mobbdev 0.0.183 → 0.0.185

package/dist/index.mjs

@@ -37,7 +37,7 @@ import { fileURLToPath } from "node:url";
 import chalk from "chalk";
 import Debug from "debug";
 import * as dotenv from "dotenv";
-import { z as z2 } from "zod";
+import { z as z4 } from "zod";
 
 // src/features/analysis/scm/generates/client_generates.ts
 var FixQuestionInputType = /* @__PURE__ */ ((FixQuestionInputType2) => {
@@ -651,467 +651,589 @@ function getSdk(client, withWrapper = defaultWrapper) {
 }
 
 // src/features/analysis/scm/shared/src/types.ts
+import { z as z3 } from "zod";
+
+// src/features/analysis/scm/shared/src/validations.ts
+import { z as z2 } from "zod";
+
+// src/features/analysis/scm/shared/src/getIssueType.ts
 import { z } from "zod";
-var OrganizationScreenQueryParamsZ = z.object({
-  organizationId: z.string().uuid()
+var issueTypeMap = {
+  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
+  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
+  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
+  ["CMDi" /* CmDi */]: "Command Injection",
+  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
+  ["XXE" /* Xxe */]: "XXE",
+  ["XSS" /* Xss */]: "XSS",
+  ["PT" /* Pt */]: "Path Traversal",
+  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
+  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
+  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
+  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
+  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
+  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
+  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
+  ["LOG_FORGING" /* LogForging */]: "Log Forging",
+  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
+  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
+  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
+  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
+  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
+  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
+  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
+  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
+  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
+  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
+  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
+  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
+  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
+  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
+  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
+  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
+  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
+  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
+  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
+  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
+  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
+  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
+  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
+  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
+  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
+  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
+  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
+  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
+  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
+  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
+  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
+  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
+  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
+  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
+  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
+  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
+  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
+  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
+  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
+  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
+  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
+  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
+  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
+  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
+  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
+  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
+  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
+  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
+  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
+  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
+  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
+  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
+  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
+  ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
+  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
+  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
+};
+var issueTypeZ = z.nativeEnum(IssueType_Enum);
+var getIssueTypeFriendlyString = (issueType) => {
+  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
+  if (!issueTypeZParseRes.success) {
+    return issueType ? issueType.replaceAll("_", " ") : "Other";
+  }
+  return issueTypeMap[issueTypeZParseRes.data];
+};
+
+// src/features/analysis/scm/shared/src/validations.ts
+var IssueTypeSettingZ = z2.object({
+  autoPrEnabled: z2.boolean(),
+  enabled: z2.boolean(),
+  issueType: z2.nativeEnum(IssueType_Enum)
 });
-var ProjectPageQueryParamsZ = z.object({
-  organizationId: z.string().uuid(),
-  projectId: z.string().uuid()
+var IssueTypeSettingsZ = z2.array(IssueTypeSettingZ).transform((issueTypeSettings) => {
+  return Object.values(IssueType_Enum).map((issueTypeEnum) => {
+    const existingIssueTypeSetting = issueTypeSettings.find(
+      ({ issueType: dbIssueType }) => dbIssueType === issueTypeEnum
+    );
+    if (existingIssueTypeSetting) {
+      return existingIssueTypeSetting;
+    }
+    return {
+      autoPrEnabled: false,
+      enabled: true,
+      issueType: issueTypeEnum
+    };
+  }).sort((a, b) => {
+    return getIssueTypeFriendlyString(a.issueType).localeCompare(
+      getIssueTypeFriendlyString(b.issueType)
+    );
+  });
+});
+
+// src/features/analysis/scm/shared/src/types.ts
+var OrganizationScreenQueryParamsZ = z3.object({
+  organizationId: z3.string().uuid()
+});
+var ProjectPageQueryParamsZ = z3.object({
+  organizationId: z3.string().uuid(),
+  projectId: z3.string().uuid()
 });
 var AnalysisPageQueryParamsZ = ProjectPageQueryParamsZ.extend({
-  reportId: z.string().uuid()
+  reportId: z3.string().uuid()
 });
 var FixPageQueryParamsZ = AnalysisPageQueryParamsZ.extend({
-  fixId: z.string().uuid()
+  fixId: z3.string().uuid()
 });
-var CliLoginPageQueryParamsZ = z.object({
-  loginId: z.string().uuid()
+var CliLoginPageQueryParamsZ = z3.object({
+  loginId: z3.string().uuid()
 });
-var ScmSubmitFixRequestsZ = z.array(
-  z.object({
-    scmSubmitFixRequest: z.object({
-      submitFixRequest: z.object({
-        createdByUser: z.object({
-          email: z.string()
+var ScmSubmitFixRequestsZ = z3.array(
+  z3.object({
+    scmSubmitFixRequest: z3.object({
+      submitFixRequest: z3.object({
+        createdByUser: z3.object({
+          email: z3.string()
         })
       }),
-      prUrl: z.string().nullable(),
-      scmId: z.string()
+      prUrl: z3.string().nullable(),
+      commitUrl: z3.string().nullable(),
+      scmId: z3.string()
     })
   })
 );
-var AnalysisReportDigestedZ = z.object({
-  id: z.string().uuid(),
-  state: z.nativeEnum(Fix_Report_State_Enum),
-  vulnerabilityReport: z.object({
-    reportSummaryUrl: z.string().url().nullish(),
-    scanDate: z.string().nullable(),
-    supported: z.object({
-      aggregate: z.object({
-        count: z.number()
+var AnalysisReportDigestedZ = z3.object({
+  id: z3.string().uuid(),
+  state: z3.nativeEnum(Fix_Report_State_Enum),
+  vulnerabilityReport: z3.object({
+    reportSummaryUrl: z3.string().url().nullish(),
+    scanDate: z3.string().nullable(),
+    supported: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    all: z.object({
