npm - mobbdev - Versions diffs - 0.0.182 → 0.0.184 - Mend

mobbdev 0.0.182 → 0.0.184

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +732 -613
package/package.json +5 -4

package/dist/index.mjs CHANGED Viewed

@@ -37,7 +37,7 @@ import { fileURLToPath } from "node:url";
 import chalk from "chalk";
 import Debug from "debug";
 import * as dotenv from "dotenv";
-import { z as z2 } from "zod";
+import { z as z4 } from "zod";
 // src/features/analysis/scm/generates/client_generates.ts
 var FixQuestionInputType = /* @__PURE__ */ ((FixQuestionInputType2) => {
@@ -122,6 +122,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["HardcodedDomainInHtml"] = "HARDCODED_DOMAIN_IN_HTML";
   IssueType_Enum2["HardcodedSecrets"] = "HARDCODED_SECRETS";
   IssueType_Enum2["HeaderManipulation"] = "HEADER_MANIPULATION";
+  IssueType_Enum2["HeapInspection"] = "HEAP_INSPECTION";
   IssueType_Enum2["HtmlCommentInJsp"] = "HTML_COMMENT_IN_JSP";
   IssueType_Enum2["HttpOnlyCookie"] = "HTTP_ONLY_COOKIE";
   IssueType_Enum2["HttpResponseSplitting"] = "HTTP_RESPONSE_SPLITTING";
@@ -650,467 +651,589 @@ function getSdk(client, withWrapper = defaultWrapper) {
 }
 // src/features/analysis/scm/shared/src/types.ts
+import { z as z3 } from "zod";
+// src/features/analysis/scm/shared/src/validations.ts
+import { z as z2 } from "zod";
+// src/features/analysis/scm/shared/src/getIssueType.ts
 import { z } from "zod";
-var OrganizationScreenQueryParamsZ = z.object({
-  organizationId: z.string().uuid()
+var issueTypeMap = {
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
+  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
+  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
+  ["CMDi" /* CmDi */]: "Command Injection",
+  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
+  ["XXE" /* Xxe */]: "XXE",
+  ["XSS" /* Xss */]: "XSS",
+  ["PT" /* Pt */]: "Path Traversal",
+  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
+  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
+  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
+  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
+  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
+  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
+  ["LOG_FORGING" /* LogForging */]: "Log Forging",
+  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
+  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
+  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
+  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
+  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
+  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
+  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
+  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
+  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
+  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
+  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
+  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
+  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
+  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
+  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
+  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
+  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
+  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
+  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
+  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
+  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
+  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
+  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
+  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
+  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
+  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
+  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
+  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
+  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
+  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
+  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
+  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
+  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
+  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
+  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
+  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
+  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
+  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
+  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
+  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
+  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
+  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
+  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
+  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
+  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
+  ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
+  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
+  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
+};
+var issueTypeZ = z.nativeEnum(IssueType_Enum);
+var getIssueTypeFriendlyString = (issueType) => {
+  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
+  if (!issueTypeZParseRes.success) {
+    return issueType ? issueType.replaceAll("_", " ") : "Other";
+  }
+  return issueTypeMap[issueTypeZParseRes.data];
+};
+// src/features/analysis/scm/shared/src/validations.ts
+var IssueTypeSettingZ = z2.object({
+  autoPrEnabled: z2.boolean(),
+  enabled: z2.boolean(),
+  issueType: z2.nativeEnum(IssueType_Enum)
+});
+var IssueTypeSettingsZ = z2.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
+  return Object.values(IssueType_Enum).map((issueTypeEnum) => {
+    const existingIssueTypeSetting = issueTypeSettings.find(
+      ({ issueType: dbIssueType }) => dbIssueType === issueTypeEnum
+    );
+    if (existingIssueTypeSetting) {
+      return existingIssueTypeSetting;
+    }
+    return {
+      autoPrEnabled: false,
+      enabled: true,
+      issueType: issueTypeEnum
+    };
+  }).sort((a, b) => {
+    return getIssueTypeFriendlyString(a.issueType).localeCompare(
+      getIssueTypeFriendlyString(b.issueType)
+    );
+  });
 });
-var ProjectPageQueryParamsZ = z.object({
-  organizationId: z.string().uuid(),
-  projectId: z.string().uuid()
+// src/features/analysis/scm/shared/src/types.ts
+var OrganizationScreenQueryParamsZ = z3.object({
+  organizationId: z3.string().uuid()
+});
+var ProjectPageQueryParamsZ = z3.object({
+  organizationId: z3.string().uuid(),
+  projectId: z3.string().uuid()
 });
 var AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
-  reportId: z.string().uuid()
+  reportId: z3.string().uuid()
 });
 var FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
-  fixId: z.string().uuid()
+  fixId: z3.string().uuid()
 });
-var CliLoginPageQueryParamsZ = z.object({
-  loginId: z.string().uuid()
+var CliLoginPageQueryParamsZ = z3.object({
+  loginId: z3.string().uuid()
 });
-var ScmSubmitFixRequestsZ = z.array(
-  z.object({
-    scmSubmitFixRequest: z.object({
-      submitFixRequest: z.object({
-        createdByUser: z.object({
-          email: z.string()
+var ScmSubmitFixRequestsZ = z3.array(
+  z3.object({
+    scmSubmitFixRequest: z3.object({
+      submitFixRequest: z3.object({
+        createdByUser: z3.object({
+          email: z3.string()
         })
       }),
-      prUrl: z.string().nullable(),
-      scmId: z.string()
+      prUrl: z3.string().nullable(),
+      commitUrl: z3.string().nullable(),
+      scmId: z3.string()
     })
   })
 );
-var AnalysisReportDigestedZ = z.object({
-  id: z.string().uuid(),
