, "properties": {"repobilityId": 144624, "scanner": "repobility-dependency-currency", "fingerprint": "b6f45470822a745d4b9a49d58e6abf653326945b3cc4cfd696829f8e52c6d22c", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "js-yaml", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.2.0", "correlation_key": "fp|b6f45470822a745d4b9a49d58e6abf653326945b3cc4cfd696829f8e52c6d22c", "current_version": "4.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `docusaurus-plugin-copy-page-button` is minor version(s) behind (^0.3.5 -> 0.8.1)"}, "properties": {"repobilityId": 144623, "scanner": "repobility-dependency-currency", "fingerprint": "aaf62cce10bee43a901d8d53a29e8f183e34e2181e263073d3bd4bcd65736894", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "docusaurus-plugin-copy-page-button", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.8.1", "correlation_key": "fp|aaf62cce10bee43a901d8d53a29e8f183e34e2181e263073d3bd4bcd65736894", "current_version": "^0.3.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `algoliasearch` is minor version(s) behind (^5.47.0 -> 5.53.0)"}, "properties": {"repobilityId": 144622, "scanner": "repobility-dependency-currency", "fingerprint": "bc15bbffcea3a3459f4779c3c83c06ac1a06ffeb787dcdef2f867cbb6265b744", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "algoliasearch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.53.0", "correlation_key": "fp|bc15bbffcea3a3459f4779c3c83c06ac1a06ffeb787dcdef2f867cbb6265b744", "current_version": "^5.47.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@fortawesome/react-fontawesome` is minor version(s) behind (^3.1.1 -> 3.3.1)"}, "properties": {"repobilityId": 144620, "scanner": "repobility-dependency-currency", "fingerprint": "87c943912855afa8a70880123916ba858e5bef25375cf8aacb60185180dc788a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@fortawesome/react-fontawesome", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.3.1", "correlation_key": "fp|87c943912855afa8a70880123916ba858e5bef25375cf8aacb60185180dc788a", "current_version": "^3.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@fortawesome/free-solid-svg-icons` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 144619, "scanner": "repobility-dependency-currency", "fingerprint": "82f967decca134978543b153c387e6db16d35530217e9151800c018ae2d4d0a7", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@fortawesome/free-solid-svg-icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|82f967decca134978543b153c387e6db16d35530217e9151800c018ae2d4d0a7", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@fortawesome/free-regular-svg-icons` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 144618, "scanner": "repobility-dependency-currency", "fingerprint": "ab14371a62918be47831ed5996131c288bbec34ce414044f5b4a4c83c589a3f0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@fortawesome/free-regular-svg-icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|ab14371a62918be47831ed5996131c288bbec34ce414044f5b4a4c83c589a3f0", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@fortawesome/free-brands-svg-icons` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 144617, "scanner": "repobility-dependency-currency", "fingerprint": "de0e8b72864524c782537554f91904abeb13496611b69c810706203be11f4953", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@fortawesome/free-brands-svg-icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|de0e8b72864524c782537554f91904abeb13496611b69c810706203be11f4953", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@fortawesome/fontawesome-svg-core` is minor version(s) behind (^7.1.0 -> 7.2.0)"}, "properties": {"repobilityId": 144616, "scanner": "repobility-dependency-currency", "fingerprint": "7440ad0ab86136a6b98500b28dd0f31473a189207e447c231ce3344e003cb54d", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@fortawesome/fontawesome-svg-core", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.0", "correlation_key": "fp|7440ad0ab86136a6b98500b28dd0f31473a189207e447c231ce3344e003cb54d", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@docusaurus/faster` is minor version(s) behind (^3.9.2 -> 3.10.1)"}, "properties": {"repobilityId": 144615, "scanner": "repobility-dependency-currency", "fingerprint": "f43ae06f3148dc39e5409628e09b345908151c0e65bf29a2a0ae6be31b024ea5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@docusaurus/faster", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.10.1", "correlation_key": "fp|f43ae06f3148dc39e5409628e09b345908151c0e65bf29a2a0ae6be31b024ea5", "current_version": "^3.9.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0141944c9b8a056c431e729cee81fdb556c8d94473ffdc9f0d1a890842527f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-upload-relay/src/lib.rs", "duplicate_line": 19, "correlation_key": "fp|a0141944c9b8a056c431e729cee81fdb556c8d94473ffdc9f0d1a890842527f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-upload-relay/src/params.rs"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8dfe92a004e2a4c44d0c0602483bb203c782951c16ac1ba8a3371cf242ff560", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-sdk/src/upload_relay/params.rs", "duplicate_line": 70, "correlation_key": "fp|d8dfe92a004e2a4c44d0c0602483bb203c782951c16ac1ba8a3371cf242ff560"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-upload-relay/src/params.rs"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144550, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe00a1e6dce6b8ba734ed83c3be2fbac5a0c9afa54face2bbc9f850343cc4cb1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-service/src/node/server/extract.rs", "duplicate_line": 45, "correlation_key": "fp|fe00a1e6dce6b8ba734ed83c3be2fbac5a0c9afa54face2bbc9f850343cc4cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-storage-node-client/src/node_response.rs"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d8a1c26c69a15e5abcf3b33334f06a86f72b0b30d766d47e84a517461286cb64", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-sdk/src/node_client/byte_range_read_client.rs", "duplicate_line": 4, "correlation_key": "fp|d8a1c26c69a15e5abcf3b33334f06a86f72b0b30d766d47e84a517461286cb64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-sdk/src/node_client/streaming.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144548, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2b0399c04ae131e47cc7ab76f6f611c959410d967ccac12f6acf2bafb6a4b06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-sdk/src/node_client/store_backend/pooled.rs", "duplicate_line": 190, "correlation_key": "fp|f2b0399c04ae131e47cc7ab76f6f611c959410d967ccac12f6acf2bafb6a4b06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-sdk/src/node_client/store_pipeline.rs"}, "region": {"startLine": 244}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144547, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c2a34af56dd403ddadbe727336a63ec772005219190c55f9d6e40c024efb951", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/walrus-proxy/src/histogram_relay.rs", "duplicate_line": 59, "correlation_key": "fp|1c2a34af56dd403ddadbe727336a63ec772005219190c55f9d6e40c024efb951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-proxy/src/metrics.rs"}, "region": {"startLine": 65}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-observer` image is selected through a build variable"}, "properties": {"repobilityId": 144769, "scanner": "repobility-docker", "fingerprint": "e5e067206dfd439883a9b0beaac2e7062789704987580a15fa911f29c0633128", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|e5e067206dfd439883a9b0beaac2e7062789704987580a15fa911f29c0633128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 204}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-staking-0` image is selected through a build variable"}, "properties": {"repobilityId": 144768, "scanner": "repobility-docker", "fingerprint": "6f4006fa3b80b3c7f017dcaefd1b22348f6af3ae20c02f83c8290f1bf85794ce", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|6f4006fa3b80b3c7f017dcaefd1b22348f6af3ae20c02f83c8290f1bf85794ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 178}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-stress-0` image is selected through a build variable"}, "properties": {"repobilityId": 144767, "scanner": "repobility-docker", "fingerprint": "e783d56528855d04bd25a5b6cd63f844df2dc7aae574f25b8f8307dc0b0de5d0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|e783d56528855d04bd25a5b6cd63f844df2dc7aae574f25b8f8307dc0b0de5d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 154}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-3` image is selected through a build variable"}, "properties": {"repobilityId": 144766, "scanner": "repobility-docker", "fingerprint": "3b50430eb08f9005a35598ed93baebcd6f30f9a0e6a97d12fbc02469d65b59c7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|3b50430eb08f9005a35598ed93baebcd6f30f9a0e6a97d12fbc02469d65b59c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 139}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-2` image is selected through a build variable"}, "properties": {"repobilityId": 144765, "scanner": "repobility-docker", "fingerprint": "16bf83ba19ee07297cd83e008ab4a0f9067a5f048cb435a31824b6a967c5dc50", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|16bf83ba19ee07297cd83e008ab4a0f9067a5f048cb435a31824b6a967c5dc50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 125}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-1` image is selected through a build variable"}, "properties": {"repobilityId": 144764, "scanner": "repobility-docker", "fingerprint": "adc63227e45703461966ca01ef667c391ddd2c89bf313395a3617923c3ca561f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|adc63227e45703461966ca01ef667c391ddd2c89bf313395a3617923c3ca561f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 