-      aggregate: z.object({
-        count: z.number()
+    all: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
-    project: z.object({
-      organizationId: z.string().uuid()
+    vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum),
+    project: z3.object({
+      organizationId: z3.string().uuid()
     })
   })
 });
-var FixRatingZ = z.object({
-  voteScore: z.number(),
-  fixRatingTag: z.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
-  comment: z.string().nullable().default(null),
-  updatedDate: z.string().nullable(),
-  user: z.object({
-    email: z.string(),
-    name: z.string()
+var FixRatingZ = z3.object({
+  voteScore: z3.number(),
+  fixRatingTag: z3.nativeEnum(Fix_Rating_Tag_Enum).nullable().default(null),
+  comment: z3.string().nullable().default(null),
+  updatedDate: z3.string().nullable(),
+  user: z3.object({
+    email: z3.string(),
+    name: z3.string()
   })
 });
-var ReportQueryResultZ = z.object({
-  fixReport_by_pk: z.object({
-    id: z.string().uuid(),
-    fixesCommitted: z.object({
-      aggregate: z.object({ count: z.number() })
+var ReportQueryResultZ = z3.object({
+  fixReport_by_pk: z3.object({
+    id: z3.string().uuid(),
+    fixesCommitted: z3.object({
+      aggregate: z3.object({ count: z3.number() })
     }),
-    fixesDownloaded: z.object({
-      aggregate: z.object({ count: z.number() })
+    fixesDownloaded: z3.object({
+      aggregate: z3.object({ count: z3.number() })
     }),
-    fixesReadyCount: z.number(),
-    issueTypes: z.record(z.string(), z.number()).nullable(),
-    issueLanguages: z.record(z.string(), z.number()).nullable(),
-    fixesCountByEffort: z.record(z.string(), z.number()).nullable(),
-    vulnerabilitySeverities: z.record(z.string(), z.number()).nullable(),
-    createdOn: z.string(),
-    expirationOn: z.string().nullable(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+    fixesReadyCount: z3.number(),
+    issueTypes: z3.record(z3.string(), z3.number()).nullable(),
+    issueLanguages: z3.record(z3.string(), z3.number()).nullable(),
+    fixesCountByEffort: z3.record(z3.string(), z3.number()).nullable(),
+    vulnerabilitySeverities: z3.record(z3.string(), z3.number()).nullable(),
+    createdOn: z3.string(),
+    expirationOn: z3.string().nullable(),
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    fixes: z.array(
-      z.object({
-        id: z.string().uuid(),
-        safeIssueLanguage: z.string(),
-        safeIssueType: z.string(),
-        confidence: z.number(),
-        effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-        modifiedBy: z.string().nullable(),
-        gitBlameLogin: z.string().nullable(),
-        fixReportId: z.string().uuid(),
-        vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-        filePaths: z.array(
-          z.object({
-            fileRepoRelativePath: z.string()
+    fixes: z3.array(
+      z3.object({
+        id: z3.string().uuid(),
+        safeIssueLanguage: z3.string(),
+        safeIssueType: z3.string(),
+        confidence: z3.number(),
+        effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+        modifiedBy: z3.string().nullable(),
+        gitBlameLogin: z3.string().nullable(),
+        fixReportId: z3.string().uuid(),
+        vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+        filePaths: z3.array(
+          z3.object({
+            fileRepoRelativePath: z3.string()
           })
         ),
-        state: z.nativeEnum(Fix_State_Enum),
-        numberOfVulnerabilityIssues: z.number(),
-        vulnerabilityReportIssues: z.array(
-          z.object({
-            issueType: z.string(),
-            issueLanguage: z.string()
+        state: z3.nativeEnum(Fix_State_Enum),
+        numberOfVulnerabilityIssues: z3.number(),
+        vulnerabilityReportIssues: z3.array(
+          z3.object({
+            issueType: z3.string(),
+            issueLanguage: z3.string()
           })
         ),
         scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-        isArchived: z.boolean().nullable(),
-        fixRatings: z.array(FixRatingZ).default([])
+        isArchived: z3.boolean().nullable(),
+        fixRatings: z3.array(FixRatingZ).default([])
       })
     ),
-    repo: z.object({
-      name: z.string().nullable(),
-      originalUrl: z.string(),
-      reference: z.string(),
-      commitSha: z.string(),
-      isKnownBranch: z.boolean().nullish().default(true)
+    repo: z3.object({
+      name: z3.string().nullable(),
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      commitSha: z3.string(),
+      isKnownBranch: z3.boolean().nullish().default(true)
     }),
-    vulnerabilityReport: z.object({
-      reportSummaryUrl: z.string().url().nullish(),
-      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-      issuesWithKnownLanguage: z.number().nullable(),
-      scanDate: z.string().nullable(),
-      vendorReportId: z.string().uuid().nullable(),
-      projectId: z.string().uuid(),
-      project: z.object({
-        organizationId: z.string().uuid()
+    vulnerabilityReport: z3.object({
+      reportSummaryUrl: z3.string().url().nullish(),
+      vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+      issuesWithKnownLanguage: z3.number().nullable(),
+      scanDate: z3.string().nullable(),
+      vendorReportId: z3.string().uuid().nullable(),
+      projectId: z3.string().uuid(),
+      project: z3.object({
+        organizationId: z3.string().uuid()
       }),
-      file: z.object({
-        id: z.string().uuid(),
-        path: z.string()
+      file: z3.object({
+        id: z3.string().uuid(),
+        path: z3.string()
       }),
-      pending: z.object({
-        aggregate: z.object({
-          count: z.number()
+      pending: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      supported: z.object({
-        aggregate: z.object({
-          count: z.number()
+      supported: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      digested: z.object({
-        aggregate: z.object({
-          count: z.number()
+      digested: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      all: z.object({
-        aggregate: z.object({
-          count: z.number()
+      all: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      fixable: z.object({
-        aggregate: z.object({
-          count: z.number()
+      fixable: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      errors: z.object({
-        aggregate: z.object({
-          count: z.number()
+      errors: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      vulnerabilityReportIssues: z.object({
-        extraData: z.object({
-          missing_files: z.string().array().nullish(),
-          large_files: z.string().array().nullish(),
-          error_files: z.string().array().nullish()
+      vulnerabilityReportIssues: z3.object({
+        extraData: z3.object({
+          missing_files: z3.string().array().nullish(),
+          large_files: z3.string().array().nullish(),
+          error_files: z3.string().array().nullish()
         })
       }).array()
     })
   })
 });
-var ReportFixesQueryZ = z.array(
-  z.object({
-    id: z.string().uuid(),
-    state: z.nativeEnum(Fix_State_Enum),
-    isArchived: z.boolean().nullable(),
-    confidence: z.number(),
-    gitBlameLogin: z.string().nullable(),
-    effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-    safeIssueLanguage: z.string(),
-    safeIssueType: z.string(),
-    vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-    fixReportId: z.string().uuid(),
-    filePaths: z.array(
-      z.object({
-        fileRepoRelativePath: z.string()
+var ReportFixesQueryZ = z3.array(
+  z3.object({
+    id: z3.string().uuid(),
+    state: z3.nativeEnum(Fix_State_Enum),
+    isArchived: z3.boolean().nullable(),
+    confidence: z3.number(),
+    gitBlameLogin: z3.string().nullable(),
+    effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+    safeIssueLanguage: z3.string(),