-  state: z.nativeEnum(Fix_Report_State_Enum),
-  vulnerabilityReport: z.object({
-    reportSummaryUrl: z.string().url().nullish(),
-    scanDate: z.string().nullable(),
-    supported: z.object({
-      aggregate: z.object({
-        count: z.number()
+var AnalysisReportDigestedZ = z3.object({
+  id: z3.string().uuid(),
+  state: z3.nativeEnum(Fix_Report_State_Enum),
+  vulnerabilityReport: z3.object({
+    reportSummaryUrl: z3.string().url().nullish(),
+    scanDate: z3.string().nullable(),
+    supported: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    all: z.object({
-      aggregate: z.object({
-        count: z.number()
+    all: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
-    project: z.object({
-      organizationId: z.string().uuid()
+    vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum),
+    project: z3.object({
+      organizationId: z3.string().uuid()
     })
   })
 });
-var FixRatingZ = z.object({
-  voteScore: z.number(),
-  fixRatingTag: z.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
-  comment: z.string().nullable().default(null),
-  updatedDate: z.string().nullable(),
-  user: z.object({
-    email: z.string(),
-    name: z.string()
+var FixRatingZ = z3.object({
+  voteScore: z3.number(),
+  fixRatingTag: z3.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
+  comment: z3.string().nullable().default(null),
+  updatedDate: z3.string().nullable(),
+  user: z3.object({
+    email: z3.string(),
+    name: z3.string()
   })
 });
-var ReportQueryResultZ = z.object({
-  fixReport_by_pk: z.object({
-    id: z.string().uuid(),
-    fixesCommitted: z.object({
-      aggregate: z.object({ count: z.number() })
+var ReportQueryResultZ = z3.object({
+  fixReport_by_pk: z3.object({
+    id: z3.string().uuid(),
+    fixesCommitted: z3.object({
+      aggregate: z3.object({ count: z3.number() })
     }),
-    fixesDownloaded: z.object({
-      aggregate: z.object({ count: z.number() })
+    fixesDownloaded: z3.object({
+      aggregate: z3.object({ count: z3.number() })
     }),
-    fixesReadyCount: z.number(),
-    issueTypes: z.record(z.string(), z.number()).nullable(),
-    issueLanguages: z.record(z.string(), z.number()).nullable(),
-    fixesCountByEffort: z.record(z.string(), z.number()).nullable(),
-    vulnerabilitySeverities: z.record(z.string(), z.number()).nullable(),
-    createdOn: z.string(),
-    expirationOn: z.string().nullable(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+    fixesReadyCount: z3.number(),
+    issueTypes: z3.record(z3.string(), z3.number()).nullable(),
+    issueLanguages: z3.record(z3.string(), z3.number()).nullable(),
+    fixesCountByEffort: z3.record(z3.string(), z3.number()).nullable(),
+    vulnerabilitySeverities: z3.record(z3.string(), z3.number()).nullable(),
+    createdOn: z3.string(),
+    expirationOn: z3.string().nullable(),
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    fixes: z.array(
-      z.object({
-        id: z.string().uuid(),
-        safeIssueLanguage: z.string(),
-        safeIssueType: z.string(),
-        confidence: z.number(),
-        effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-        modifiedBy: z.string().nullable(),
-        gitBlameLogin: z.string().nullable(),
-        fixReportId: z.string().uuid(),
-        vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-        filePaths: z.array(
-          z.object({
-            fileRepoRelativePath: z.string()
+    fixes: z3.array(
+      z3.object({
+        id: z3.string().uuid(),
+        safeIssueLanguage: z3.string(),
+        safeIssueType: z3.string(),
+        confidence: z3.number(),
+        effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+        modifiedBy: z3.string().nullable(),
+        gitBlameLogin: z3.string().nullable(),
+        fixReportId: z3.string().uuid(),
+        vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+        filePaths: z3.array(
+          z3.object({
+            fileRepoRelativePath: z3.string()
           })
         ),
-        state: z.nativeEnum(Fix_State_Enum),
-        numberOfVulnerabilityIssues: z.number(),
-        vulnerabilityReportIssues: z.array(
-          z.object({
-            issueType: z.string(),
-            issueLanguage: z.string()
+        state: z3.nativeEnum(Fix_State_Enum),
+        numberOfVulnerabilityIssues: z3.number(),
+        vulnerabilityReportIssues: z3.array(
+          z3.object({
+            issueType: z3.string(),
+            issueLanguage: z3.string()
           })
         ),
         scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-        isArchived: z.boolean().nullable(),
-        fixRatings: z.array(FixRatingZ).default([])
+        isArchived: z3.boolean().nullable(),
+        fixRatings: z3.array(FixRatingZ).default([])
       })
     ),
-    repo: z.object({
-      name: z.string().nullable(),
-      originalUrl: z.string(),
-      reference: z.string(),
-      commitSha: z.string(),
-      isKnownBranch: z.boolean().nullish().default(true)
+    repo: z3.object({
+      name: z3.string().nullable(),
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      commitSha: z3.string(),
+      isKnownBranch: z3.boolean().nullish().default(true)
     }),
-    vulnerabilityReport: z.object({
-      reportSummaryUrl: z.string().url().nullish(),
-      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-      issuesWithKnownLanguage: z.number().nullable(),
-      scanDate: z.string().nullable(),
-      vendorReportId: z.string().uuid().nullable(),
-      projectId: z.string().uuid(),
-      project: z.object({
-        organizationId: z.string().uuid()
+    vulnerabilityReport: z3.object({
+      reportSummaryUrl: z3.string().url().nullish(),
+      vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+      issuesWithKnownLanguage: z3.number().nullable(),
+      scanDate: z3.string().nullable(),
+      vendorReportId: z3.string().uuid().nullable(),
+      projectId: z3.string().uuid(),
+      project: z3.object({
+        organizationId: z3.string().uuid()
       }),
-      file: z.object({
-        id: z.string().uuid(),
-        path: z.string()
+      file: z3.object({
+        id: z3.string().uuid(),
+        path: z3.string()
       }),
-      pending: z.object({
-        aggregate: z.object({
-          count: z.number()
+      pending: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      supported: z.object({
-        aggregate: z.object({
-          count: z.number()
+      supported: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      digested: z.object({
-        aggregate: z.object({
-          count: z.number()
+      digested: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      all: z.object({
-        aggregate: z.object({
-          count: z.number()
+      all: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      fixable: z.object({
-        aggregate: z.object({
-          count: z.number()
+      fixable: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      errors: z.object({
-        aggregate: z.object({
-          count: z.number()
+      errors: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      vulnerabilityReportIssues: z.object({
-        extraData: z.object({
-          missing_files: z.string().array().nullish(),
-          large_files: z.string().array().nullish(),
-          error_files: z.string().array().nullish()
+      vulnerabilityReportIssues: z3.object({
+        extraData: z3.object({
+          missing_files: z3.string().array().nullish(),
+          large_files: z3.string().array().nullish(),