111}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-0` image is selected through a build variable"}, "properties": {"repobilityId": 144763, "scanner": "repobility-docker", "fingerprint": "e6a63667a36d0017b751b1ef616e2a140b226c03d376511aa348b5dc924d7b71", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|e6a63667a36d0017b751b1ef616e2a140b226c03d376511aa348b5dc924d7b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `complete-setup` image is selected through a build variable"}, "properties": {"repobilityId": 144762, "scanner": "repobility-docker", "fingerprint": "7c4cd53be271af78282c2e1e7094bea97f1eae7b2b506a711e84e4b482376d13", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7c4cd53be271af78282c2e1e7094bea97f1eae7b2b506a711e84e4b482376d13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 65}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-deploy` image is selected through a build variable"}, "properties": {"repobilityId": 144761, "scanner": "repobility-docker", "fingerprint": "66ef010caff04c0b022da14beb5414cab267220b3efee59ba79e0cf9d7ccbf23", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|66ef010caff04c0b022da14beb5414cab267220b3efee59ba79e0cf9d7ccbf23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `sui-localnet` image is selected through a build variable"}, "properties": {"repobilityId": 144760, "scanner": "repobility-docker", "fingerprint": "5f14663e9c6b10d5be9b64a6f38d32ce1561030c88905632ddc23a82cd2c3417", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${SUI_IMAGE_NAME}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|5f14663e9c6b10d5be9b64a6f38d32ce1561030c88905632ddc23a82cd2c3417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/docker-compose.yaml"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-3` image is selected through a build variable"}, "properties": {"repobilityId": 144759, "scanner": "repobility-docker", "fingerprint": "48a3310132cca26ec8b810ecd6ac27cdfa49071298b74881295619a40db60340", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME:-mysten/walrus-service:9eeee2f17198ed8683967af8c8ed7d7c985398ef}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|48a3310132cca26ec8b810ecd6ac27cdfa49071298b74881295619a40db60340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/docker-compose.yaml"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-2` image is selected through a build variable"}, "properties": {"repobilityId": 144758, "scanner": "repobility-docker", "fingerprint": "00e5c2b1c047434a25a3e4ced2db342b0b8cde2b6a6e10eeffda106c0c7dc13e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME:-mysten/walrus-service:9eeee2f17198ed8683967af8c8ed7d7c985398ef}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|00e5c2b1c047434a25a3e4ced2db342b0b8cde2b6a6e10eeffda106c0c7dc13e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/docker-compose.yaml"}, "region": {"startLine": 76}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-1` image is selected through a build variable"}, "properties": {"repobilityId": 144757, "scanner": "repobility-docker", "fingerprint": "829588fc55f432b3764e2894b2791020e5f4721ad2d55b388cecebe73e9df6f1", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME:-mysten/walrus-service:9eeee2f17198ed8683967af8c8ed7d7c985398ef}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|829588fc55f432b3764e2894b2791020e5f4721ad2d55b388cecebe73e9df6f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/docker-compose.yaml"}, "region": {"startLine": 66}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-node-0` image is selected through a build variable"}, "properties": {"repobilityId": 144756, "scanner": "repobility-docker", "fingerprint": "bd46e5e4dc84f2999cd593ad843684b13f329a902daf3a4fc48893cb40a14402", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME:-mysten/walrus-service:9eeee2f17198ed8683967af8c8ed7d7c985398ef}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bd46e5e4dc84f2999cd593ad843684b13f329a902daf3a4fc48893cb40a14402"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/docker-compose.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `walrus-deploy` image is selected through a build variable"}, "properties": {"repobilityId": 144755, "scanner": "repobility-docker", "fingerprint": "cfe4341d3960b62279ff69f104261cfdc99824055ad46cac392caf8c781c1e5e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${WALRUS_IMAGE_NAME:-mysten/walrus-service:9eeee2f17198ed8683967af8c8ed7d7c985398ef}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|cfe4341d3960b62279ff69f104261cfdc99824055ad46cac392caf8c781c1e5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/docker-compose.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 144712, "scanner": "repobility-threat-engine", "fingerprint": "70586f9d4975bcff9179e594aed4f640aa3d0aff07d48fd3dc8598ee801ec4d7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70586f9d4975bcff9179e594aed4f640aa3d0aff07d48fd3dc8598ee801ec4d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 144709, "scanner": "repobility-threat-engine", "fingerprint": "b9e44ff000df9e99444294eaaf19490f6c6fa547e9ab743227dc3ae17b253a20", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9e44ff000df9e99444294eaaf19490f6c6fa547e9ab743227dc3ae17b253a20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/merge_sui_coins.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "SEC005", "level": "none", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 144704, "scanner": "repobility-threat-engine", "fingerprint": "ce5817789bfafbb51d9b436aabe3505f4acf6e60b0b4d51cfc18ab9f751887bd", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Line contains 'regex' \u2014 likely a detection rule or pattern list, not executable code", "evidence": {"match": "exec(input", "reason": "Line contains 'regex' \u2014 likely a detection rule or pattern list, not executable code", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|131|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/RelatedLink/index.tsx"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 144703, "scanner": "repobility-threat-engine", "fingerprint": "f79b4c6ce4eb0d7d776ad2633f739e1a0f46e1ad817ef3a9572abdaf1937f71a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f79b4c6ce4eb0d7d776ad2633f739e1a0f46e1ad817ef3a9572abdaf1937f71a"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 144699, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 144691, "scanner": "repobility-threat-engine", "fingerprint": "b58df9499acfd10b1e20b964429ac887f20e8cc016c1011756c8f46ae09a5873", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b58df9499acfd10b1e20b964429ac887f20e8cc016c1011756c8f46ae09a5873", "aggregated_count": 3}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144690, "scanner": "repobility-threat-engine", "fingerprint": "ea1eee1ac67d1b9981048e099de0f39ee8ebccbaffdc65e282d6db782728034b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea1eee1ac67d1b9981048e099de0f39ee8ebccbaffdc65e282d6db782728034b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/Glossary/Term.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144689, "scanner": "repobility-threat-engine", "fingerprint": "525ac94beb3c1058d02bac574f43e2773da44558577c4678ad2c8b2841d08b3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|525ac94beb3c1058d02bac574f43e2773da44558577c4678ad2c8b2841d08b3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/Cards/index.tsx"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144688, "scanner": "repobility-threat-engine", "fingerprint": "e77f7d90379342c83460db47c02d77632b51a4bad2347eb07b6dad595f257a5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e77f7d90379342c83460db47c02d77632b51a4bad2347eb07b6dad595f257a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/plugins/client/index.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 144687, "scanner": "repobility-threat-engine", "fingerprint": "f922f4f13d4219e470422812906b99d2e69dcf0dbe44404db6fb52eebaf73cdd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f922f4f13d4219e470422812906b99d2e69dcf0dbe44404db6fb52eebaf73cdd", "aggregated_count": 15}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144686, "scanner": "repobility-threat-engine", "fingerprint": "74b72a572e95dff4bd88423f38a2ad2c498db6475076ddeb6d198d29a26c7b96", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74b72a572e95dff4bd88423f38a2ad2c498db6475076ddeb6d198d29a26c7b96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-yaml-files.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144685, "scanner": "repobility-threat-engine", "fingerprint": "78eebe0d2abdefb4cc61af1752a3057c35aaeb91ff62ff308592195d570bb7c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78eebe0d2abdefb4cc61af1752a3057c35aaeb91ff62ff308592195d570bb7c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-markdown-files.js"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144684, "scanner": "repobility-threat-engine", "fingerprint": "9c8109be9564cc6dc370da1ab9d67f8a712e992ee9d87d1c31c6bdfe95222408", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9c8109be9564cc6dc370da1ab9d67f8a712e992ee9d87d1c31c6bdfe95222408"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/plugins/client/index.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 144683, "scanner": "repobility-threat-engine", "fingerprint": "f89bab55d2b2410d93fdf0ea2105922a5e4770e1792a2eff09fb69b79e974801", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f89bab55d2b2410d93fdf0ea2105922a5e4770e1792a2eff09fb69b79e974801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/theme/TOCItems/Tree.