+    safeIssueType: z3.string(),
+    vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+    fixReportId: z3.string().uuid(),
+    filePaths: z3.array(
+      z3.object({
+        fileRepoRelativePath: z3.string()
       })
     ),
-    numberOfVulnerabilityIssues: z.number(),
-    vulnerabilityReportIssues: z.array(
-      z.object({
-        issueType: z.string(),
-        issueLanguage: z.string()
+    numberOfVulnerabilityIssues: z3.number(),
+    vulnerabilityReportIssues: z3.array(
+      z3.object({
+        issueType: z3.string(),
+        issueLanguage: z3.string()
       })
     ),
     scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-    fixRatings: z.array(FixRatingZ).default([])
+    fixRatings: z3.array(FixRatingZ).default([])
   })
 );
-var ExtraContextInternalZ = z.object({
-  key: z.string(),
-  value: z.string().or(z.boolean()).or(
-    z.object({
-      int: z.boolean(),
-      integer: z.boolean(),
-      string: z.boolean(),
-      date: z.boolean()
+var ExtraContextInternalZ = z3.object({
+  key: z3.string(),
+  value: z3.string().or(z3.boolean()).or(
+    z3.object({
+      int: z3.boolean(),
+      integer: z3.boolean(),
+      string: z3.boolean(),
+      date: z3.boolean()
     })
   )
 });
-var PackageInfoZ = z.object({
-  name: z.string(),
-  version: z.string(),
-  envName: z.string().nullable()
+var PackageInfoZ = z3.object({
+  name: z3.string(),
+  version: z3.string(),
+  envName: z3.string().nullable()
 });
-var ManifestActionRequiredZ = z.object({
-  action: z.nativeEnum(ManifestAction),
-  language: z.nativeEnum(Language),
+var ManifestActionRequiredZ = z3.object({
+  action: z3.nativeEnum(ManifestAction),
+  language: z3.nativeEnum(Language),
   lib: PackageInfoZ,
   typesLib: PackageInfoZ.nullable()
 });
-var FixExtraContextZ = z.object({
-  fixDescription: z.string(),
-  manifestActionsRequired: z.array(ManifestActionRequiredZ),
-  extraContext: z.array(ExtraContextInternalZ)
+var FixExtraContextZ = z3.object({
+  fixDescription: z3.string(),
+  manifestActionsRequired: z3.array(ManifestActionRequiredZ),
+  extraContext: z3.array(ExtraContextInternalZ)
 });
-var PatchAndQuestionsZ = z.object({
-  __typename: z.literal("FixData"),
-  patch: z.string(),
-  questions: z.array(
-    z.object({
-      name: z.string(),
-      key: z.string(),
-      index: z.number(),
-      defaultValue: z.string(),
-      value: z.string().nullable(),
-      extraContext: z.array(ExtraContextInternalZ),
-      inputType: z.nativeEnum(FixQuestionInputType),
-      options: z.array(z.string())
+var PatchAndQuestionsZ = z3.object({
+  __typename: z3.literal("FixData"),
+  patch: z3.string(),
+  questions: z3.array(
+    z3.object({
+      name: z3.string(),
+      key: z3.string(),
+      index: z3.number(),
+      defaultValue: z3.string(),
+      value: z3.string().nullable(),
+      extraContext: z3.array(ExtraContextInternalZ),
+      inputType: z3.nativeEnum(FixQuestionInputType),
+      options: z3.array(z3.string())
     })
   ),
   extraContext: FixExtraContextZ
 });
-var FixQueryZ = z.object({
-  __typename: z.literal("fix").optional(),
-  id: z.string().uuid(),
-  state: z.nativeEnum(Fix_State_Enum),
-  modifiedBy: z.string().nullable(),
-  gitBlameLogin: z.string().nullable(),
-  safeIssueLanguage: z.string(),
-  safeIssueType: z.string(),
-  confidence: z.number(),
-  fixReportId: z.string().uuid(),
-  isExpired: z.boolean().default(false),
-  isArchived: z.boolean().nullable(),
+var FixQueryZ = z3.object({
+  __typename: z3.literal("fix").optional(),
+  id: z3.string().uuid(),
+  state: z3.nativeEnum(Fix_State_Enum),
+  modifiedBy: z3.string().nullable(),
+  gitBlameLogin: z3.string().nullable(),
+  safeIssueLanguage: z3.string(),
+  safeIssueType: z3.string(),
+  confidence: z3.number(),
+  fixReportId: z3.string().uuid(),
+  isExpired: z3.boolean().default(false),
+  isArchived: z3.boolean().nullable(),
   // TODO: remove nullish once the data on the backend is ready
-  vulnerabilitySeverity: z.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
-  fixFiles: z.array(
-    z.object({
-      fileRepoRelativePath: z.string()
+  vulnerabilitySeverity: z3.nativeEnum(Vulnerability_Severity_Enum).nullable().transform((i) => i ?? "low" /* Low */),
+  fixFiles: z3.array(
+    z3.object({
+      fileRepoRelativePath: z3.string()
     })
   ),
-  numberOfVulnerabilityIssues: z.number(),
-  vulnerabilityReportIssues: z.array(
-    z.object({
-      vendorIssueId: z.string(),
-      issueLanguage: z.string()
+  numberOfVulnerabilityIssues: z3.number(),
+  vulnerabilityReportIssues: z3.array(
+    z3.object({
+      vendorIssueId: z3.string(),
+      issueLanguage: z3.string()
     })
   ),
   patchAndQuestions: PatchAndQuestionsZ,
   scmSubmitFixRequests: ScmSubmitFixRequestsZ,
-  effortToApplyFix: z.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
-  fixRatings: z.array(FixRatingZ).default([])
+  effortToApplyFix: z3.nativeEnum(Effort_To_Apply_Fix_Enum).nullable(),
+  fixRatings: z3.array(FixRatingZ).default([])
 });
-var FixScreenQueryResultZ = z.object({
-  fixReport_by_pk: z.object({
-    id: z.string().uuid(),
-    expirationOn: z.string(),
-    createdOn: z.string(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+var FixScreenQueryResultZ = z3.object({
+  fixReport_by_pk: z3.object({
+    id: z3.string().uuid(),
+    expirationOn: z3.string(),
+    createdOn: z3.string(),
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    repo: z.object({
-      name: z.string().nullable(),
-      originalUrl: z.string(),
-      reference: z.string(),
-      commitSha: z.string()
+    repo: z3.object({
+      name: z3.string().nullable(),
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      commitSha: z3.string()
     }),
-    vulnerabilityReport: z.object({
-      vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum),
-      vendorReportId: z.string().uuid().nullable(),
-      projectId: z.string().uuid(),
-      project: z.object({
-        organizationId: z.string().uuid()
+    vulnerabilityReport: z3.object({
+      vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum),
+      vendorReportId: z3.string().uuid().nullable(),
+      projectId: z3.string().uuid(),
+      project: z3.object({
+        organizationId: z3.string().uuid()
       }),
-      file: z.object({
-        id: z.string().uuid(),
-        path: z.string()
+      file: z3.object({
+        id: z3.string().uuid(),
+        path: z3.string()
       }),
-      pending: z.object({
-        aggregate: z.object({
-          count: z.number()
+      pending: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      supported: z.object({
-        aggregate: z.object({
-          count: z.number()
+      supported: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      all: z.object({
-        aggregate: z.object({
-          count: z.number()
+      all: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      fixable: z.object({
-        aggregate: z.object({
-          count: z.number()
+      fixable: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      errors: z.object({
-        aggregate: z.object({
-          count: z.number()
+      errors: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      vulnerabilityReportIssues: z.object({
-        extraData: z.object({
-          missing_files: z.string().array().nullish(),
-          large_files: z.string().array().nullish(),
-          error_files: z.string().array().nullish()
+      vulnerabilityReportIssues: z3.object({
+        extraData: z3.object({
+          missing_files: z3.string().array().nullish(),
+          large_files: z3.string().array().nullish(),
+          error_files: z3.string().array().nullish()
         })
       }).array()
     })
   }),
   fix_by_pk: FixQueryZ.merge(
-    z.object({
-      vulnerabilityReportIssues: z.array(
-        z.object({
-          vendorIssueId: z.string(),
-          issueType: z.string(),
-          issueLanguage: z.string()