+          error_files: z3.string().array().nullish()
         })
       }).array()
     })
   })
 });
-var ReportFixesQueryZ = z.array(
-  z.object({
-    id: z.string().uuid(),
-    state: z.nativeEnum(Fix_State_Enum),
-    isArchived: z.boolean().nullable(),
-    confidence: z.number(),
-    gitBlameLogin: z.string().nullable(),
-    effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-    safeIssueLanguage: z.string(),
-    safeIssueType: z.string(),
-    vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-    fixReportId: z.string().uuid(),
-    filePaths: z.array(
-      z.object({
-        fileRepoRelativePath: z.string()
+var ReportFixesQueryZ = z3.array(
+  z3.object({
+    id: z3.string().uuid(),
+    state: z3.nativeEnum(Fix_State_Enum),
+    isArchived: z3.boolean().nullable(),
+    confidence: z3.number(),
+    gitBlameLogin: z3.string().nullable(),
+    effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+    safeIssueLanguage: z3.string(),
+    safeIssueType: z3.string(),
+    vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+    fixReportId: z3.string().uuid(),
+    filePaths: z3.array(
+      z3.object({
+        fileRepoRelativePath: z3.string()
       })
     ),
-    numberOfVulnerabilityIssues: z.number(),
-    vulnerabilityReportIssues: z.array(
-      z.object({
-        issueType: z.string(),
-        issueLanguage: z.string()
+    numberOfVulnerabilityIssues: z3.number(),
+    vulnerabilityReportIssues: z3.array(
+      z3.object({
+        issueType: z3.string(),
+        issueLanguage: z3.string()
       })
     ),
     scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-    fixRatings: z.array(FixRatingZ).default([])
+    fixRatings: z3.array(FixRatingZ).default([])
   })
 );
-var ExtraContextInternalZ = z.object({
-  key: z.string(),
-  value: z.string().or(z.boolean()).or(
-    z.object({
-      int: z.boolean(),
-      integer: z.boolean(),
-      string: z.boolean(),
-      date: z.boolean()
+var ExtraContextInternalZ = z3.object({
+  key: z3.string(),
+  value: z3.string().or(z3.boolean()).or(
+    z3.object({
+      int: z3.boolean(),
+      integer: z3.boolean(),
+      string: z3.boolean(),
+      date: z3.boolean()
     })
   )
 });
-var PackageInfoZ = z.object({
-  name: z.string(),
-  version: z.string(),
-  envName: z.string().nullable()
+var PackageInfoZ = z3.object({
+  name: z3.string(),
+  version: z3.string(),
+  envName: z3.string().nullable()
 });
-var ManifestActionRequiredZ = z.object({
-  action: z.nativeEnum(ManifestAction),
-  language: z.nativeEnum(Language),
+var ManifestActionRequiredZ = z3.object({
+  action: z3.nativeEnum(ManifestAction),
+  language: z3.nativeEnum(Language),
   lib: PackageInfoZ,
   typesLib: PackageInfoZ.nullable()
 });
-var FixExtraContextZ = z.object({
-  fixDescription: z.string(),
-  manifestActionsRequired: z.array(ManifestActionRequiredZ),
-  extraContext: z.array(ExtraContextInternalZ)
+var FixExtraContextZ = z3.object({
+  fixDescription: z3.string(),
+  manifestActionsRequired: z3.array(ManifestActionRequiredZ),
+  extraContext: z3.array(ExtraContextInternalZ)
 });
-var PatchAndQuestionsZ = z.object({
-  __typename: z.literal("FixData"),
-  patch: z.string(),
-  questions: z.array(
-    z.object({
-      name: z.string(),
-      key: z.string(),
-      index: z.number(),
-      defaultValue: z.string(),
-      value: z.string().nullable(),
-      extraContext: z.array(ExtraContextInternalZ),
-      inputType: z.nativeEnum(FixQuestionInputType),
-      options: z.array(z.string())
+var PatchAndQuestionsZ = z3.object({
+  __typename: z3.literal("FixData"),
+  patch: z3.string(),
+  questions: z3.array(
+    z3.object({
+      name: z3.string(),
+      key: z3.string(),
+      index: z3.number(),
+      defaultValue: z3.string(),
+      value: z3.string().nullable(),
+      extraContext: z3.array(ExtraContextInternalZ),
+      inputType: z3.nativeEnum(FixQuestionInputType),
+      options: z3.array(z3.string())
     })
   ),
   extraContext: FixExtraContextZ
 });
-var FixQueryZ = z.object({
-  __typename: z.literal("fix").optional(),
-  id: z.string().uuid(),
-  state: z.nativeEnum(Fix_State_Enum),
-  modifiedBy: z.string().nullable(),
-  gitBlameLogin: z.string().nullable(),
-  safeIssueLanguage: z.string(),
-  safeIssueType: z.string(),
-  confidence: z.number(),
-  fixReportId: z.string().uuid(),
-  isExpired: z.boolean().default(false),
-  isArchived: z.boolean().nullable(),
+var FixQueryZ = z3.object({
+  __typename: z3.literal("fix").optional(),
+  id: z3.string().uuid(),
+  state: z3.nativeEnum(Fix_State_Enum),
+  modifiedBy: z3.string().nullable(),
+  gitBlameLogin: z3.string().nullable(),
+  safeIssueLanguage: z3.string(),
+  safeIssueType: z3.string(),
+  confidence: z3.number(),
+  fixReportId: z3.string().uuid(),
+  isExpired: z3.boolean().default(false),
+  isArchived: z3.boolean().nullable(),
   // TODO: remove nullish once the data on the backend is ready
-  vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-  fixFiles: z.array(
-    z.object({
-      fileRepoRelativePath: z.string()
+  vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+  fixFiles: z3.array(
+    z3.object({
+      fileRepoRelativePath: z3.string()
     })
   ),
-  numberOfVulnerabilityIssues: z.number(),
-  vulnerabilityReportIssues: z.array(
-    z.object({
-      vendorIssueId: z.string(),
-      issueLanguage: z.string()
+  numberOfVulnerabilityIssues: z3.number(),
+  vulnerabilityReportIssues: z3.array(
+    z3.object({
+      vendorIssueId: z3.string(),
+      issueLanguage: z3.string()
     })
   ),
   patchAndQuestions: PatchAndQuestionsZ,
   scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-  effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-  fixRatings: z.array(FixRatingZ).default([])
+  effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+  fixRatings: z3.array(FixRatingZ).default([])
 });
-var FixScreenQueryResultZ = z.object({
-  fixReport_by_pk: z.object({
-    id: z.string().uuid(),
-    expirationOn: z.string(),
-    createdOn: z.string(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+var FixScreenQueryResultZ = z3.object({
+  fixReport_by_pk: z3.object({
+    id: z3.string().uuid(),
+    expirationOn: z3.string(),
+    createdOn: z3.string(),
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    repo: z.object({
-      name: z.string().nullable(),
-      originalUrl: z.string(),
-      reference: z.string(),
-      commitSha: z.string()
+    repo: z3.object({
+      name: z3.string().nullable(),
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      commitSha: z3.string()
     }),
-    vulnerabilityReport: z.object({
-      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
-      vendorReportId: z.string().uuid().nullable(),
-      projectId: z.string().uuid(),
-      project: z.object({
-        organizationId: z.string().uuid()
+    vulnerabilityReport: z3.object({
+      vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum),
+      vendorReportId: z3.string().uuid().nullable(),
+      projectId: z3.string().uuid(),
+      project: z3.object({
+        organizationId: z3.string().uuid()
       }),
-      file: z.object({
-        id: z.string().uuid(),
-        path: z.string()
+      file: z3.object({
+        id: z3.string().uuid(),
+        path: z3.string()
       }),
-      pending: z.object({
-        aggregate: z.object({
-          count: z.number()
+      pending: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      supported: z.object({
-        aggregate: z.object({
-          count: z.number()