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 144682, "scanner": "repobility-threat-engine", "fingerprint": "de0fccd4728c85090aa048e34878b345f513472b5c6314e200787c28a17635a2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de0fccd4728c85090aa048e34878b345f513472b5c6314e200787c28a17635a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/ImportContent/index.tsx"}, "region": {"startLine": 438}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 144681, "scanner": "repobility-threat-engine", "fingerprint": "504e5b06f344370684383219f71fddfdb12f9be2faed67636fb6cf92713fec1f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|504e5b06f344370684383219f71fddfdb12f9be2faed67636fb6cf92713fec1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/Search/CustomHitsContent.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 144678, "scanner": "repobility-threat-engine", "fingerprint": "c9d72070d1526f8b6538d9aea14953c3bb047b4369891d9f3af14bb1b52f8387", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c9d72070d1526f8b6538d9aea14953c3bb047b4369891d9f3af14bb1b52f8387", "aggregated_count": 6}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 144677, "scanner": "repobility-threat-engine", "fingerprint": "7a1cd45df33154c20ad5b3b0eac42e9e77e0d08b3b1fbb26042a4aa3219b50df", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a1cd45df33154c20ad5b3b0eac42e9e77e0d08b3b1fbb26042a4aa3219b50df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/Glossary/GlossaryProvider.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 144676, "scanner": "repobility-threat-engine", "fingerprint": "b17ce91d33db844895a7f43cb1d4526d92cbf64f313dedb37842f6eeaadba499", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b17ce91d33db844895a7f43cb1d4526d92cbf64f313dedb37842f6eeaadba499"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/plugins/client/index.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 144675, "scanner": "repobility-threat-engine", "fingerprint": "6c2138c81cb622bb82e954b4200a858481870a670f28c1ade82f94b6406495c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c2138c81cb622bb82e954b4200a858481870a670f28c1ade82f94b6406495c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/PushFeedback/index.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 144674, "scanner": "repobility-threat-engine", "fingerprint": "6d638efea05789caff597b5fe788564ae810a6add52e01af7c7e66ad58581866", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6d638efea05789caff597b5fe788564ae810a6add52e01af7c7e66ad58581866", "aggregated_count": 3}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 144673, "scanner": "repobility-threat-engine", "fingerprint": "eb8b33cbb06f1e10dd7886c9b0c92b2b1c667f95992c71d100fd00959e9aa73b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb8b33cbb06f1e10dd7886c9b0c92b2b1c667f95992c71d100fd00959e9aa73b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/theme/CodeBlock/Content/index.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 144672, "scanner": "repobility-threat-engine", "fingerprint": "7018f6054fb411b3545ee1ffa50bfb87ae6a681c8c066bfbd2456e5615716fd0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7018f6054fb411b3545ee1ffa50bfb87ae6a681c8c066bfbd2456e5615716fd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/Search/CustomHitsContent.tsx"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 144671, "scanner": "repobility-threat-engine", "fingerprint": "3ea02ebb3bc3dc39b8a008d3a66a56d29f8fde38176d1ba50e6fdfab3c2b62c8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ea02ebb3bc3dc39b8a008d3a66a56d29f8fde38176d1ba50e6fdfab3c2b62c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/HomepageFeatures/index.js"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 144669, "scanner": "repobility-threat-engine", "fingerprint": "df10e4dce85955b48ed00da8c92ce9c08110cb7f1a0f5dde48d57e2d69b0a453", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|df10e4dce85955b48ed00da8c92ce9c08110cb7f1a0f5dde48d57e2d69b0a453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/track_walrus_events.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 144668, "scanner": "repobility-threat-engine", "fingerprint": "b3d921bae127a89e911b05b942ee837fe41a8ff5d815c831a8e033d8e0b2f34e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3d921bae127a89e911b05b942ee837fe41a8ff5d815c831a8e033d8e0b2f34e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/hello_walrus_webapi.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 144667, "scanner": "repobility-threat-engine", "fingerprint": "d14f752e57be83f02fb388204f68a16b55a82797e750ecb9aa22461eba2bb33a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d14f752e57be83f02fb388204f68a16b55a82797e750ecb9aa22461eba2bb33a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/hello_walrus_jsonapi.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144663, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 144659, "scanner": "repobility-threat-engine", "fingerprint": "b1899ad9a25e479f08b044c714484673af97b97db31ba68b3b42a9328e60eab3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b1899ad9a25e479f08b044c714484673af97b97db31ba68b3b42a9328e60eab3", "aggregated_count": 5}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144658, "scanner": "repobility-threat-engine", "fingerprint": "8ba281ab3e73328fdf370dc27fea7cfad886930e0d96ffbc24bbd04afe368e2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ba281ab3e73328fdf370dc27fea7cfad886930e0d96ffbc24bbd04afe368e2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/node/blob_event_processor/pending_events.rs"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144657, "scanner": "repobility-threat-engine", "fingerprint": "d9940f18ab1b12fab0c1141a94130366036c777b68e8065b46662377a65a2781", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9940f18ab1b12fab0c1141a94130366036c777b68e8065b46662377a65a2781"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/event/event_processor/runtime.rs"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144656, "scanner": "repobility-threat-engine", "fingerprint": "19c664791f9440cef3a7bbc9a7933a6dc6ed8e5c62d8ff894e6682d12b64203a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|19c664791f9440cef3a7bbc9a7933a6dc6ed8e5c62d8ff894e6682d12b64203a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/event/event_processor/coordination.rs"}, "region": {"startLine": 228}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 144654, "scanner": "repobility-threat-engine", "fingerprint": "6e6b1fa9aa37cd5353c53477b8935ccc1c8f42b61f420ebd0ceb44871ba243eb", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6e6b1fa9aa37cd5353c53477b8935ccc1c8f42b61f420ebd0ceb44871ba243eb"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 144650, "scanner": "repobility-threat-engine", "fingerprint": "133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "aggregated_count": 4}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144649, "scanner": "repobility-threat-engine", "fingerprint": "a0a2d603bd5fe9a157d0b5b5f1a6e1e7b9c3ca1d9ae4cd6e4fc722307ad0e030", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a0a2d603bd5fe9a157d0b5b5f1a6e1e7b9c3ca1d9ae4cd6e4fc722307ad0e030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/files/run-walrus.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144648, "scanner": "repobility-threat-engine", "fingerprint": "54febc62f4d489c79602a25869c0f0ea2bb2bdd9183340ad1444f9804745b4a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54febc62f4d489c79602a25869c0f0ea2bb2bdd9183340ad1444f9804745b4a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/local-testbed/files/deploy-walrus.sh"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144647, "scanner": "repobility-threat-engine", "fingerprint": "5350a0f400a9b566ff9df497c906a576173cebc8db8b3f2dc21c978a48c2b0f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5350a0f400a9b566ff9df497c906a576173cebc8db8b3f2dc21c978a48c2b0f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-orchestrator/src/monitor.rs"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 144646, "scanner": "repobility-threat-engine", "fingerprint": "247d4b5c497c24aebfcd582ebf8a04333cfcef2c5c733ec53244cdcd6622209f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|247d4b5c497c24aebfcd582ebf8a04333cfcef2c5c733ec53244cdcd6622209f", "aggregated_count": 12}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 54 more): Same pattern found in 54 additional files. Review if needed."}, "properties": {"repobilityId": 144642, "scanner": "repobility-threat-engine", "fingerprint": "d9cf97ec654ffcc1560f8371361152d56c05bed08780fa021c9e4edfd0be558c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 54 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d9cf97ec654ffcc1560f8371361152d56c05bed08780fa021c9e4edfd0be558c", "aggregated_count": 54}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144641, "scanner": "repobility-threat-engine", "fingerprint": "64ceb8ef41f2c53c2974f65d6b871a97312cf949805d6f31647fa5d14a9ee71c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64ceb8ef41f2c53c2974f65d6b871a97312cf949805d6f31647fa5d14a9ee71c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-core/src/encoding/mapping.