+    z3.object({
+      vulnerabilityReportIssues: z3.array(
+        z3.object({
+          vendorIssueId: z3.string(),
+          issueType: z3.string(),
+          issueLanguage: z3.string()
         })
       )
     })
   ),
-  fixesWithSameIssueType: z.object({
-    fix: z.array(z.object({ id: z.string().uuid() }))
+  fixesWithSameIssueType: z3.object({
+    fix: z3.array(z3.object({ id: z3.string().uuid() }))
   })
 });
-var FixReportByProjectZ = z.object({
-  project_by_pk: z.object({
-    vulnerabilityReports: z.array(
-      z.object({
-        fixReport: z.object({ id: z.string().uuid() }).nullable()
+var FixReportByProjectZ = z3.object({
+  project_by_pk: z3.object({
+    vulnerabilityReports: z3.array(
+      z3.object({
+        fixReport: z3.object({ id: z3.string().uuid() }).nullable()
       })
     )
   })
 });
-var FixPageQueryZ = z.object({
+var FixPageQueryZ = z3.object({
   data: FixScreenQueryResultZ
 });
-var GetReportFixesQueryZ = z.object({
-  fixReport: z.object({
+var GetReportFixesQueryZ = z3.object({
+  fixReport: z3.object({
     fixes: ReportFixesQueryZ,
-    vulnerabilityReport: z.object({
-      vulnerabilityReportIssues_aggregate: z.object({
-        aggregate: z.object({ count: z.number() })
+    vulnerabilityReport: z3.object({
+      vulnerabilityReportIssues_aggregate: z3.object({
+        aggregate: z3.object({ count: z3.number() })
       })
     })
   }).array()
 }).nullish();
-var ProjectVulnerabilityReport = z.object({
-  id: z.string().uuid(),
-  name: z.string().nullable(),
-  vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-  fixReport: z.object({
-    id: z.string().uuid(),
-    createdOn: z.string(),
-    fixes_aggregate: z.object({
-      aggregate: z.object({
-        count: z.number()
+var ProjectVulnerabilityReport = z3.object({
+  id: z3.string().uuid(),
+  name: z3.string().nullable(),
+  vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+  fixReport: z3.object({
+    id: z3.string().uuid(),
+    createdOn: z3.string(),
+    fixes_aggregate: z3.object({
+      aggregate: z3.object({
+        count: z3.number()
       })
     }),
-    issueTypes: z.record(z.string(), z.number()).nullable(),
-    issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
-    fixesCountByEffort: z.record(z.nativeEnum(Effort_To_Apply_Fix_Enum), z.number()).nullable(),
-    vulnerabilitySeverities: z.record(z.nativeEnum(Vulnerability_Severity_Enum), z.number()).nullable(),
-    fixesDoneCount: z.number(),
-    fixesInprogressCount: z.number(),
-    fixesReadyCount: z.number(),
-    repo: z.object({
-      originalUrl: z.string(),
-      reference: z.string(),
-      name: z.string()
+    issueTypes: z3.record(z3.string(), z3.number()).nullable(),
+    issueLanguages: z3.record(z3.nativeEnum(IssueLanguage_Enum), z3.number()).nullable(),
+    fixesCountByEffort: z3.record(z3.nativeEnum(Effort_To_Apply_Fix_Enum), z3.number()).nullable(),
+    vulnerabilitySeverities: z3.record(z3.nativeEnum(Vulnerability_Severity_Enum), z3.number()).nullable(),
+    fixesDoneCount: z3.number(),
+    fixesInprogressCount: z3.number(),
+    fixesReadyCount: z3.number(),
+    repo: z3.object({
+      originalUrl: z3.string(),
+      reference: z3.string(),
+      name: z3.string()
     }),
-    createdByUser: z.object({
-      email: z.string()
+    createdByUser: z3.object({
+      email: z3.string()
     }).nullable(),
-    state: z.nativeEnum(Fix_Report_State_Enum),
-    expirationOn: z.string()
+    state: z3.nativeEnum(Fix_Report_State_Enum),
+    expirationOn: z3.string()
   })
 });
-var ProjectGetProjectZ = z.object({
-  id: z.string().uuid(),
-  name: z.string(),
-  vulnerabilityReports: z.object({
-    vendor: z.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
-    fixReport: z.object({
-      issueLanguages: z.record(z.nativeEnum(IssueLanguage_Enum), z.number()).nullable(),
-      state: z.nativeEnum(Fix_Report_State_Enum),
-      fixes_aggregate: z.object({
-        aggregate: z.object({
-          count: z.number()
+var ProjectGetProjectZ = z3.object({
+  id: z3.string().uuid(),
+  name: z3.string(),
+  vulnerabilityReports: z3.object({
+    vendor: z3.nativeEnum(Vulnerability_Report_Vendor_Enum).nullable(),
+    fixReport: z3.object({
+      issueLanguages: z3.record(z3.nativeEnum(IssueLanguage_Enum), z3.number()).nullable(),
+      state: z3.nativeEnum(Fix_Report_State_Enum),
+      fixes_aggregate: z3.object({
+        aggregate: z3.object({
+          count: z3.number()
         })
       }),
-      repo: z.object({
-        originalUrl: z.string(),
-        reference: z.string()
+      repo: z3.object({
+        originalUrl: z3.string(),
+        reference: z3.string()
       }),
-      expirationOn: z.string()
+      expirationOn: z3.string()
     })
   }).array()
 });
-var GetProjectsQueryZ = z.array(ProjectGetProjectZ);
-var ProjectPageQueryResultZ = z.object({
-  name: z.string(),
-  id: z.string().uuid(),
-  isDefault: z.boolean().default(false),
-  organizationId: z.string().uuid(),
-  vulnerabilityReports: z.array(ProjectVulnerabilityReport)
+var GetProjectsQueryZ = z3.array(ProjectGetProjectZ);
+var ProjectPageQueryResultZ = z3.object({
+  name: z3.string(),
+  id: z3.string().uuid(),
+  isDefault: z3.boolean().default(false),
+  organizationId: z3.string().uuid(),
+  vulnerabilityReports: z3.array(ProjectVulnerabilityReport),
+  projectIssueTypeSettings: z3.array(
+    IssueTypeSettingZ.merge(z3.object({ id: z3.string() }))
+  )
 });
-var GetProjectMembersDataZ = z.object({
-  project_by_pk: z.object({
-    name: z.string(),
-    id: z.string(),
-    projectUsers: z.array(
-      z.object({
-        projectToRole: z.object({
-          projectRole: z.object({
-            type: z.nativeEnum(Project_Role_Type_Enum)
+var GetProjectMembersDataZ = z3.object({
+  project_by_pk: z3.object({
+    name: z3.string(),
+    id: z3.string(),
+    projectUsers: z3.array(
+      z3.object({
+        projectToRole: z3.object({
+          projectRole: z3.object({
+            type: z3.nativeEnum(Project_Role_Type_Enum)
           })
         }),
-        user: z.object({
-          id: z.string().uuid(),
-          picture: z.string().optional(),
-          name: z.string().nullish(),
-          email: z.string().email()
+        user: z3.object({
+          id: z3.string().uuid(),
+          picture: z3.string().optional(),
+          name: z3.string().nullish(),
+          email: z3.string().email()
         })
       })
     )
   })
 });
-var RepoArgs = z.object({
-  originalUrl: z.string().url(),
-  branch: z.string(),
-  commitSha: z.string()
+var RepoArgs = z3.object({
+  originalUrl: z3.string().url(),
+  branch: z3.string(),
+  commitSha: z3.string()
 });
 var scmCloudUrl = {
   GitLab: "https://gitlab.com",
@@ -1151,12 +1273,12 @@ var scannerToVulnerability_Report_Vendor_Enum = {
   [SCANNERS.Codeql]: "codeql" /* Codeql */,
   [SCANNERS.Fortify]: "fortify" /* Fortify */
 };
-var SupportedScannersZ = z2.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z2.object({
-  WEB_APP_URL: z2.string(),
-  API_URL: z2.string(),
-  HASURA_ACCESS_KEY: z2.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z2.string()
+var SupportedScannersZ = z4.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z4.object({
+  WEB_APP_URL: z4.string(),
+  API_URL: z4.string(),
+  HASURA_ACCESS_KEY: z4.string(),
+  LOCAL_GRAPHQL_ENDPOINT: z4.string()
 }).required();
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
@@ -1294,7 +1416,7 @@ import fetch4 from "node-fetch";
 import open2 from "open";
 import semver from "semver";
 import tmp2 from "tmp";
-import { z as z21 } from "zod";
+import { z as z22 } from "zod";
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug7 from "debug";
@@ -1306,29 +1428,33 @@ var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 import querystring3 from "node:querystring";
 import * as api from "azure-devops-node-api";
 import Debug3 from "debug";
-import { z as z17 } from "zod";
+import { z as z18 } from "zod";
 