+      supported: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      all: z.object({
-        aggregate: z.object({
-          count: z.number()
+      all: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      fixable: z.object({
-        aggregate: z.object({
-          count: z.number()
+      fixable: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      errors: z.object({
-        aggregate: z.object({
-          count: z.number()
+      errors: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      vulnerabilityReportIssues: z.object({
-        extraData: z.object({
-          missing_files: z.string().array().nullish(),
-          large_files: z.string().array().nullish(),
-          error_files: z.string().array().nullish()
+      vulnerabilityReportIssues: z3.object({
+        extraData: z3.object({
+          missing_files: z3.string().array().nullish(),
+          large_files: z3.string().array().nullish(),
+          error_files: z3.string().array().nullish()
         })
       }).array()
     })
   }),
   fix_by_pk: FixQueryZ.merge(
-    z.object({
-      vulnerabilityReportIssues: z.array(
-        z.object({
-          vendorIssueId: z.string(),
-          issueType: z.string(),
-          issueLanguage: z.string()
+    z3.object({
+      vulnerabilityReportIssues: z3.array(
+        z3.object({
+          vendorIssueId: z3.string(),
+          issueType: z3.string(),
+          issueLanguage: z3.string()
         })
       )
     })
   ),
-  fixesWithSameIssueType: z.object({
-    fix: z.array(z.object({ id: z.string().uuid() }))
+  fixesWithSameIssueType: z3.object({
+    fix: z3.array(z3.object({ id: z3.string().uuid() }))
   })
 });
-var FixReportByProjectZ = z.object({
-  project_by_pk: z.object({
-    vulnerabilityReports: z.array(
-      z.object({
-        fixReport: z.object({ id: z.string().uuid() }).nullable()
+var FixReportByProjectZ = z3.object({
+  project_by_pk: z3.object({
+    vulnerabilityReports: z3.array(
+      z3.object({
+        fixReport: z3.object({ id: z3.string().uuid() }).nullable()
       })
     )
   })
 });
-var FixPageQueryZ = z.object({
+var FixPageQueryZ = z3.object({
   data: FixScreenQueryResultZ
 });
-var GetReportFixesQueryZ = z.object({
-  fixReport: z.object({
+var GetReportFixesQueryZ = z3.object({
+  fixReport: z3.object({
     fixes: ReportFixesQueryZ,
-    vulnerabilityReport: z.object({
-      vulnerabilityReportIssues_aggregate: z.object({
-        aggregate: z.object({ count: z.number() })
+    vulnerabilityReport: z3.object({
+      vulnerabilityReportIssues_aggregate: z3.object({
+        aggregate: z3.object({ count: z3.number() })
       })
     })
   }).array()
 }).nullish();
-var ProjectVulnerabilityReport = z.object({
-  id: z.string().uuid(),
-  name: z.string().nullable(),
-  vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-  fixReport: z.object({
-    id: z.string().uuid(),
-    createdOn: z.string(),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+var ProjectVulnerabilityReport = z3.object({
+  id: z3.string().uuid(),
+  name: z3.string().nullable(),
+  vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+  fixReport: z3.object({
+    id: z3.string().uuid(),
+    createdOn: z3.string(),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    issueTypes: z.record(z.string(), z.number()).nullable(),
-    issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
-    fixesCountByEffort: z.record(z.nativeEnum(Effort_To_Apply_Fix_Enum), z.number()).nullable(),
-    vulnerabilitySeverities: z.record(z.nativeEnum(Vulnerability_Severity_Enum), z.number()).nullable(),
-    fixesDoneCount: z.number(),
-    fixesInprogressCount: z.number(),
-    fixesReadyCount: z.number(),
-    repo: z.object({
-      originalUrl: z.string(),
-      reference: z.string(),
-      name: z.string()
+    issueTypes: z3.record(z3.string(), z3.number()).nullable(),
+    issueLanguages: z3.record(z3.nativeEnum(IssueLanguage_Enum), z3.number()).nullable(),
+    fixesCountByEffort: z3.record(z3.nativeEnum(Effort_To_Apply_Fix_Enum), z3.number()).nullable(),
+    vulnerabilitySeverities: z3.record(z3.nativeEnum(Vulnerability_Severity_Enum), z3.number()).nullable(),
+    fixesDoneCount: z3.number(),
+    fixesInprogressCount: z3.number(),
+    fixesReadyCount: z3.number(),
+    repo: z3.object({
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      name: z3.string()
     }),
-    createdByUser: z.object({
-      email: z.string()
+    createdByUser: z3.object({
+      email: z3.string()
     }).nullable(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    expirationOn: z.string()
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    expirationOn: z3.string()
   })
 });
-var ProjectGetProjectZ = z.object({
-  id: z.string().uuid(),
-  name: z.string(),
-  vulnerabilityReports: z.object({
-    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-    fixReport: z.object({
-      issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
-      state: z.nativeEnum(Fix_Report_State_Enum),
-      fixes_aggregate: z.object({
-        aggregate: z.object({
-          count: z.number()
+var ProjectGetProjectZ = z3.object({
+  id: z3.string().uuid(),
+  name: z3.string(),
+  vulnerabilityReports: z3.object({
+    vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+    fixReport: z3.object({
+      issueLanguages: z3.record(z3.nativeEnum(IssueLanguage_Enum), z3.number()).nullable(),
+      state: z3.nativeEnum(Fix_Report_State_Enum),
+      fixes_aggregate: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      repo: z.object({
-        originalUrl: z.string(),
-        reference: z.string()
+      repo: z3.object({
+        originalUrl: z3.string(),
+        reference: z3.string()
       }),
-      expirationOn: z.string()
+      expirationOn: z3.string()
     })
   }).array()
 });
-var GetProjectsQueryZ = z.array(ProjectGetProjectZ);
-var ProjectPageQueryResultZ = z.object({
-  name: z.string(),
-  id: z.string().uuid(),
-  isDefault: z.boolean().default(false),
-  organizationId: z.string().uuid(),
-  vulnerabilityReports: z.array(ProjectVulnerabilityReport)
+var GetProjectsQueryZ = z3.array(ProjectGetProjectZ);
+var ProjectPageQueryResultZ = z3.object({
+  name: z3.string(),
+  id: z3.string().uuid(),
+  isDefault: z3.boolean().default(false),
+  organizationId: z3.string().uuid(),
+  vulnerabilityReports: z3.array(ProjectVulnerabilityReport),
+  projectIssueTypeSettings: z3.array(
+    IssueTypeSettingZ.merge(z3.object({ id: z3.string() }))
+  )
 });
-var GetProjectMembersDataZ = z.object({
-  project_by_pk: z.object({
-    name: z.string(),
-    id: z.string(),
-    projectUsers: z.array(
-      z.object({
-        projectToRole: z.object({
-          projectRole: z.object({
-            type: z.nativeEnum(Project_Role_Type_Enum)
+var GetProjectMembersDataZ = z3.object({
+  project_by_pk: z3.object({
+    name: z3.string(),
+    id: z3.string(),
+    projectUsers: z3.array(
+      z3.object({
+        projectToRole: z3.object({
+          projectRole: z3.object({
+            type: z3.nativeEnum(Project_Role_Type_Enum)
           })
         }),
-        user: z.object({
-          id: z.string().uuid(),
-          picture: z.string().optional(),
-          name: z.string().nullish(),
-          email: z.string().email()
+        user: z3.object({
+          id: z3.string().uuid(),
+          picture: z3.string().optional(),
+          name: z3.string().nullish(),
+          email: z3.string().email()
         })
       })
     )
   })
 });
-var RepoArgs = z.object({
-  originalUrl: z.string().url(),
-  branch: z.string(),