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144640, "scanner": "repobility-threat-engine", "fingerprint": "986758f88d83f871ccf1c5b9a91d77312ea471e83b55fd4d06185a4299abf273", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|986758f88d83f871ccf1c5b9a91d77312ea471e83b55fd4d06185a4299abf273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-core/src/bft.rs"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144639, "scanner": "repobility-threat-engine", "fingerprint": "75cd20707f729fa16c22d1b210035eb05f285b1d7877e7bedc0f69c5d7f87ded", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|75cd20707f729fa16c22d1b210035eb05f285b1d7877e7bedc0f69c5d7f87ded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/typed-store/src/rocks/safe_iter.rs"}, "region": {"startLine": 88}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/yargs` is patch version(s) behind (17.0.33 -> 17.0.35)"}, "properties": {"repobilityId": 144631, "scanner": "repobility-dependency-currency", "fingerprint": "40cd4377fea3d533280da20a01ada0a4f7e08c9841af58ad3b7ac48f19edd30c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/yargs", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.0.35", "correlation_key": "fp|40cd4377fea3d533280da20a01ada0a4f7e08c9841af58ad3b7ac48f19edd30c", "current_version": "17.0.33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cache-inference/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `postcss` is patch version(s) behind (^8.5.6 -> 8.5.15)"}, "properties": {"repobilityId": 144629, "scanner": "repobility-dependency-currency", "fingerprint": "ad8def84653f33d9abed121ee8b8bf0eee1ef868d437deba234142b501dcaa6c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "postcss", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.5.15", "correlation_key": "fp|ad8def84653f33d9abed121ee8b8bf0eee1ef868d437deba234142b501dcaa6c", "current_version": "^8.5.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `turndown` is patch version(s) behind (^7.2.2 -> 7.2.4)"}, "properties": {"repobilityId": 144627, "scanner": "repobility-dependency-currency", "fingerprint": "a92e9e7011cc3ecbbf0f04ecbbd88f0eeed984ef53e48709cb4a63a7c57dce81", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "turndown", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.2.4", "correlation_key": "fp|a92e9e7011cc3ecbbf0f04ecbbd88f0eeed984ef53e48709cb4a63a7c57dce81", "current_version": "^7.2.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@plausible-analytics/tracker` is patch version(s) behind (^0.4.4 -> 0.4.5)"}, "properties": {"repobilityId": 144621, "scanner": "repobility-dependency-currency", "fingerprint": "f5e2ad2487826aa81c4eafbeb3e5d2272550ed316074e06a4370a61b063db35c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@plausible-analytics/tracker", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.4.5", "correlation_key": "fp|f5e2ad2487826aa81c4eafbeb3e5d2272550ed316074e06a4370a61b063db35c", "current_version": "^0.4.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 144845, "scanner": "osv-scanner", "fingerprint": "db1b807e79e5a25fe95310f8a4ceb818e566bc560cf966daa0f2422b80343637", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/cache-inference/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 144840, "scanner": "osv-scanner", "fingerprint": "9a3b994caef00dd469fe86ca70e85239330e4010e4ac20895a233ff1e06960d9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 144837, "scanner": "osv-scanner", "fingerprint": "b7282a41c83dc15298301a6b797b12a72b95cdf411492b4360d1ee87f994bc1d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 144834, "scanner": "osv-scanner", "fingerprint": "959f769e3b015fe123dfcc53834cd695015e73c9f48f6e10433be29b5a00ce33", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jvwf-75h9-cwgg", "level": "error", "message": {"text": "protobufjs: GHSA-jvwf-75h9-cwgg"}, "properties": {"repobilityId": 144830, "scanner": "osv-scanner", "fingerprint": "11fba5e76dd02e62921ea9903a212d20f61e3a8b362c22015e90ec995781eb7c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44290"], "package": "protobufjs", "rule_id": "GHSA-jvwf-75h9-cwgg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44290|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-75px-5xx7-5xc7", "level": "error", "message": {"text": "protobufjs: GHSA-75px-5xx7-5xc7"}, "properties": {"repobilityId": 144827, "scanner": "osv-scanner", "fingerprint": "89706c6c0e2af4392cf5fda36c04f9b9bb35f8019c05c3d2a10c73fcf824372f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44291"], "package": "protobufjs", "rule_id": "GHSA-75px-5xx7-5xc7", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44291|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-685m-2w69-288q", "level": "error", "message": {"text": "protobufjs: GHSA-685m-2w69-288q"}, "properties": {"repobilityId": 144826, "scanner": "osv-scanner", "fingerprint": "59391341e76e07d6a08feb6f687719601b0c32b507dda7cc78e0fc21e9807fd9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44289"], "package": "protobufjs", "rule_id": "GHSA-685m-2w69-288q", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44289|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-66ff-xgx4-vchm", "level": "error", "message": {"text": "protobufjs: GHSA-66ff-xgx4-vchm"}, "properties": {"repobilityId": 144825, "scanner": "osv-scanner", "fingerprint": "ea2266ce63d0c61af93705dbec3b80da61c68aa06b722104b35e1302dae8771e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44293"], "package": "protobufjs", "rule_id": "GHSA-66ff-xgx4-vchm", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44293|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 144822, "scanner": "osv-scanner", "fingerprint": "b19b921effe38862346df6190b23978ce06f7a60b6ec6142d18db755e4802ef1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 144820, "scanner": "osv-scanner", "fingerprint": "156839a2f7d924fe50b95064a45588ec7ecfaa822659359eb993757389e7bc01", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 144818, "scanner": "osv-scanner", "fingerprint": "32d79618694481bcf8226ac62702467f1cd3237a233a8868ef713d82e023e57e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 144817, "scanner": "osv-scanner", "fingerprint": "491cd415c9000bdf71639183481474b3a953729523706614f1182fff6e74de2c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 144816, "scanner": "osv-scanner", "fingerprint": "d90d295f6cf28181a153ee145f40b310394440a93e55a9201266a35ae3c9d6f4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 144815, "scanner": "osv-scanner", "fingerprint": "75dd35318ae9819fb4f878c06f540c4bb7b3166128dbe65943a0c2c879fa8430", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 144812, "scanner": "osv-scanner", "fingerprint": "12607bb94495f68c711341a1ed7089fb197c614f5320ed2365071f5ff31641bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 144811, "scanner": "osv-scanner", "fingerprint": "113b73b29461e89139ed06ce4763e699639842a8c46a3783868d483abd841cf4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 144800, "scanner": "osv-scanner", "fingerprint": "8257df1756c534e6433fbbcf297d7dec04075e7297dc92005f7f9d9cb164cc42", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-74", "level": "error", "message": {"text": "requests: PYSEC-2023-74"}, "properties": {"repobilityId": 144795, "scanner": "osv-scanner", "fingerprint": "e19a7e76bbcaa63289d820e8ad0b6f1fd2d4507f96d1e975583a28ad032a5e5c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-32681", "GHSA-j8r2-6x86-q33q"], "package": "requests", "rule_id": "PYSEC-2023-74", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2023-32681|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j8r2-6x86-q33q", "PYSEC-2023-74"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["b2d1335bda0b12cd32a999b23d2c75ca0838e80a26e4d2a678db79e86322fbc3", "e19a7e76bbcaa63289d820e8ad0b6f1fd2d4507f96d1e975583a28ad032a5e5c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0320", "level": "error", "message": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "properties": {"repobilityId": 144794, "scanner": "osv-scanner", "fingerprint": "70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "yaml-rust", "rule_id": "RUSTSEC-2024-0320", "scanner": "osv-scanner", "correlation_key": "fp|70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 144793, "scanner": "osv-scanner", "fingerprint": "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["476482283f7b4bf24cebe63c772832bbcbb2a342714f10bd108d0c5c67b78813", "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 144792, "scanner": "osv-scanner", "fingerprint": "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2a5659d7cbd0bb9dfc9d2adea8035c41fc228507431bf1ff230640799fbb9dc2", "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 144791, "scanner": "osv-scanner", "fingerprint": "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4e353f860af1fd9047341f396e862081c6c9d858904293310e34f17a61d47c4c", "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0134", "level": "error", "message": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "properties": {"repobilityId": 144790, "scanner": "osv-scanner", "fingerprint": "16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rustls-pemfile", "rule_id": "RUSTSEC-2025-0134", "scanner": "osv-scanner", "correlation_key": "fp|16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0071", "level": "error", "message": {"text": "rsa: RUSTSEC-2023-0071"}, "properties": {"repobilityId": 144788, "scanner": "osv-scanner", "fingerprint": "8d2ec21cf46ba80ff1843c2b573a651f4162fc37b24b67de47343d2180e0463e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-49092", "GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr"], "package": "rsa", "rule_id": "RUSTSEC-2023-0071", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2023-49092|cargo.lock", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr", "RUSTSEC-2023-0071"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["682296e7e3b3dd6ba1ee06688f8093e4b4c9d16668d7913c1646018bca9f75cb", "6bfd905e9d80a171b06f6161d592b37af622bd391f4246327e3d7c4ad8a27d63", "8d2ec21cf46ba80ff1843c2b573a651f4162fc37b24b67de47343d2180e0463e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 144787, "scanner": "osv-scanner", "fingerprint": "a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "ee2ad9157999fcb0c8f925391a5e09946511288ceed3e6c5f5b05828611b879f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0370", "level": "error", "message": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "properties": {"repobilityId": 144786, "scanner": "osv-scanner", "fingerprint": "479281b680a3742dad2f7a7c69c0da3e0c7676004685623da1f79bbaa167eba8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "proc-macro-error", "rule_id": "RUSTSEC-2024-0370", "scanner": "osv-scanner", "correlation_key": "fp|479281b680a3742dad2f7a7c69c0da3e0c7676004685623da1f79bbaa167eba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 