 // src/features/analysis/scm/env.ts
-import { z as z3 } from "zod";
-var EnvVariablesZod = z3.object({
-  GITLAB_API_TOKEN: z3.string().optional(),
-  GITHUB_API_TOKEN: z3.string().optional(),
-  GIT_PROXY_HOST: z3.string()
+import { z as z5 } from "zod";
+var EnvVariablesZod = z5.object({
+  GITLAB_API_TOKEN: z5.string().optional(),
+  GITHUB_API_TOKEN: z5.string().optional(),
+  GIT_PROXY_HOST: z5.string()
 });
 var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
 
 // src/features/analysis/scm/scm.ts
-import { z as z15 } from "zod";
+import { z as z16 } from "zod";
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring from "node:querystring";
 import bitbucketPkg from "bitbucket";
 import * as bitbucketPkgNode from "bitbucket";
 import Debug2 from "debug";
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
+
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+var MAX_BRANCHES_FETCH = 100;
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
-import { z as z5 } from "zod";
+import { z as z6 } from "zod";
 
 // src/features/analysis/scm/shared/src/fixDetailsData.ts
 var fixDetailsData = {
@@ -1555,93 +1681,6 @@ var fixDetailsData = {
   }
 };
 
-// src/features/analysis/scm/shared/src/getIssueType.ts
-import { z as z4 } from "zod";
-var issueTypeMap = {
-  ["NO_LIMITS_OR_THROTTLING" /* NoLimitsOrThrottling */]: "Missing Rate Limiting",
-  ["SQL_Injection" /* SqlInjection */]: "SQL Injection",
-  ["CMDi_relative_path_command" /* CmDiRelativePathCommand */]: "Relative Path Command Injection",
-  ["CMDi" /* CmDi */]: "Command Injection",
-  ["CONFUSING_NAMING" /* ConfusingNaming */]: "Confusing Naming",
-  ["XXE" /* Xxe */]: "XXE",
-  ["XSS" /* Xss */]: "XSS",
-  ["PT" /* Pt */]: "Path Traversal",
-  ["ZIP_SLIP" /* ZipSlip */]: "Zip Slip",
-  ["INSECURE_RANDOMNESS" /* InsecureRandomness */]: "Insecure Randomness",
-  ["SSRF" /* Ssrf */]: "Server Side Request Forgery",
-  ["TYPE_CONFUSION" /* TypeConfusion */]: "Type Confusion",
-  ["REGEX_INJECTION" /* RegexInjection */]: "Regular Expression Injection",
-  ["INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */]: "Incomplete URL Sanitization",
-  ["LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */]: "Locale Dependent Comparison",
-  ["LOG_FORGING" /* LogForging */]: "Log Forging",
-  ["MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */]: "Missing Check against Null",
-  ["PASSWORD_IN_COMMENT" /* PasswordInComment */]: "Password in Comment",
-  ["OVERLY_BROAD_CATCH" /* OverlyBroadCatch */]: "Poor Error Handling: Overly Broad Catch",
-  ["USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */]: "Use of System.out/System.err",
-  ["DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */]: "Use of dangerous function",
-  ["DOS_STRING_BUILDER" /* DosStringBuilder */]: "Denial of Service: StringBuilder",
-  ["OPEN_REDIRECT" /* OpenRedirect */]: "Open Redirect",
-  ["WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */]: "Weak XML Schema: Unbounded Occurrences",
-  ["SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */]: "System Information Leak",
-  ["SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */]: "External System Information Leak",
-  ["HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */]: "HTTP response splitting",
-  ["HTTP_ONLY_COOKIE" /* HttpOnlyCookie */]: "Cookie is not HttpOnly",
-  ["INSECURE_COOKIE" /* InsecureCookie */]: "Insecure Cookie",
-  ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: "Trust Boundary Violation",
-  ["NULL_DEREFERENCE" /* NullDereference */]: "Null Dereference",
-  ["UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */]: "Unsafe deserialization",
-  ["INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */]: "Insecure Binder Configuration",
-  ["UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */]: "Unsafe use of target blank",
-  ["IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */]: "Client use of iframe without sandbox",
-  ["JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */]: "jQuery deprecated symbols",
-  ["MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */]: "Missing Anti-Forgery Validation",
-  ["GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */]: "GraphQL Depth Limit",
-  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: "Unchecked Loop Condition",
-  ["IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */]: "Improper Resource Shutdown or Release",
-  ["IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */]: "Improper Exception Handling",
-  ["DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */]: "Default Definer Rights in Package or Object Definition",
-  ["HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */]: "HTML Comment in JSP",
-  ["ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */]: "Error Condition Without Action",
-  ["DEPRECATED_FUNCTION" /* DeprecatedFunction */]: "Deprecated Function",
-  ["HARDCODED_SECRETS" /* HardcodedSecrets */]: "Hardcoded Secrets",
-  ["PROTOTYPE_POLLUTION" /* PrototypePollution */]: "Prototype Pollution",
-  ["RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */]: "Race Condition Format Flaw",
-  ["NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */]: "Non-final Public Static Field",
-  ["MISSING_HSTS_HEADER" /* MissingHstsHeader */]: "Missing HSTS Header",
-  ["DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */]: "Dead Code: Unused Field",
-  ["HEADER_MANIPULATION" /* HeaderManipulation */]: "Header Manipulation",
-  ["MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */]: "Missing equals or hashcode method",
-  ["WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */]: "WCF Misconfiguration: Insufficient Logging",
-  ["WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */]: "WCF Misconfiguration: Throttling Not Enabled",
-  ["USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */]: "Useless regular-expression character escape",
-  ["INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */]: "Incomplete Hostname Regex",
-  ["OVERLY_LARGE_RANGE" /* OverlyLargeRange */]: "Regex: Overly Large Range",
-  ["INSUFFICIENT_LOGGING" /* InsufficientLogging */]: "Insufficient Logging of Sensitive Operations",
-  ["PRIVACY_VIOLATION" /* PrivacyViolation */]: "Privacy Violation",
-  ["INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */]: "Incomplete URL Scheme Check",
-  ["VALUE_NEVER_READ" /* ValueNeverRead */]: "Value Never Read",
-  ["VALUE_SHADOWING" /* ValueShadowing */]: "Value Shadowing",
-  ["NO_EQUIVALENCE_METHOD" /* NoEquivalenceMethod */]: "Class Does Not Implement Equivalence Method",
-  ["INFORMATION_EXPOSURE_VIA_HEADERS" /* InformationExposureViaHeaders */]: "Information Exposure via Headers",
-  ["DEBUG_ENABLED" /* DebugEnabled */]: "Debug Enabled",
-  ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: "Leftover Debug Code",
-  ["POOR_ERROR_HANDLING_EMPTY_CATCH_BLOCK" /* PoorErrorHandlingEmptyCatchBlock */]: "Poor Error Handling: Empty Catch Block",
-  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: "Erroneous String Compare",
-  ["UNVALIDATED_PUBLIC_METHOD_ARGUMENT" /* UnvalidatedPublicMethodArgument */]: "Unvalidated Public Method Argument",
-  ["AUTO_ESCAPE_FALSE" /* AutoEscapeFalse */]: "Auto-escape False",
-  ["MISSING_CSP_HEADER" /* MissingCspHeader */]: "Missing CSP Header",
-  ["HARDCODED_DOMAIN_IN_HTML" /* HardcodedDomainInHtml */]: "Hardcoded Domain in HTML",
-  ["HEAP_INSPECTION" /* HeapInspection */]: "Heap Inspection"
-};
-var issueTypeZ = z4.nativeEnum(IssueType_Enum);
-var getIssueTypeFriendlyString = (issueType) => {
-  const issueTypeZParseRes = issueTypeZ.safeParse(issueType);
-  if (!issueTypeZParseRes.success) {
-    return issueType ? issueType.replaceAll("_", " ") : "Other";
-  }
-  return issueTypeMap[issueTypeZParseRes.data];
-};
-
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
 function capitalizeFirstLetter(str) {
   return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
@@ -1659,7 +1698,7 @@ var getCommitDescription = ({
   guidances,
   fixUrl
 }) => {
-  const parseIssueTypeRes = z5.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z6.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (!parseIssueTypeRes.success) {
     return "";
   }
@@ -1690,10 +1729,10 @@ ${guidances.map(({ guidance }) => `## Additional actions required
 };
 