-  commitSha: z.string()
+var RepoArgs = z3.object({
+  originalUrl: z3.string().url(),
+  branch: z3.string(),
+  commitSha: z3.string()
 });
 var scmCloudUrl = {
   GitLab: "https://gitlab.com",
@@ -1150,12 +1273,12 @@ var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Codeql]: "codeql" /* Codeql */,
   [SCANNERS.Fortify]: "fortify" /* Fortify */
 };
-var SupportedScannersZ = z2.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z2.object({
-  WEB_APP_URL: z2.string(),
-  API_URL: z2.string(),
-  HASURA_ACCESS_KEY: z2.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z2.string()
+var SupportedScannersZ = z4.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z4.object({
+  WEB_APP_URL: z4.string(),
+  API_URL: z4.string(),
+  HASURA_ACCESS_KEY: z4.string(),
+  LOCAL_GRAPHQL_ENDPOINT: z4.string()
 }).required();
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
@@ -1293,7 +1416,7 @@ import fetch4 from "node-fetch";
 import open2 from "open";
 import semver from "semver";
 import tmp2 from "tmp";
-import { z as z21 } from "zod";
+import { z as z22 } from "zod";
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug7 from "debug";
@@ -1305,29 +1428,33 @@ var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 import querystring3 from "node:querystring";
 import * as api from "azure-devops-node-api";
 import Debug3 from "debug";
-import { z as z17 } from "zod";
+import { z as z18 } from "zod";
 // src/features/analysis/scm/env.ts
-import { z as z3 } from "zod";
-var EnvVariablesZod = z3.object({
-  GITLAB_API_TOKEN: z3.string().optional(),
-  GITHUB_API_TOKEN: z3.string().optional(),
-  GIT_PROXY_HOST: z3.string()
+import { z as z5 } from "zod";
+var EnvVariablesZod = z5.object({
+  GITLAB_API_TOKEN: z5.string().optional(),
+  GITHUB_API_TOKEN: z5.string().optional(),
+  GIT_PROXY_HOST: z5.string()
 });
 var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
 // src/features/analysis/scm/scm.ts
-import { z as z15 } from "zod";
+import { z as z16 } from "zod";
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring from "node:querystring";
 import bitbucketPkg from "bitbucket";
 import * as bitbucketPkgNode from "bitbucket";
 import Debug2 from "debug";
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+var MAX_BRANCHES_FETCH = 100;
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
-import { z as z5 } from "zod";
+import { z as z6 } from "zod";
 // src/features/analysis/scm/shared/src/fixDetailsData.ts
 var fixDetailsData = {
@@ -1547,93 +1674,11 @@ var fixDetailsData = {
     fixInstructions: "Use express-rate-limit npm package to set a rate limit."
   },
   ["MISSING_CSP_HEADER" /* MissingCspHeader */]: void 0,
-  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0
-};
-// src/features/analysis/scm/shared/src/getIssueType.ts
-import { z as z4 } from "zod";
-var issueTypeMap = {
-  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
-  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
-  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
-  ["CMDi" /* CmDi */]: "Command Injection",
-  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
-  ["XXE" /* Xxe */]: "XXE",
-  ["XSS" /* Xss */]: "XSS",
-  ["PT" /* Pt */]: "Path Traversal",
-  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
-  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
-  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
-  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
-  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
-  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
-  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
-  ["LOG_FORGING" /* LogForging */]: "Log Forging",
-  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
-  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
-  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
-  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
-  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
-  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
-  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
-  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
-  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
-  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
-  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
-  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
-  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
-  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
-  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
-  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
-  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
-  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
-  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
-  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
-  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
-  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
-  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
-  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
-  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
-  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
-  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
-  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
-  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
-  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
-  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
-  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
-  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
-  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
-  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
-  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
-  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
-  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
-  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
-  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
-  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
-  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
-  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
-  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
-  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
-  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
-  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
-  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
-  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
-  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
-  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
-  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
-  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
-  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
-  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
-  ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
-  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML"
-};
-var issueTypeZ = z4.nativeEnum(IssueType_Enum);
-var getIssueTypeFriendlyString = (issueType) => {
-  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
-  if (!issueTypeZParseRes.success) {
-    return issueType ? issueType.replaceAll("_", " ") : "Other";
+  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: void 0,
+  ["HEAP_INSPECTION" /* HeapInspection */]: {
+    issueDescription: "All variables stored by the application in unencrypted memory can be read by an attacker. This can lead to the exposure of sensitive information, such as passwords, credit card numbers, and personal data.",
+    fixInstructions: "Use secure storage methods to store secrets in memory."