144785, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0002", "level": "error", "message": {"text": "lru: RUSTSEC-2026-0002"}, "properties": {"repobilityId": 144783, "scanner": "osv-scanner", "fingerprint": "55cddf09b8e903a4447dab5af29af25d6d1e296c37dab01986114159b4e19865", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-rhfx-m35p-ff5j"], "package": "lru", "rule_id": "RUSTSEC-2026-0002", "scanner": "osv-scanner", "correlation_key": "vuln|lru|GHSA-RHFX-M35P-FF5J|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rhfx-m35p-ff5j", "RUSTSEC-2026-0002"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["55cddf09b8e903a4447dab5af29af25d6d1e296c37dab01986114159b4e19865", "f7511434ae66124b731f3584daca20a14062fa1d2a91ccce3ea718c421d33184"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0384", "level": "error", "message": {"text": "instant: RUSTSEC-2024-0384"}, "properties": {"repobilityId": 144782, "scanner": "osv-scanner", "fingerprint": "2ceb760f484abeb3a84e0d3edb5de7bba161864b40faf40414de9a12f611490f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "instant", "rule_id": "RUSTSEC-2024-0384", "scanner": "osv-scanner", "correlation_key": "fp|2ceb760f484abeb3a84e0d3edb5de7bba161864b40faf40414de9a12f611490f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0057", "level": "error", "message": {"text": "fxhash: RUSTSEC-2025-0057"}, "properties": {"repobilityId": 144781, "scanner": "osv-scanner", "fingerprint": "81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fxhash", "rule_id": "RUSTSEC-2025-0057", "scanner": "osv-scanner", "correlation_key": "fp|81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0138", "level": "error", "message": {"text": "diesel-async: RUSTSEC-2026-0138"}, "properties": {"repobilityId": 144779, "scanner": "osv-scanner", "fingerprint": "1e4278fb423b760815a2676d9cd16cb08c258e00551b5f6e55c29c7ce88daf06", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "diesel-async", "rule_id": "RUSTSEC-2026-0138", "scanner": "osv-scanner", "correlation_key": "fp|1e4278fb423b760815a2676d9cd16cb08c258e00551b5f6e55c29c7ce88daf06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0172", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0172"}, "properties": {"repobilityId": 144778, "scanner": "osv-scanner", "fingerprint": "ec06608abfb3f94804466db075ee64f827d36063dda138f565d4b1674954292e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "diesel", "rule_id": "RUSTSEC-2026-0172", "scanner": "osv-scanner", "correlation_key": "fp|ec06608abfb3f94804466db075ee64f827d36063dda138f565d4b1674954292e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0137", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0137"}, "properties": {"repobilityId": 144777, "scanner": "osv-scanner", "fingerprint": "2b18e27dec5022b2e3722cbc14b527e341c77826058876f8f295b04903b22811", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-q8x8-jrhj-fh9p"], "package": "diesel", "rule_id": "RUSTSEC-2026-0137", "scanner": "osv-scanner", "correlation_key": "vuln|diesel|GHSA-Q8X8-JRHJ-FH9P|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-q8x8-jrhj-fh9p", "RUSTSEC-2026-0137"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1a99e5d83ae0a150546e5dd397808e5a45046709c8c3b0a74c7f4bd808d4b95e", "2b18e27dec5022b2e3722cbc14b527e341c77826058876f8f295b04903b22811"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0136", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0136"}, "properties": {"repobilityId": 144776, "scanner": "osv-scanner", "fingerprint": "50a7bc9d559da81a3f0fa6f93a215fc3209ea5e940e16eee20dfc789b4537eb7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-m9p2-fxp5-v3fp"], "package": "diesel", "rule_id": "RUSTSEC-2026-0136", "scanner": "osv-scanner", "correlation_key": "vuln|diesel|GHSA-M9P2-FXP5-V3FP|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m9p2-fxp5-v3fp", "RUSTSEC-2026-0136"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["50a7bc9d559da81a3f0fa6f93a215fc3209ea5e940e16eee20dfc789b4537eb7", "d49cdc847301b9f7119688762dc32ea7b25a7759173f87e4625e27fc4cc7d5f7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0135", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0135"}, "properties": {"repobilityId": 144775, "scanner": "osv-scanner", "fingerprint": "3f636a95fd4e3ecc6ccad5362cd0387fcb7d2e248df406865063898a07b02929", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "diesel", "rule_id": "RUSTSEC-2026-0135", "scanner": "osv-scanner", "correlation_key": "fp|3f636a95fd4e3ecc6ccad5362cd0387fcb7d2e248df406865063898a07b02929"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0134", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0134"}, "properties": {"repobilityId": 144774, "scanner": "osv-scanner", "fingerprint": "32f49765827cf326db1bb2465a9f307bed7c32e8215825d91c6fc66fed95cc16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "diesel", "rule_id": "RUSTSEC-2026-0134", "scanner": "osv-scanner", "correlation_key": "fp|32f49765827cf326db1bb2465a9f307bed7c32e8215825d91c6fc66fed95cc16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0111", "level": "error", "message": {"text": "diesel: RUSTSEC-2026-0111"}, "properties": {"repobilityId": 144773, "scanner": "osv-scanner", "fingerprint": "b6a36dedcefb00331d9f33779f80b8185f16d2688f54fff0b8634f64247b5ab8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-h5x4-m2qf-r4f2"], "package": "diesel", "rule_id": "RUSTSEC-2026-0111", "scanner": "osv-scanner", "correlation_key": "vuln|diesel|GHSA-H5X4-M2QF-R4F2|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h5x4-m2qf-r4f2", "RUSTSEC-2026-0111"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["b6a36dedcefb00331d9f33779f80b8185f16d2688f54fff0b8634f64247b5ab8", "d80e94f0769d7df05a398f68527ffaaedb35196a676c8f6ffe5749054b01be08"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0388", "level": "error", "message": {"text": "derivative: RUSTSEC-2024-0388"}, "properties": {"repobilityId": 144772, "scanner": "osv-scanner", "fingerprint": "547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "derivative", "rule_id": "RUSTSEC-2024-0388", "scanner": "osv-scanner", "correlation_key": "fp|547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 144771, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0012", "level": "error", "message": {"text": "backoff: RUSTSEC-2025-0012"}, "properties": {"repobilityId": 144770, "scanner": "osv-scanner", "fingerprint": "863c7219ef2c83738e80dcf54060d6c9a3af9e895c3e109838fa2fc1ee6077de", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "backoff", "rule_id": "RUSTSEC-2025-0012", "scanner": "osv-scanner", "correlation_key": "fp|863c7219ef2c83738e80dcf54060d6c9a3af9e895c3e109838fa2fc1ee6077de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC009", "level": "error", "message": {"text": "Compose service bind-mounts a sensitive host path"}, "properties": {"repobilityId": 144753, "scanner": "repobility-docker", "fingerprint": "e978e9b91aa85e5313cebfcd625fc003fc93ee537c7c197dbec3641474da1646", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Bind mount source points at a sensitive host path.", "evidence": {"source": "/proc", "rule_id": "DKC009", "scanner": "repobility-docker", "service": "node-exporter", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e978e9b91aa85e5313cebfcd625fc003fc93ee537c7c197dbec3641474da1646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/grafana-local/docker-compose.yaml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 144714, "scanner": "repobility-threat-engine", "fingerprint": "e8f7cb7c9dc04ef03d3d6907c18b99ff331537e967fffc3239c6309f2b859e27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8f7cb7c9dc04ef03d3d6907c18b99ff331537e967fffc3239c6309f2b859e27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/simtest/seed-search.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 144711, "scanner": "repobility-threat-engine", "fingerprint": "6922ed3e8ad281e70b9f855d01d5d089a5e2f3c49da223b00e2fe626188374f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6922ed3e8ad281e70b9f855d01d5d089a5e2f3c49da223b00e2fe626188374f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 144710, "scanner": "repobility-threat-engine", "fingerprint": "2f0680a8fbe15764b03e59188f6de48793f341dffe83a6bbbaf85cd8bc763340", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f0680a8fbe15764b03e59188f6de48793f341dffe83a6bbbaf85cd8bc763340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run-simtest-isolated.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144702, "scanner": "repobility-threat-engine", "fingerprint": "debef17e6753691067c93f93569f1560eb9aa116537d6989364280f2015e3ff3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(line", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|debef17e6753691067c93f93569f1560eb9aa116537d6989364280f2015e3ff3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/js/check-links.mjs"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144701, "scanner": "repobility-threat-engine", "fingerprint": "a7556eec843839c1658cce0c43d995dcdd67898978f13f630b816e1bc9c97670", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a7556eec843839c1658cce0c43d995dcdd67898978f13f630b816e1bc9c97670"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/components/RelatedLink/index.tsx"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144700, "scanner": "repobility-threat-engine", "fingerprint": "e0835de55836a247e43941b81b8d720c508930da9b1e6dc3f43ce78a34aa0a42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(haystack", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e0835de55836a247e43941b81b8d720c508930da9b1e6dc3f43ce78a34aa0a42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/generate-import-context.js"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 144666, "scanner": "repobility-threat-engine", "fingerprint": "9651497a642d9d7914a28a474c89252184080bd4fb07627e9a230790921846b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9651497a642d9d7914a28a474c89252184080bd4fb07627e9a230790921846b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/track_walrus_events.