 // src/features/analysis/scm/shared/src/guidances.ts
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-import { z as z6 } from "zod";
+import { z as z7 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
 var passwordInComment = {
@@ -1848,8 +1887,8 @@ var vulnerabilities6 = {
 var xml_default = vulnerabilities6;
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-var StoredFixDataItemZ = z6.object({
-  guidance: z6.function().returns(z6.string())
+var StoredFixDataItemZ = z7.object({
+  guidance: z7.function().returns(z7.string())
 });
 var languages = {
   ["Java" /* Java */]: java_default,
@@ -1861,7 +1900,7 @@ var languages = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-import { z as z7 } from "zod";
+import { z as z8 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
 var httpOnlyCookie = {
@@ -2927,10 +2966,10 @@ var vulnerabilities10 = {
 var xml_default2 = vulnerabilities10;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-var StoredQuestionDataItemZ = z7.object({
-  content: z7.function().args(z7.any()).returns(z7.string()),
-  description: z7.function().args(z7.any()).returns(z7.string()),
-  guidance: z7.function().args(z7.any()).returns(z7.string())
+var StoredQuestionDataItemZ = z8.object({
+  content: z8.function().args(z8.any()).returns(z8.string()),
+  description: z8.function().args(z8.any()).returns(z8.string()),
+  guidance: z8.function().args(z8.any()).returns(z8.string())
 });
 var languages2 = {
   ["Java" /* Java */]: java_default2,
@@ -3023,9 +3062,9 @@ function getFixGuidances({
   const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
   return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
 }
-var IssueTypeAndLanguageZ = z8.object({
-  issueType: z8.nativeEnum(IssueType_Enum),
-  issueLanguage: z8.nativeEnum(IssueLanguage_Enum)
+var IssueTypeAndLanguageZ = z9.object({
+  issueType: z9.nativeEnum(IssueType_Enum),
+  issueLanguage: z9.nativeEnum(IssueLanguage_Enum)
 });
 function getGuidances(args) {
   const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
@@ -3063,7 +3102,7 @@ function getGuidances(args) {
 }
 
 // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
-import { z as z9 } from "zod";
+import { z as z10 } from "zod";
 function detectAdoUrl(args) {
   const { pathname, hostname, scmType } = args;
   const hostnameParts = hostname.split(".");
@@ -3078,7 +3117,7 @@ function detectAdoUrl(args) {
         scmType: "Ado" /* Ado */,
         organization,
         // project has single repo - repoName === projectName
-        projectName: z9.string().parse(projectName),
+        projectName: z10.string().parse(projectName),
         repoName: projectName,
         prefixPath
       };
@@ -3089,7 +3128,7 @@ function detectAdoUrl(args) {
       return {
         scmType: "Ado" /* Ado */,
         organization,
-        projectName: z9.string().parse(projectName),
+        projectName: z10.string().parse(projectName),
         repoName,
         prefixPath
       };
@@ -3103,7 +3142,7 @@ function detectAdoUrl(args) {
           scmType: "Ado" /* Ado */,
           organization,
           // project has only one repo - repoName === projectName
-          projectName: z9.string().parse(repoName),
+          projectName: z10.string().parse(repoName),
           repoName,
           prefixPath
         };
@@ -3113,7 +3152,7 @@ function detectAdoUrl(args) {
         return {
           scmType: "Ado" /* Ado */,
           organization,
-          projectName: z9.string().parse(projectName),
+          projectName: z10.string().parse(projectName),
           repoName,
           prefixPath
         };
@@ -3337,30 +3376,30 @@ var sanityRepoURL = (scmURL) => {
 };
 
 // src/features/analysis/scm/bitbucket/validation.ts
-import { z as z10 } from "zod";
-var BitbucketAuthResultZ = z10.object({
-  access_token: z10.string(),
-  token_type: z10.string(),
-  refresh_token: z10.string()
+import { z as z11 } from "zod";
+var BitbucketAuthResultZ = z11.object({
+  access_token: z11.string(),
+  token_type: z11.string(),
+  refresh_token: z11.string()
 });
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var debug2 = Debug2("scm:bitbucket");
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z11.object({
-  status: z11.number(),
-  error: z11.object({
-    type: z11.string(),
-    error: z11.object({
-      message: z11.string()
+var TokenExpiredErrorZ = z12.object({
+  status: z12.number(),
+  error: z12.object({
+    type: z12.string(),
+    error: z12.object({
+      message: z12.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketParseResultZ = z11.object({
-  organization: z11.string(),
-  repoName: z11.string(),
-  hostname: z11.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z12.object({
+  organization: z12.string(),
+  repoName: z12.string(),
+  hostname: z12.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -3413,12 +3452,14 @@ function getBitbucketSdk(params) {
       );
       const res = await bitbucketClient.refs.listBranches({
         repo_slug: repoSlug,
-        workspace
+        workspace,
+        pagelen: MAX_BRANCHES_FETCH,
+        sort: "-target.date"
       });
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z11.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z12.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -3533,7 +3574,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z11.string().parse(tagRes.data.target?.date))
+        date: new Date(z12.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -3541,7 +3582,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z11.string().parse(getBranchRes.target?.date))
+        date: new Date(z12.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -3549,13 +3590,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z11.string().parse(getCommitRes.date))
+        date: new Date(z12.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z11.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z12.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -3598,7 +3639,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z11.string().parse(v.slug));
+  return res.data.values?.map((v) => z12.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -4098,7 +4139,7 @@ function getGithubSdk(params = {}) {
       return octokit.rest.repos.listBranches({
         owner,
         repo,
-        per_page: 1e3,
+        per_page: MAX_BRANCHES_FETCH,
         page: 1
       });
     },
@@ -4145,11 +4186,11 @@ import {
 } from "undici";
 
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z12 } from "zod";
-var GitlabAuthResultZ = z12.object({
-  access_token: z12.string(),
-  token_type: z12.string(),
-  refresh_token: z12.string()
+import { z as z13 } from "zod";
+var GitlabAuthResultZ = z13.object({
+  access_token: z13.string(),
+  token_type: z13.string(),
+  refresh_token: z13.string()
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -4157,7 +4198,6 @@ function removeTrailingSlash(str) {
   return str.trim().replace(/\/+$/, "");
 }
 function getGitBeaker(options) {
-  console.log("getGitBeaker starting");
   const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
   const url = options.url;
   const host = url ? new URL(url).origin : "https://gitlab.com";
@@ -4301,10 +4341,7 @@ async function getGitlabBranchList({
   const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.all(projectPath, {
-      perPage: 100,
-      pagination: "keyset",
-      orderBy: "updated_at",
-      sort: "dec"
+      perPage: MAX_BRANCHES_FETCH
     });
     return res.map((branch) => branch.name);
   } catch (e) {
@@ -4340,6 +4377,18 @@ async function getGitlabMergeRequest({
   });
   return await api2.MergeRequests.show(projectPath, prNumber);
 }
+async function getGitlabCommitUrl({
+  url,
+  commitSha,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.Commits.show(projectPath, commitSha);
+}
 async function getGitlabRepoDefaultBranch(repoUrl, options) {
   const api2 = getGitBeaker({
     url: repoUrl,
@@ -4485,80 +4534,97 @@ import parseDiff from "parse-diff";
 import path3 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
-import { z as z14 } from "zod";
+import { z as z15 } from "zod";
 