   }
-  return issueTypeMap[issueTypeZParseRes.data];
 };
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -1653,7 +1698,7 @@ var getCommitDescription = ({
   guidances,
   fixUrl
 }) => {
-  const parseIssueTypeRes = z5.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z6.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (!parseIssueTypeRes.success) {
     return "";
   }
@@ -1684,10 +1729,10 @@ ${guidances.map(({ guidance }) => `## Additional actions required
 };
 // src/features/analysis/scm/shared/src/guidances.ts
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-import { z as z6 } from "zod";
+import { z as z7 } from "zod";
 // src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
 var passwordInComment = {
@@ -1842,8 +1887,8 @@ var vulnerabilities6 = {
 var xml_default = vulnerabilities6;
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-var StoredFixDataItemZ = z6.object({
-  guidance: z6.function().returns(z6.string())
+var StoredFixDataItemZ = z7.object({
+  guidance: z7.function().returns(z7.string())
 });
 var languages = {
   ["Java" /* Java */]: java_default,
@@ -1855,7 +1900,7 @@ var languages = {
 };
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-import { z as z7 } from "zod";
+import { z as z8 } from "zod";
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
 var httpOnlyCookie = {
@@ -2921,10 +2966,10 @@ var vulnerabilities10 = {
 var xml_default2 = vulnerabilities10;
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-var StoredQuestionDataItemZ = z7.object({
-  content: z7.function().args(z7.any()).returns(z7.string()),
-  description: z7.function().args(z7.any()).returns(z7.string()),
-  guidance: z7.function().args(z7.any()).returns(z7.string())
+var StoredQuestionDataItemZ = z8.object({
+  content: z8.function().args(z8.any()).returns(z8.string()),
+  description: z8.function().args(z8.any()).returns(z8.string()),
+  guidance: z8.function().args(z8.any()).returns(z8.string())
 });
 var languages2 = {
   ["Java" /* Java */]: java_default2,
@@ -3017,9 +3062,9 @@ function getFixGuidances({
   const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
   return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
 }
-var IssueTypeAndLanguageZ = z8.object({
-  issueType: z8.nativeEnum(IssueType_Enum),
-  issueLanguage: z8.nativeEnum(IssueLanguage_Enum)
+var IssueTypeAndLanguageZ = z9.object({
+  issueType: z9.nativeEnum(IssueType_Enum),
+  issueLanguage: z9.nativeEnum(IssueLanguage_Enum)
 });
 function getGuidances(args) {
   const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
@@ -3057,7 +3102,7 @@ function getGuidances(args) {
 }
 // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function detectAdoUrl(args) {
   const { pathname, hostname, scmType } = args;
   const hostnameParts = hostname.split(".");
@@ -3072,7 +3117,7 @@ function detectAdoUrl(args) {
         scmType: "Ado" /* Ado */,
         organization,
         // project has single repo - repoName === projectName
-        projectName: z9.string().parse(projectName),
+        projectName: z10.string().parse(projectName),
         repoName: projectName,
         prefixPath
       };
@@ -3083,7 +3128,7 @@ function detectAdoUrl(args) {
       return {
         scmType: "Ado" /* Ado */,
         organization,
-        projectName: z9.string().parse(projectName),
+        projectName: z10.string().parse(projectName),
         repoName,
         prefixPath
       };
@@ -3097,7 +3142,7 @@ function detectAdoUrl(args) {
           scmType: "Ado" /* Ado */,
           organization,
           // project has only one repo - repoName === projectName
-          projectName: z9.string().parse(repoName),
+          projectName: z10.string().parse(repoName),
           repoName,
           prefixPath
         };
@@ -3107,7 +3152,7 @@ function detectAdoUrl(args) {
         return {
           scmType: "Ado" /* Ado */,
           organization,
-          projectName: z9.string().parse(projectName),
+          projectName: z10.string().parse(projectName),
           repoName,
           prefixPath
         };
@@ -3331,30 +3376,30 @@ var sanityRepoURL = (scmURL) => {
 };
 // src/features/analysis/scm/bitbucket/validation.ts
-import { z as z10 } from "zod";
-var BitbucketAuthResultZ = z10.object({
-  access_token: z10.string(),
-  token_type: z10.string(),
-  refresh_token: z10.string()
+import { z as z11 } from "zod";
+var BitbucketAuthResultZ = z11.object({
+  access_token: z11.string(),
+  token_type: z11.string(),
+  refresh_token: z11.string()
 });
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var debug2 = Debug2("scm:bitbucket");
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z11.object({
-  status: z11.number(),
-  error: z11.object({
-    type: z11.string(),
-    error: z11.object({
-      message: z11.string()
+var TokenExpiredErrorZ = z12.object({
+  status: z12.number(),
+  error: z12.object({
+    type: z12.string(),
+    error: z12.object({
+      message: z12.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketParseResultZ = z11.object({
-  organization: z11.string(),
-  repoName: z11.string(),
-  hostname: z11.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z12.object({
+  organization: z12.string(),
+  repoName: z12.string(),
+  hostname: z12.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -3407,12 +3452,14 @@ function getBitbucketSdk(params) {
       );
       const res = await bitbucketClient.refs.listBranches({
         repo_slug: repoSlug,
-        workspace
+        workspace,
+        pagelen: MAX_BRANCHES_FETCH,
+        sort: "-target.date"
       });
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z11.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z12.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -3527,7 +3574,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z11.string().parse(tagRes.data.target?.date))
+        date: new Date(z12.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -3535,7 +3582,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z11.string().parse(getBranchRes.target?.date))
+        date: new Date(z12.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -3543,13 +3590,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z11.string().parse(getCommitRes.date))
+        date: new Date(z12.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z11.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z12.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -3592,7 +3639,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z11.string().parse(v.slug));
+  return res.data.values?.map((v) => z12.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -4092,7 +4139,7 @@ function getGithubSdk(params = {}) {
       return octokit.rest.repos.listBranches({
         owner,
         repo,
-        per_page: 1e3,
+        per_page: MAX_BRANCHES_FETCH,
         page: 1
       });
     },
@@ -4139,11 +4186,11 @@ import {
 } from "undici";
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z12 } from "zod";
-var GitlabAuthResultZ = z12.object({
-  access_token: z12.string(),
-  token_type: z12.string(),
-  refresh_token: z12.string()
+import { z as z13 } from "zod";
+var GitlabAuthResultZ = z13.object({
+  access_token: z13.string(),
+  token_type: z13.string(),
+  refresh_token: z13.string()
 });
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -4151,7 +4198,6 @@ function removeTrailingSlash(str) {
   return str.trim().replace(/\/+$/, "");
 }
 function getGitBeaker(options) {
-  console.log("getGitBeaker starting");
   const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
   const url = options.url;
   const host = url ? new URL(url).origin : "https://gitlab.com";
@@ -4295,10 +4341,7 @@ async function getGitlabBranchList({
   const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.all(projectPath, {
-      perPage: 100,
-      pagination: "keyset",
-      orderBy: "updated_at",
-      sort: "dec"
+      perPage: MAX_BRANCHES_FETCH
     });
     return res.map((branch) => branch.name);
   } catch (e) {
@@ -4334,6 +4377,18 @@ async function getGitlabMergeRequest({
   });
   return await api2.MergeRequests.show(projectPath, prNumber);
 }
+async function getGitlabCommitUrl({
+  url,
+  commitSha,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.Commits.show(projectPath, commitSha);
+}
 async function getGitlabRepoDefaultBranch(repoUrl, options) {
   const api2 = getGitBeaker({
     url: repoUrl,
@@ -4479,80 +4534,97 @@ import parseDiff from "parse-diff";
 import path3 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