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 144665, "scanner": "repobility-threat-engine", "fingerprint": "51c9ec3006a242edb0b8d8099c800532a5ad8e5c265f8f094fc158e190cc79c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.put(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|51c9ec3006a242edb0b8d8099c800532a5ad8e5c265f8f094fc158e190cc79c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/hello_walrus_webapi.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 144664, "scanner": "repobility-threat-engine", "fingerprint": "917e275caf215792f946e00e8d9161c39d14ac65bbaf195e2a73b5cd06e16984", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|917e275caf215792f946e00e8d9161c39d14ac65bbaf195e2a73b5cd06e16984"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/hello_walrus_jsonapi.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144662, "scanner": "repobility-threat-engine", "fingerprint": "09574f0564d36333726a43a7a4a32d80d8c51f11d4dd4b8adfc69466acddb364", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "params.delete(\"q\");", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09574f0564d36333726a43a7a4a32d80d8c51f11d4dd4b8adfc69466acddb364"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/components/Search/ControlledSearchBox.tsx"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144661, "scanner": "repobility-threat-engine", "fingerprint": "013e2f75fb1fde7025098774badc6564421ecc2cca1f399695ce73228ef3db0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "permanent_info.update(change_info, false);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|013e2f75fb1fde7025098774badc6564421ecc2cca1f399695ce73228ef3db0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/node/storage/blob_info/perm_blob_info.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144660, "scanner": "repobility-threat-engine", "fingerprint": "5b3b5ed020b192c70c20f184c752cc387e8d8a93c522e8f454255ea06283b590", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.update(&object)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b3b5ed020b192c70c20f184c752cc387e8d8a93c522e8f454255ea06283b590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/event/event_processor/package_store.rs"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 144655, "scanner": "repobility-threat-engine", "fingerprint": "d84415247b129ab26f3eb2306fd1a2184cb6c5741ace6257a87d641680f00a3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d84415247b129ab26f3eb2306fd1a2184cb6c5741ace6257a87d641680f00a3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-service/src/backup/schema.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144653, "scanner": "repobility-threat-engine", "fingerprint": "3eb06663975f981016443bac09799b48346dfe23ce62a258dbc4867d211fa9b6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(FULL_NODE_URL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3eb06663975f981016443bac09799b48346dfe23ce62a258dbc4867d211fa9b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/python/hello_walrus_jsonapi.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144652, "scanner": "repobility-threat-engine", "fingerprint": "032d7389cde33c0bc9b37eb362830e4d9061ed5168f52e8a7e555219492195a1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|032d7389cde33c0bc9b37eb362830e4d9061ed5168f52e8a7e555219492195a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-sui/src/client/rpc_client.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144651, "scanner": "repobility-threat-engine", "fingerprint": "717b53edf83f9b458375f67ea1f1e4dac5a55b5ba7ee36b02f022496300b31f8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n    s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|717b53edf83f9b458375f67ea1f1e4dac5a55b5ba7ee36b02f022496300b31f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-sdk/src/upload_relay.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144645, "scanner": "repobility-threat-engine", "fingerprint": "0a2ea41cb6f0fdc05a13270d57078d847459234c399622800216ceff2988c8b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a2ea41cb6f0fdc05a13270d57078d847459234c399622800216ceff2988c8b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-core/src/bft.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144644, "scanner": "repobility-threat-engine", "fingerprint": "c09584c6b817580d5ebaad6afca6153a97773d3333222765ca731b8f1c15ec44", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c09584c6b817580d5ebaad6afca6153a97773d3333222765ca731b8f1c15ec44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-core/benches/blob_encoding.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144643, "scanner": "repobility-threat-engine", "fingerprint": "6746d3acc04077b4a339181ed18925c2eaa9cec29eeeda4926cbaf7008f2b899", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6746d3acc04077b4a339181ed18925c2eaa9cec29eeeda4926cbaf7008f2b899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/walrus-core/benches/basic_encoding.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `postgres:16` unpinned"}, "properties": {"repobilityId": 144614, "scanner": "repobility-supply-chain", "fingerprint": "9f28afde8d92fe83cba870dd5f3573b6221a8aba5d9d13827b04607fbe60c881", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f28afde8d92fe83cba870dd5f3573b6221a8aba5d9d13827b04607fbe60c881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 144608, "scanner": "repobility-supply-chain", "fingerprint": "e477a6973e269b154411557dcade547173e536ddfac968618f3384db914cc98b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e477a6973e269b154411557dcade547173e536ddfac968618f3384db914cc98b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-preview.yaml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 144607, "scanner": "repobility-supply-chain", "fingerprint": "5a98b6889f4ef6b2c1faa5b5153965a0cb2d45ec17219441221e3cd06db50fcd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a98b6889f4ef6b2c1faa5b5153965a0cb2d45ec17219441221e3cd06db50fcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-preview.yaml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 144606, "scanner": "repobility-supply-chain", "fingerprint": "0569815e22cbf319d702097a01cf8c83b775ca183c8546ff42bc2f4a433c6bc3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0569815e22cbf319d702097a01cf8c83b775ca183c8546ff42bc2f4a433c6bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-preview.yaml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "package.json dep `k6-jslib-utils` pulled from URL/Git"}, "properties": {"repobilityId": 144605, "scanner": "repobility-supply-chain", "fingerprint": "b2726ed4c10736d74b0b7766ad46d9b210f23fe2fba05cdc9e61d86ad0e98dfa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b2726ed4c10736d74b0b7766ad46d9b210f23fe2fba05cdc9e61d86ad0e98dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/k6/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144604, "scanner": "repobility-supply-chain", "fingerprint": "0ac45a47877c8c6a0cd0d162ac75bfaa17dd4fb50c52ca03a08a02b5889b4ee2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ac45a47877c8c6a0cd0d162ac75bfaa17dd4fb50c52ca03a08a02b5889b4ee2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-walrus-image-for-antithesis/Dockerfile"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144603, "scanner": "repobility-supply-chain", "fingerprint": "8b94c46b2508ee962b959cadfc56d9ec6003d882aa45ea277e7880bf02e28d88", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b94c46b2508ee962b959cadfc56d9ec6003d882aa45ea277e7880bf02e28d88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-walrus-image-for-antithesis/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144602, "scanner": "repobility-supply-chain", "fingerprint": "a1c0461dd46312e4b8b68ae15e9fdd1abad8915677899d6cffb3c3984ecdf95e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1c0461dd46312e4b8b68ae15e9fdd1abad8915677899d6cffb3c3984ecdf95e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-antithesis/build-test-config-image/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144601, "scanner": "repobility-supply-chain", "fingerprint": "314d737e19b15a3ab773cdcacd7f72e4331a94a0dba2621ddf22e81fe50b6211", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|314d737e19b15a3ab773cdcacd7f72e4331a94a0dba2621ddf22e81fe50b6211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-orchestrator/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144600, "scanner": "repobility-supply-chain", "fingerprint": "313836653f2eeab0565f976b11e3ac2a1e4ff66e9fe6e5261a907385ba710fa5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|313836653f2eeab0565f976b11e3ac2a1e4ff66e9fe6e5261a907385ba710fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-orchestrator/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144599, "scanner": "repobility-supply-chain", "fingerprint": "1ddca3167fdf55c46fb7f82e54c77992c871ffb5d17226713bde5eb3e362090d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1ddca3167fdf55c46fb7f82e54c77992c871ffb5d17226713bde5eb3e362090d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144598, "scanner": "repobility-supply-chain", "fingerprint": "27040566f6587d48b3001798483a917c12406c138b7c7389e311a25a5fbe78f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|27040566f6587d48b3001798483a917c12406c138b7c7389e311a25a5fbe78f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144597, "scanner": "repobility-supply-chain", "fingerprint": "c21c446c54d07b0853