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z13 } from "zod";
-var BaseSubmitToScmMessageZ = z13.object({
-  submitFixRequestId: z13.string().uuid(),
-  fixes: z13.array(
-    z13.object({
-      fixId: z13.string().uuid(),
-      patches: z13.array(z13.string())
+import { z as z14 } from "zod";
+var BaseSubmitToScmMessageZ = z14.object({
+  submitFixRequestId: z14.string().uuid(),
+  fixes: z14.array(
+    z14.object({
+      fixId: z14.string().uuid(),
+      patches: z14.array(z14.string())
     })
   ),
-  commitHash: z13.string(),
-  repoUrl: z13.string(),
-  mobbUserEmail: z13.string(),
-  extraHeaders: z13.record(z13.string(), z13.string()).default({})
+  commitHash: z14.string(),
+  repoUrl: z14.string(),
+  mobbUserEmail: z14.string(),
+  extraHeaders: z14.record(z14.string(), z14.string()).default({})
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z13.object({
-    type: z13.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z13.string(),
-    commitMessage: z13.string(),
-    commitDescription: z13.string().nullish(),
-    githubCommentId: z13.number().nullish()
+  z14.object({
+    type: z14.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z14.string(),
+    commitMessage: z14.string(),
+    commitDescription: z14.string().nullish(),
+    githubCommentId: z14.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z13.object({
-  type: z13.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z13.string(),
-  baseBranch: z13.string()
+var SubmitFixesToDifferentBranchParamsZ = z14.object({
+  type: z14.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z14.string(),
+  baseBranch: z14.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z13.union([
+var SubmitFixesMessageZ = z14.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z13.array(
-  z13.object({
-    fixId: z13.string().uuid()
+var FixResponseArrayZ = z14.array(
+  z14.object({
+    fixId: z14.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z13.object({
-  mobbUserEmail: z13.string(),
-  submitFixRequestId: z13.string().uuid(),
-  submitBranches: z13.array(
-    z13.object({
-      branchName: z13.string(),
+var SubmitFixesBaseResponseMessageZ = z14.object({
+  mobbUserEmail: z14.string(),
+  submitFixRequestId: z14.string().uuid(),
+  submitBranches: z14.array(
+    z14.object({
+      branchName: z14.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z13.object({
-    type: z13.enum([
+  error: z14.object({
+    type: z14.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z13.object({
-      message: z13.string(),
-      pushBranchName: z13.string().optional()
+    info: z14.object({
+      message: z14.string(),
+      pushBranchName: z14.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z13.object({
-  type: z13.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z13.number().nullish()
+var authorSchemaZ = z14.object({
+  email: z14.string(),
+  name: z14.string()
+}).nullable();
+var summarySchemaZ = z14.object({
+  changes: z14.number(),
+  insertions: z14.number(),
+  deletions: z14.number()
+});
+var GitCommitZ = z14.object({
+  author: authorSchemaZ,
+  branch: z14.string(),
+  commit: z14.string(),
+  root: z14.boolean(),
+  summary: summarySchemaZ
+}).nullable();
+var SubmitFixesToSameBranchResponseMessageZ = z14.object({
+  type: z14.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z14.number().nullish(),
+  commit: GitCommitZ
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z13.object({
-  type: z13.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z13.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z14.object({
+  type: z14.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z14.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z13.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z14.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
@@ -4576,21 +4642,21 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z14.array(
-  z14.object({
-    fixId: z14.string(),
-    patches: z14.array(z14.string())
+var FixesZ = z15.array(
+  z15.object({
+    fixId: z15.string(),
+    patches: z15.array(z15.string())
   })
 ).nonempty();
 
 // src/features/analysis/scm/scm.ts
 function isBrokerUrl(url) {
-  return z15.string().uuid().safeParse(new URL(url).host).success;
+  return z16.string().uuid().safeParse(new URL(url).host).success;
 }
-var GetRefererenceResultZ = z15.object({
-  date: z15.date().optional(),
-  sha: z15.string(),
-  type: z15.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z16.object({
+  date: z16.date().optional(),
+  sha: z16.string(),
+  type: z16.nativeEnum(ReferenceType)
 });
 function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
@@ -4631,7 +4697,7 @@ var scmTypeToScmLibScmType = {
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z15.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z16.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -4845,7 +4911,7 @@ var SCMLib = class {
       if (e instanceof InvalidRepoUrlError && url) {
         throw new RepoNoTokenAccessError(
           "no access to repo",
-          scmLibScmTypeToScmType[z15.nativeEnum(ScmLibScmType).parse(scmType)]
+          scmLibScmTypeToScmType[z16.nativeEnum(ScmLibScmType).parse(scmType)]
         );
       }
       console.error(`error validating scm: ${scmType} `, e);
@@ -5015,6 +5081,14 @@ var AdoSCMLib = class extends SCMLib {
       prNumber
     });
   }
+  async getCommitUrl(commitId) {
+    this._validateUrl();
+    const adoSdk = await this.getAdoSdk();
+    return adoSdk.getAdoCommitUrl({
+      url: this.url,
+      commitId
+    });
+  }
 };
 var GitlabSCMLib = class extends SCMLib {
   async createSubmitRequest(params) {
@@ -5152,6 +5226,15 @@ var GitlabSCMLib = class extends SCMLib {
     });
     return res.web_url;
   }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const res = await getGitlabCommitUrl({
+      url: this.url,
+      commitSha: commitId,
+      accessToken: this.accessToken
+    });
+    return res.web_url;
+  }
 };
 var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
@@ -5253,7 +5336,7 @@ var GithubSCMLib = class extends SCMLib {
       owner,
       repo
     });
-    return z15.string().parse(prRes.data);
+    return z16.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
     this._validateAccessToken();
@@ -5344,6 +5427,16 @@ var GithubSCMLib = class extends SCMLib {
     });
     return getPrRes.data.html_url;
   }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getCommitRes = await this.githubSdk.getCommit({
+      owner,
+      repo,
+      commitSha: commitId
+    });
+    return getCommitRes.data.html_url;
+  }
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
     this._validateAccessTokenAndUrl();
@@ -5438,13 +5531,17 @@ var StubSCMLib = class extends SCMLib {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
+  async getCommitUrl(_commitId) {
+    console.error("getCommitUrl() not implemented");
+    throw new Error("getCommitUrl() not implemented");
+  }
   _getUsernameForAuthUrl() {
     throw new Error("Method not implemented.");
   }
 };
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z15.object({ username: z15.string(), password: z15.string() }).parse({ username, password });
+  const safePasswordAndUsername = z16.object({ username: z16.string(), password: z16.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -5480,7 +5577,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z15.string().parse(this.accessToken) };
+        return { authType, token: z16.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -5492,7 +5589,7 @@ var BitbucketSCMLib = class extends SCMLib {
       ...params,
       repoUrl: this.url
     });
-    return String(z15.number().parse(pullRequestRes.id));
+    return String(z16.number().parse(pullRequestRes.id));
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -5564,7 +5661,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z15.string().parse(res.username);
+    return z16.string().parse(res.username);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -5593,7 +5690,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z15.string().parse(repoRes.mainbranch?.name);
+    return z16.string().parse(repoRes.mainbranch?.name);
   }
   getPrUrl(prNumber) {
     this._validateUrl();
@@ -5602,39 +5699,46 @@ var BitbucketSCMLib = class extends SCMLib {
       `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
     );
   }
+  getCommitUrl(commitId) {
+    this._validateUrl();
+    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repoSlug}/commits/${commitId}`
+    );
+  }
 };
 