-import { z as z14 } from "zod";
+import { z as z15 } from "zod";
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z13 } from "zod";
-var BaseSubmitToScmMessageZ = z13.object({
-  submitFixRequestId: z13.string().uuid(),
-  fixes: z13.array(
-    z13.object({
-      fixId: z13.string().uuid(),
-      patches: z13.array(z13.string())
+import { z as z14 } from "zod";
+var BaseSubmitToScmMessageZ = z14.object({
+  submitFixRequestId: z14.string().uuid(),
+  fixes: z14.array(
+    z14.object({
+      fixId: z14.string().uuid(),
+      patches: z14.array(z14.string())
     })
   ),
-  commitHash: z13.string(),
-  repoUrl: z13.string(),
-  mobbUserEmail: z13.string(),
-  extraHeaders: z13.record(z13.string(), z13.string()).default({})
+  commitHash: z14.string(),
+  repoUrl: z14.string(),
+  mobbUserEmail: z14.string(),
+  extraHeaders: z14.record(z14.string(), z14.string()).default({})
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z13.object({
-    type: z13.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z13.string(),
-    commitMessage: z13.string(),
-    commitDescription: z13.string().nullish(),
-    githubCommentId: z13.number().nullish()
+  z14.object({
+    type: z14.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z14.string(),
+    commitMessage: z14.string(),
+    commitDescription: z14.string().nullish(),
+    githubCommentId: z14.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z13.object({
-  type: z13.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z13.string(),
-  baseBranch: z13.string()
+var SubmitFixesToDifferentBranchParamsZ = z14.object({
+  type: z14.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z14.string(),
+  baseBranch: z14.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z13.union([
+var SubmitFixesMessageZ = z14.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z13.array(
-  z13.object({
-    fixId: z13.string().uuid()
+var FixResponseArrayZ = z14.array(
+  z14.object({
+    fixId: z14.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z13.object({
-  mobbUserEmail: z13.string(),
-  submitFixRequestId: z13.string().uuid(),
-  submitBranches: z13.array(
-    z13.object({
-      branchName: z13.string(),
+var SubmitFixesBaseResponseMessageZ = z14.object({
+  mobbUserEmail: z14.string(),
+  submitFixRequestId: z14.string().uuid(),
+  submitBranches: z14.array(
+    z14.object({
+      branchName: z14.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z13.object({
-    type: z13.enum([
+  error: z14.object({
+    type: z14.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z13.object({
-      message: z13.string(),
-      pushBranchName: z13.string().optional()
+    info: z14.object({
+      message: z14.string(),
+      pushBranchName: z14.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z13.object({
-  type: z13.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z13.number().nullish()
+var authorSchemaZ = z14.object({
+  email: z14.string(),
+  name: z14.string()
+}).nullable();
+var summarySchemaZ = z14.object({
+  changes: z14.number(),
+  insertions: z14.number(),
+  deletions: z14.number()
+});
+var GitCommitZ = z14.object({
+  author: authorSchemaZ,
+  branch: z14.string(),
+  commit: z14.string(),
+  root: z14.boolean(),
+  summary: summarySchemaZ
+}).nullable();
+var SubmitFixesToSameBranchResponseMessageZ = z14.object({
+  type: z14.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z14.number().nullish(),
+  commit: GitCommitZ
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z13.object({
-  type: z13.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z13.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z14.object({
+  type: z14.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z14.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z13.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z14.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
@@ -4570,21 +4642,21 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z14.array(
-  z14.object({
-    fixId: z14.string(),
-    patches: z14.array(z14.string())
+var FixesZ = z15.array(
+  z15.object({
+    fixId: z15.string(),
+    patches: z15.array(z15.string())
   })
 ).nonempty();
 // src/features/analysis/scm/scm.ts
 function isBrokerUrl(url) {
-  return z15.string().uuid().safeParse(new URL(url).host).success;
+  return z16.string().uuid().safeParse(new URL(url).host).success;
 }
-var GetRefererenceResultZ = z15.object({
-  date: z15.date().optional(),
-  sha: z15.string(),
-  type: z15.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z16.object({
+  date: z16.date().optional(),
+  sha: z16.string(),
+  type: z16.nativeEnum(ReferenceType)
 });
 function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
@@ -4625,7 +4697,7 @@ var scmTypeToScmLibScmType = {
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z15.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z16.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -4839,7 +4911,7 @@ var SCMLib = class {
       if (e instanceof InvalidRepoUrlError && url) {
         throw new RepoNoTokenAccessError(
           "no access to repo",
-          scmLibScmTypeToScmType[z15.nativeEnum(ScmLibScmType).parse(scmType)]
+          scmLibScmTypeToScmType[z16.nativeEnum(ScmLibScmType).parse(scmType)]
         );
       }
       console.error(`error validating scm: ${scmType} `, e);
@@ -5009,6 +5081,14 @@ var AdoSCMLib = class extends SCMLib {
       prNumber
     });
   }
+  async getCommitUrl(commitId) {
+    this._validateUrl();
+    const adoSdk = await this.getAdoSdk();
+    return adoSdk.getAdoCommitUrl({
+      url: this.url,
+      commitId
+    });
+  }
 };
 var GitlabSCMLib = class extends SCMLib {
   async createSubmitRequest(params) {
@@ -5146,6 +5226,15 @@ var GitlabSCMLib = class extends SCMLib {
     });
     return res.web_url;
   }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const res = await getGitlabCommitUrl({
+      url: this.url,
+      commitSha: commitId,
+      accessToken: this.accessToken
+    });
+    return res.web_url;
+  }
 };
 var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
@@ -5247,7 +5336,7 @@ var GithubSCMLib = class extends SCMLib {
       owner,
       repo
     });
-    return z15.string().parse(prRes.data);
+    return z16.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
     this._validateAccessToken();
@@ -5338,6 +5427,16 @@ var GithubSCMLib = class extends SCMLib {
     });
     return getPrRes.data.html_url;
   }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getCommitRes = await this.githubSdk.getCommit({
+      owner,
+      repo,
+      commitSha: commitId
+    });
+    return getCommitRes.data.html_url;
+  }
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
     this._validateAccessTokenAndUrl();
@@ -5432,13 +5531,17 @@ var StubSCMLib = class extends SCMLib {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
+  async getCommitUrl(_commitId) {
+    console.error("getCommitUrl() not implemented");
+    throw new Error("getCommitUrl() not implemented");
+  }
   _getUsernameForAuthUrl() {
     throw new Error("Method not implemented.");
   }
 };
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z15.object({ username: z15.string(), password: z15.string() }).parse({ username, password });
+  const safePasswordAndUsername = z16.object({ username: z16.string(), password: z16.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -5474,7 +5577,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z15.string().parse(this.accessToken) };
+        return { authType, token: z16.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -5486,7 +5589,7 @@ var BitbucketSCMLib = class extends SCMLib {
       ...params,
       repoUrl: this.url
     });
-    return String(z15.number().parse(pullRequestRes.id));
+    return String(z16.number().parse(pullRequestRes.id));
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -5558,7 +5661,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z15.string().parse(res.username);
+    return z16.string().parse(res.username);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -5587,7 +5690,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z15.string().parse(repoRes.mainbranch?.name);
+    return z16.string().parse(repoRes.mainbranch?.name);
   }
   getPrUrl(prNumber) {
     this._validateUrl();
@@ -5596,39 +5699,46 @@ var BitbucketSCMLib = class extends SCMLib {
       `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
     );
   }
+  getCommitUrl(commitId) {