df12ddf733d16a8c04208f46043e8dcbfc161c13ff4561", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c21c446c54d07b0853df12ddf733d16a8c04208f46043e8dcbfc161c13ff4561"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144596, "scanner": "repobility-supply-chain", "fingerprint": "b89417e62c37c273f05ff71853267da73ed2103ed6e56229a1064ddc650e432e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b89417e62c37c273f05ff71853267da73ed2103ed6e56229a1064ddc650e432e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144595, "scanner": "repobility-supply-chain", "fingerprint": "5673eec6acf3158623fae6be47b9ff14ed1580a4fc22931d55f382f5317ff44d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5673eec6acf3158623fae6be47b9ff14ed1580a4fc22931d55f382f5317ff44d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144594, "scanner": "repobility-supply-chain", "fingerprint": "e52af276621f4401709e2102cc043bd72fa56b50dbcc3e1a9f6f0cc4234abdc3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e52af276621f4401709e2102cc043bd72fa56b50dbcc3e1a9f6f0cc4234abdc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile.walrus-backup"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144593, "scanner": "repobility-supply-chain", "fingerprint": "1416f8004bbfda01c7a962d4c579145b9eabf09a7b2a4d8d4a7d1ea0f0b6f0eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1416f8004bbfda01c7a962d4c579145b9eabf09a7b2a4d8d4a7d1ea0f0b6f0eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-service/Dockerfile.walrus-backup"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144592, "scanner": "repobility-supply-chain", "fingerprint": "220d79017e38bcf56a869f42f9f995c04a506a5b320373e4de9060084c6b51c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|220d79017e38bcf56a869f42f9f995c04a506a5b320373e4de9060084c6b51c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-upload-relay/Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144591, "scanner": "repobility-supply-chain", "fingerprint": "5c238bf22702b3c0f5412dc0466b866462782de273f97c6a28f1b4292e1d2948", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5c238bf22702b3c0f5412dc0466b866462782de273f97c6a28f1b4292e1d2948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-upload-relay/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `debian:bookworm-slim` not pinned by digest"}, "properties": {"repobilityId": 144590, "scanner": "repobility-supply-chain", "fingerprint": "a03c86e7f98922607d9e510d261be2c43760f33498a75d9b832710e806e80fb9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a03c86e7f98922607d9e510d261be2c43760f33498a75d9b832710e806e80fb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-stress/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144589, "scanner": "repobility-supply-chain", "fingerprint": "9ac3a6c31997f9e97fa738c965695ed847dd7cb2308a066c26e8afea8269175a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ac3a6c31997f9e97fa738c965695ed847dd7cb2308a066c26e8afea8269175a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-stress/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `gcr.io/distroless/cc-debian12 (no tag)` not pinned by digest"}, "properties": {"repobilityId": 144588, "scanner": "repobility-supply-chain", "fingerprint": "8910affc55620cf79f246a95f7eeb9f214910afb19af4da9577e97a008044e2a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8910affc55620cf79f246a95f7eeb9f214910afb19af4da9577e97a008044e2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-proxy/Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `rust:1.96-bookworm` not pinned by digest"}, "properties": {"repobilityId": 144587, "scanner": "repobility-supply-chain", "fingerprint": "24173e4873f4fab333b9c47e90d0e76fca99efe70ae7315573043d74b779e5f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|24173e4873f4fab333b9c47e90d0e76fca99efe70ae7315573043d74b779e5f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/walrus-proxy/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/EmbarkStudios/cargo-deny` pinned to mutable rev `0.19.0`"}, "properties": {"repobilityId": 144586, "scanner": "repobility-supply-chain", "fingerprint": "92d4b697a88e7ad8f6dccc59a29786bcea295ae05cb790e9a93ca424a7d7bda2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92d4b697a88e7ad8f6dccc59a29786bcea295ae05cb790e9a93ca424a7d7bda2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/DavidAnson/markdownlint-cli2` pinned to mutable rev `v0.21.0`"}, "properties": {"repobilityId": 144585, "scanner": "repobility-supply-chain", "fingerprint": "9524ca3ef0daeddf63a124926042acce3b405e1d9e148af846d60b1a4fd512e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9524ca3ef0daeddf63a124926042acce3b405e1d9e148af846d60b1a4fd512e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/crate-ci/typos` pinned to mutable rev `v1.44.0`"}, "properties": {"repobilityId": 144584, "scanner": "repobility-supply-chain", "fingerprint": "848875a3a39495c9124c7f0982522d0b157b44b5bae7b734ad19e489d3c33a2a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|848875a3a39495c9124c7f0982522d0b157b44b5bae7b734ad19e489d3c33a2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/notken12/licensesnip` pinned to mutable rev `f01f898`"}, "properties": {"repobilityId": 144583, "scanner": "repobility-supply-chain", "fingerprint": "f642ad7b935c5bd94ad0e2f72643480c61672d449337e28011acd4db20fe6192", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f642ad7b935c5bd94ad0e2f72643480c61672d449337e28011acd4db20fe6192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/google/yamlfmt` pinned to mutable rev `v0.21.0`"}, "properties": {"repobilityId": 144582, "scanner": "repobility-supply-chain", "fingerprint": "130fdf64f7bea01eb62b856061e35455706d056f8295a9bf8f39cb99272c6dfa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|130fdf64f7bea01eb62b856061e35455706d056f8295a9bf8f39cb99272c6dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/editorconfig-checker/editorconfig-checker.python` pinned to mutable rev `3.6.1`"}, "properties": {"repobilityId": 144581, "scanner": "repobility-supply-chain", "fingerprint": "4500b5d15a08942fd84a507df8cd18c7d4d6f9295454eed9bfafbe14e980b768", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4500b5d15a08942fd84a507df8cd18c7d4d6f9295454eed9bfafbe14e980b768"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`"}, "properties": {"repobilityId": 144580, "scanner": "repobility-supply-chain", "fingerprint": "220e44773ea700fcbfca37f3a9090da3cc169833e9226a283583bd7af8631d80", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|220e44773ea700fcbfca37f3a9090da3cc169833e9226a283583bd7af8631d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 144577, "scanner": "repobility-ast-engine", "fingerprint": "0d905e8df3104d1377eccb696177a698b79d14c5664d2714ac1d7473d423acf4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d905e8df3104d1377eccb696177a698b79d14c5664d2714ac1d7473d423acf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144576, "scanner": "repobility-ast-engine", "fingerprint": "d3d41de585d36629d470ee569a87b118a766e0dd591ef053d7ba4de8a99c8081", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3d41de585d36629d470ee569a87b118a766e0dd591ef053d7ba4de8a99c8081"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144575, "scanner": "repobility-ast-engine", "fingerprint": "29e72a5c4a25b6a947c6203710a9aba03159910a6610862df8ca0e3f0a31fe13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29e72a5c4a25b6a947c6203710a9aba03159910a6610862df8ca0e3f0a31fe13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144574, "scanner": "repobility-ast-engine", "fingerprint": "6ebede0f567e34bd391793590f5398c940c3fce6b7b04424995b90cc8f222db7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ebede0f567e34bd391793590f5398c940c3fce6b7b04424995b90cc8f222db7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144573, "scanner": "repobility-ast-engine", "fingerprint": "b8d9007182d738211ed1e0a10b3c081580171c02b423a3762464910ea29ed64d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8d9007182d738211ed1e0a10b3c081580171c02b423a3762464910ea29ed64d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 144572, "scanner": "repobility-ast-engine", "fingerprint": "d87dac4d54c3065764b46ef6aa4a1225280ea7bbaca986188e4ad95f5b04f56e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d87dac4d54c3065764b46ef6aa4a1225280ea7bbaca986188e4ad95f5b04f56e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144571, "scanner": "repobility-ast-engine", "fingerprint": "77d594ea9483b5cbb898ef1b5ffc906f5ed62d51655f12d600123df55634312a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77d594ea9483b5cbb898ef1b5ffc906f5ed62d51655f12d600123df55634312a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144570, "scanner": "repobility-ast-engine", "fingerprint": "177bfb33f49eee3701706b6536e5db86dcd84b9863ec9dd90fc1df6b5ed3d934", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|177bfb33f49eee3701706b6536e5db86dcd84b9863ec9dd90fc1df6b5ed3d934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144569, "scanner": "repobility-ast-engine", "fingerprint": "129d2566abd8bcd83d64b2081cecc61f1288ad1584d6b0220049b685d781d2e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|129d2566abd8bcd83d64b2081cecc61f1288ad1584d6b0220049b685d781d2e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144568, "scanner": "repobility-ast-engine", "fingerprint": "5101eda2d9426c212b612aa712cf4133ed9dda4cf6847f260bba10fe4348e0e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5101eda2d9426c212b612aa712cf4133ed9dda4cf6847f260bba10fe4348e0e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144567, "scanner": "repobility-ast-engine", "fingerprint": "65913cc619b028aa975ad402d197477a0d1dd19e2d579120e65820decd617f56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65913cc619b028aa975ad402d197477a0d1dd19e2d579120e65820decd617f56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144566, "scanner": "repobility-ast-engine", "fingerprint": "cf445952b3d9a58bd0057946dfccc738add6ed18f83c9ac7aab6d839b34e3eb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf445952b3d9a58bd0057946dfccc738add6ed18f83c9ac7aab6d839b34e3eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144565, "scanner": "repobility-ast-engine", "fingerprint": "69ebb3f00e3a9f5e938c1459f3eaaa10e6045c388bda96114a2d959595e57f46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69ebb3f00e3a9f5e938c1459f3eaaa10e6045c388bda96114a2d959595e57f46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertFalse` used