+    this._validateUrl();
+    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repoSlug}/commits/${commitId}`
+    );
+  }
 };
 // src/features/analysis/scm/ado/validation.ts
-import { z as z16 } from "zod";
-var ValidPullRequestStatusZ = z16.union([
-  z16.literal(1 /* Active */),
-  z16.literal(2 /* Abandoned */),
-  z16.literal(3 /* Completed */)
+import { z as z17 } from "zod";
+var ValidPullRequestStatusZ = z17.union([
+  z17.literal(1 /* Active */),
+  z17.literal(2 /* Abandoned */),
+  z17.literal(3 /* Completed */)
 ]);
-var AdoAuthResultZ = z16.object({
-  access_token: z16.string().min(1),
-  token_type: z16.string().min(1),
-  refresh_token: z16.string().min(1)
+var AdoAuthResultZ = z17.object({
+  access_token: z17.string().min(1),
+  token_type: z17.string().min(1),
+  refresh_token: z17.string().min(1)
 });
 var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
-  scmOrgs: z16.array(z16.string())
+  scmOrgs: z17.array(z17.string())
 });
-var profileZ = z16.object({
-  displayName: z16.string(),
-  publicAlias: z16.string().min(1),
-  emailAddress: z16.string(),
-  coreRevision: z16.number(),
-  timeStamp: z16.string(),
-  id: z16.string(),
-  revision: z16.number()
+var profileZ = z17.object({
+  displayName: z17.string(),
+  publicAlias: z17.string().min(1),
+  emailAddress: z17.string(),
+  coreRevision: z17.number(),
+  timeStamp: z17.string(),
+  id: z17.string(),
+  revision: z17.number()
 });
-var accountsZ = z16.object({
-  count: z16.number(),
-  value: z16.array(
-    z16.object({
-      accountId: z16.string(),
-      accountUri: z16.string(),
-      accountName: z16.string()
+var accountsZ = z17.object({
+  count: z17.number(),
+  value: z17.array(
+    z17.object({
+      accountId: z17.string(),
+      accountUri: z17.string(),
+      accountName: z17.string()
     })
   )
 });
@@ -5713,7 +5823,7 @@ async function getAdoConnectData({
         oauthToken: adoTokenInfo.accessToken
       });
       return {
-        org: z17.string().parse(org),
+        org: z18.string().parse(org),
         origin: DEFUALT_ADO_ORIGIN
       };
     }
@@ -5799,7 +5909,7 @@ async function getAdoClientParams(params) {
       return {
         tokenType: "PAT" /* PAT */,
         accessToken: adoTokenInfo.accessToken,
-        patTokenOrg: z17.string().parse(tokenOrg).toLowerCase(),
+        patTokenOrg: z18.string().parse(tokenOrg).toLowerCase(),
         origin: origin2,
         orgName: org.toLowerCase()
       };
@@ -5932,6 +6042,18 @@ async function getAdoSdk(params) {
       );
       return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
     },
+    async getAdoCommitUrl({
+      url,
+      commitId
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(url);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      return `${getRepositoryRes.webUrl}/commit/${commitId}`;
+    },
     getAdoDownloadUrl({
       repoUrl,
       branch
@@ -5954,9 +6076,9 @@ async function getAdoSdk(params) {
       return new URL(`${path9}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
       try {
+        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+        const git = await api2.getGitApi();
         const res = await git.getBranches(repo, projectName);
         res.sort((a, b) => {
           if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
@@ -5970,7 +6092,7 @@ async function getAdoSdk(params) {
           }
           acc.push(branch.name);
           return acc;
-        }, []);
+        }, []).slice(0, MAX_BRANCHES_FETCH);
       } catch (e) {
         return [];
       }
@@ -6166,13 +6288,10 @@ async function getAdoRepoList({
   return repos;
 }
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug6 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z19 } from "zod";
+import { z as z20 } from "zod";
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -6243,7 +6362,7 @@ var scannerToFriendlyString = {
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
 import Debug5 from "debug";
-import { z as z18 } from "zod";
+import { z as z19 } from "zod";
 var debug5 = Debug5("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
 function buildCommentBody({
@@ -6277,11 +6396,11 @@ function buildCommentBody({
   });
   const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const validFixParseRes = z18.object({
+  const validFixParseRes = z19.object({
     patchAndQuestions: PatchAndQuestionsZ,
-    vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
-    safeIssueLanguage: z18.nativeEnum(IssueLanguage_Enum),
-    safeIssueType: z18.nativeEnum(IssueType_Enum)
+    vulnerabilitySeverity: z19.nativeEnum(Vulnerability_Severity_Enum),
+    safeIssueLanguage: z19.nativeEnum(IssueLanguage_Enum),
+    safeIssueType: z19.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
     debug5(
@@ -6454,7 +6573,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z19.string().parse(file.to),
+      path: z20.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -6799,30 +6918,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 // src/features/analysis/graphql/types.ts
-import { z as z20 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z20.object({
-  vulnerabilityReportIssueId: z20.string(),
-  path: z20.string(),
-  startLine: z20.number(),
-  vulnerabilityReportIssue: z20.object({
-    fixId: z20.string()
+import { z as z21 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z21.object({
+  vulnerabilityReportIssueId: z21.string(),
+  path: z21.string(),
+  startLine: z21.number(),
+  vulnerabilityReportIssue: z21.object({
+    fixId: z21.string()
   })
 });
-var GetVulByNodesMetadataZ = z20.object({
-  vulnerabilityReportIssueCodeNodes: z20.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+var GetVulByNodesMetadataZ = z21.object({
+  vulnerabilityReportIssueCodeNodes: z21.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   }),
-  fixablePrVuls: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+  fixablePrVuls: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   }),
-  totalScanVulnerabilities: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+  totalScanVulnerabilities: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   })
 });
@@ -7836,7 +7955,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z21.string().parse(repo),
+      repoUrl: z22.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -8075,9 +8194,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z21.object({
-          repo: z21.string().url(),
-          githubActionToken: z21.string()
+        const params2 = z22.object({
+          repo: z22.string().url(),
+          githubActionToken: z22.string()
         }).parse({ repo, githubActionToken });
         const scm = await SCMLib.init(
           {
@@ -8099,7 +8218,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm,
-              scanner: z21.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z22.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -8326,7 +8445,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z22 } from "zod";
+import { z as z23 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -8343,13 +8462,13 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z22.string({
+var UrlZ = z23.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 }).refine((data) => !!sanityRepoURL(data), {
   message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z22.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z23.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -8557,13 +8676,6 @@ var parseArgs = async (args) => {
     )} ${chalk9.dim("[options]")}
             `
   ).version(false).command(
-    mobbCliCommand.addScmToken,
-    chalk9.bold(
-      "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
-    ),
-    addScmTokenBuilder,
-    addScmTokenHandler
-  ).command(
     mobbCliCommand.scan,
     chalk9.bold(
       "Scan your code for vulnerabilities, get automated fixes right away."
@@ -8580,10 +8692,17 @@ var parseArgs = async (args) => {
   ).command(
     mobbCliCommand.review,
     chalk9.bold(
-      "(beta) Mobb will review your github pull requests and provide comments with fixes "
+      "Mobb will review your github pull requests and provide comments with fixes "
     ),
     reviewBuilder,
     reviewHandler
+  ).command(
+    mobbCliCommand.addScmToken,
+    chalk9.bold(
+      "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
+    ),
+    addScmTokenBuilder,
+    addScmTokenHandler
   ).example(
     "$0 scan -r https://github.com/WebGoat/WebGoat",
     "Scan an existing repository"