but never assigned in __init__"}, "properties": {"repobilityId": 144564, "scanner": "repobility-ast-engine", "fingerprint": "d6ef86582ab0f1923040cae7f9f060191cff4cd8cad33ae771587a75b7c31f0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6ef86582ab0f1923040cae7f9f060191cff4cd8cad33ae771587a75b7c31f0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144563, "scanner": "repobility-ast-engine", "fingerprint": "1bfc5aeed8f3ffe90eb9f1e8f7fe4ebd441fb868eae64a34dd144aa59c768f90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1bfc5aeed8f3ffe90eb9f1e8f7fe4ebd441fb868eae64a34dd144aa59c768f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144562, "scanner": "repobility-ast-engine", "fingerprint": "b142ca18a66d8f8566335922cb473c5348b66bfd1264e4c0be0b40fce1ff3819", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b142ca18a66d8f8566335922cb473c5348b66bfd1264e4c0be0b40fce1ff3819"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertTrue` used but never assigned in __init__"}, "properties": {"repobilityId": 144561, "scanner": "repobility-ast-engine", "fingerprint": "d1ea38deef57096aec823ac2dd770610baa8224cff6c6eb0de899891ae9fb52a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1ea38deef57096aec823ac2dd770610baa8224cff6c6eb0de899891ae9fb52a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertIn` used but never assigned in __init__"}, "properties": {"repobilityId": 144560, "scanner": "repobility-ast-engine", "fingerprint": "b484d1ebc81c128db0bedead1f992608e6d1c90b32b0190eedfd2f19a55016b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b484d1ebc81c128db0bedead1f992608e6d1c90b32b0190eedfd2f19a55016b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144559, "scanner": "repobility-ast-engine", "fingerprint": "36f8cb6146e1f5767598a69e26d8cf8c30b5eb9c5ca8bb5648832d0ed2b3b89b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36f8cb6146e1f5767598a69e26d8cf8c30b5eb9c5ca8bb5648832d0ed2b3b89b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144558, "scanner": "repobility-ast-engine", "fingerprint": "4c4ab6f0e6dabc3f39889f9a1e43c5ff4103dbf099f8032aaec8340e29fd1875", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c4ab6f0e6dabc3f39889f9a1e43c5ff4103dbf099f8032aaec8340e29fd1875"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144557, "scanner": "repobility-ast-engine", "fingerprint": "40bcb78a40b2f4a7b5c14939640a314af66d7d1b9c532c53a3bf4a2ffdcabfe5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40bcb78a40b2f4a7b5c14939640a314af66d7d1b9c532c53a3bf4a2ffdcabfe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144556, "scanner": "repobility-ast-engine", "fingerprint": "894475923a8570fd13cdd6b211b12dc8dfa8d3e4b3119bb2dfe51f3cc28ff35e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|894475923a8570fd13cdd6b211b12dc8dfa8d3e4b3119bb2dfe51f3cc28ff35e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144555, "scanner": "repobility-ast-engine", "fingerprint": "4dcf3818976d145b79d6fa0466dd465148d07f09b6bdd9a56fab0e45300706cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4dcf3818976d145b79d6fa0466dd465148d07f09b6bdd9a56fab0e45300706cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144554, "scanner": "repobility-ast-engine", "fingerprint": "c11a0d35daf8d4da32b6fedcae43482a5eedec2000623b65d64b738ad518f1b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c11a0d35daf8d4da32b6fedcae43482a5eedec2000623b65d64b738ad518f1b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assertEqual` used but never assigned in __init__"}, "properties": {"repobilityId": 144553, "scanner": "repobility-ast-engine", "fingerprint": "129a7ac78f71a06305adf5e50f6ae71163d557674185741d36499faf96af5c7a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|129a7ac78f71a06305adf5e50f6ae71163d557674185741d36499faf96af5c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release_notes_test.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "GHSA-xq3m-2v4x-88gg", "level": "error", "message": {"text": "protobufjs: GHSA-xq3m-2v4x-88gg"}, "properties": {"repobilityId": 144832, "scanner": "osv-scanner", "fingerprint": "6fde98b7b8614c8e1afd1a7ac1591a7f5176212e453b282f949299c9e14f0e9b", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41242"], "package": "protobufjs", "rule_id": "GHSA-xq3m-2v4x-88gg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-41242|docs/site/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g38r-8gmr-ghrf", "level": "error", "message": {"text": "mysten-metrics: GHSA-g38r-8gmr-ghrf"}, "properties": {"repobilityId": 144784, "scanner": "osv-scanner", "fingerprint": "8152bc22fb2c642ed613ddd1f7ebda0b8206ac1f2e6b02f8606303ed27434c53", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["RUSTSEC-2026-0107"], "package": "mysten-metrics", "rule_id": "GHSA-g38r-8gmr-ghrf", "scanner": "osv-scanner", "correlation_key": "vuln|mysten-metrics|GHSA-G38R-8GMR-GHRF|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-g38r-8gmr-ghrf", "RUSTSEC-2026-0107"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["26114ae982a4875fbab968c231166198896e6e7c0c255d0056190409eec1c7f6", "8152bc22fb2c642ed613ddd1f7ebda0b8206ac1f2e6b02f8606303ed27434c53"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 144708, "scanner": "repobility-threat-engine", "fingerprint": "4c784ee1c0adead896c15e52d9cf1288364a088b19ff4b7b986bf2462d423167", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|scripts/local-testbed.sh|3|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/local-testbed.sh"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 144707, "scanner": "repobility-threat-engine", "fingerprint": "7c3507af47a798fe5927b974cad5ac33b3d169ee412cf3dd7b428bcba0f5c9ac", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c3507af47a798fe5927b974cad5ac33b3d169ee412cf3dd7b428bcba0f5c9ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/js/inline-imports.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 144706, "scanner": "repobility-threat-engine", "fingerprint": "63381e5b607bdb3717d8945e54b59235c3e110cb4ab5e3bcf4abe4dbde1a143d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(UTILS_PATH", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|63381e5b607bdb3717d8945e54b59235c3e110cb4ab5e3bcf4abe4dbde1a143d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/shared/js/inline-imports.js"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 144695, "scanner": "repobility-threat-engine", "fingerprint": "9b1315726a5b6141ad1a925595e21701bfa9da5b546970307a62a9f6f1a028f5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b1315726a5b6141ad1a925595e21701bfa9da5b546970307a62a9f6f1a028f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-yaml-files.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 144694, "scanner": "repobility-threat-engine", "fingerprint": "09e8ae6808a2002a0a24c221739d9ef3dce9ec94ec3d24cbac1a5d5ae1627448", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|56|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-yaml-files.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 144693, "scanner": "repobility-threat-engine", "fingerprint": "da307ee157498318317b410e209ca335c73570d38c17efad8504953b8d417440", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(yamlContent)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|da307ee157498318317b410e209ca335c73570d38c17efad8504953b8d417440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/site/src/scripts/copy-yaml-files.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "properties": {"repobilityId": 144613, "scanner": "repobility-supply-chain", "fingerprint": "2b165ab2e91b739797fe271e0a1e547981ee386b3e93d7978337e55d53fdfe4d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b165ab2e91b739797fe271e0a1e547981ee386b3e93d7978337e55d53fdfe4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "properties": {"repobilityId": 144612, "scanner": "repobility-supply-chain", "fingerprint": "87567837fdccce3e636d47c660f98ef880e6074726c158c5d8a893b79da9b921", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87567837fdccce3e636d47c660f98ef880e6074726c158c5d8a893b79da9b921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "properties": {"repobilityId": 144611, "scanner": "repobility-supply-chain", "fingerprint": "1e795c7141950fd11aecddaa09acc5973177a705ee8368bde76525407b237ffc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e795c7141950fd11aecddaa09acc5973177a705ee8368bde76525407b237ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "properties": {"repobilityId": 144610, "scanner": "repobility-supply-chain", "fingerprint": "a88d341f7f73d2b16c12cccbca47ba7552c6ca58093de1fa49f45ee6331b77b7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a88d341f7f73d2b16c12cccbca47ba7552c6ca58093de1fa49f45ee6331b77b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GCP_WALRUS_RELEASE_BUCKET_SVCUSER_CREDENTIALS` on a `pull_request` trigger"}, "properties": {"repobilityId": 144609, "scanner": "repobility-supply-chain", "fingerprint": "79b2ddcaf556d6862d33ff1c09978a815d4a66844cc6945b4e1a57601445d3c2", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79b2ddcaf556d6862d33ff1c09978a815d4a66844cc6945b4e1a57601445d3c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/code.yml"}, "region": {"startLine": 75}}}]}]}]}