 // src/features/analysis/scm/ado/validation.ts
-import { z as z16 } from "zod";
-var ValidPullRequestStatusZ = z16.union([
-  z16.literal(1 /* Active */),
-  z16.literal(2 /* Abandoned */),
-  z16.literal(3 /* Completed */)
+import { z as z17 } from "zod";
+var ValidPullRequestStatusZ = z17.union([
+  z17.literal(1 /* Active */),
+  z17.literal(2 /* Abandoned */),
+  z17.literal(3 /* Completed */)
 ]);
-var AdoAuthResultZ = z16.object({
-  access_token: z16.string().min(1),
-  token_type: z16.string().min(1),
-  refresh_token: z16.string().min(1)
+var AdoAuthResultZ = z17.object({
+  access_token: z17.string().min(1),
+  token_type: z17.string().min(1),
+  refresh_token: z17.string().min(1)
 });
 var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
-  scmOrgs: z16.array(z16.string())
+  scmOrgs: z17.array(z17.string())
 });
-var profileZ = z16.object({
-  displayName: z16.string(),
-  publicAlias: z16.string().min(1),
-  emailAddress: z16.string(),
-  coreRevision: z16.number(),
-  timeStamp: z16.string(),
-  id: z16.string(),
-  revision: z16.number()
+var profileZ = z17.object({
+  displayName: z17.string(),
+  publicAlias: z17.string().min(1),
+  emailAddress: z17.string(),
+  coreRevision: z17.number(),
+  timeStamp: z17.string(),
+  id: z17.string(),
+  revision: z17.number()
 });
-var accountsZ = z16.object({
-  count: z16.number(),
-  value: z16.array(
-    z16.object({
-      accountId: z16.string(),
-      accountUri: z16.string(),
-      accountName: z16.string()
+var accountsZ = z17.object({
+  count: z17.number(),
+  value: z17.array(
+    z17.object({
+      accountId: z17.string(),
+      accountUri: z17.string(),
+      accountName: z17.string()
     })
   )
 });
@@ -5719,7 +5823,7 @@ async function getAdoConnectData({
         oauthToken: adoTokenInfo.accessToken
       });
       return {
-        org: z17.string().parse(org),
+        org: z18.string().parse(org),
         origin: DEFUALT_ADO_ORIGIN
       };
     }
@@ -5805,7 +5909,7 @@ async function getAdoClientParams(params) {
       return {
         tokenType: "PAT" /* PAT */,
         accessToken: adoTokenInfo.accessToken,
-        patTokenOrg: z17.string().parse(tokenOrg).toLowerCase(),
+        patTokenOrg: z18.string().parse(tokenOrg).toLowerCase(),
         origin: origin2,
         orgName: org.toLowerCase()
       };
@@ -5938,6 +6042,18 @@ async function getAdoSdk(params) {
       );
       return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
     },
+    async getAdoCommitUrl({
+      url,
+      commitId
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(url);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      return `${getRepositoryRes.webUrl}/commit/${commitId}`;
+    },
     getAdoDownloadUrl({
       repoUrl,
       branch
@@ -5960,9 +6076,9 @@ async function getAdoSdk(params) {
       return new URL(`${path9}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
       try {
+        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+        const git = await api2.getGitApi();
         const res = await git.getBranches(repo, projectName);
         res.sort((a, b) => {
           if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
@@ -5976,7 +6092,7 @@ async function getAdoSdk(params) {
           }
           acc.push(branch.name);
           return acc;
-        }, []);
+        }, []).slice(0, MAX_BRANCHES_FETCH);
       } catch (e) {
         return [];
       }
@@ -6172,13 +6288,10 @@ async function getAdoRepoList({
   return repos;
 }
 
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
-
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug6 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z19 } from "zod";
+import { z as z20 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -6249,7 +6362,7 @@ var scannerToFriendlyString = {
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
 import Debug5 from "debug";
-import { z as z18 } from "zod";
+import { z as z19 } from "zod";
 var debug5 = Debug5("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
 function buildCommentBody({
@@ -6283,11 +6396,11 @@ function buildCommentBody({
   });
   const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const validFixParseRes = z18.object({
+  const validFixParseRes = z19.object({
     patchAndQuestions: PatchAndQuestionsZ,
-    vulnerabilitySeverity: z18.nativeEnum(Vulnerability_Severity_Enum),
-    safeIssueLanguage: z18.nativeEnum(IssueLanguage_Enum),
-    safeIssueType: z18.nativeEnum(IssueType_Enum)
+    vulnerabilitySeverity: z19.nativeEnum(Vulnerability_Severity_Enum),
+    safeIssueLanguage: z19.nativeEnum(IssueLanguage_Enum),
+    safeIssueType: z19.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
     debug5(
@@ -6460,7 +6573,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z19.string().parse(file.to),
+      path: z20.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -6805,30 +6918,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 
 // src/features/analysis/graphql/types.ts
-import { z as z20 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z20.object({
-  vulnerabilityReportIssueId: z20.string(),
-  path: z20.string(),
-  startLine: z20.number(),
-  vulnerabilityReportIssue: z20.object({
-    fixId: z20.string()
+import { z as z21 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z21.object({
+  vulnerabilityReportIssueId: z21.string(),
+  path: z21.string(),
+  startLine: z21.number(),
+  vulnerabilityReportIssue: z21.object({
+    fixId: z21.string()
   })
 });
-var GetVulByNodesMetadataZ = z20.object({
-  vulnerabilityReportIssueCodeNodes: z20.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+var GetVulByNodesMetadataZ = z21.object({
+  vulnerabilityReportIssueCodeNodes: z21.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   }),
-  fixablePrVuls: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+  fixablePrVuls: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   }),
-  totalScanVulnerabilities: z20.object({
-    aggregate: z20.object({
-      count: z20.number()
+  totalScanVulnerabilities: z21.object({
+    aggregate: z21.object({
+      count: z21.number()
     })
   })
 });
@@ -7842,7 +7955,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z21.string().parse(repo),
+      repoUrl: z22.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -8081,9 +8194,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z21.object({
-          repo: z21.string().url(),
-          githubActionToken: z21.string()
+        const params2 = z22.object({
+          repo: z22.string().url(),
+          githubActionToken: z22.string()
         }).parse({ repo, githubActionToken });
         const scm = await SCMLib.init(
           {
@@ -8105,7 +8218,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm,
-              scanner: z21.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z22.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -8332,7 +8445,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z22 } from "zod";
+import { z as z23 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -8349,13 +8462,13 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z22.string({
+var UrlZ = z23.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 }).refine((data) => !!sanityRepoURL(data), {
   message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z22.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z23.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -8563,13 +8676,6 @@ var parseArgs = async (args) => {
     )} ${chalk9.dim("[options]")}
             `
   ).version(false).command(
-    mobbCliCommand.addScmToken,
-    chalk9.bold(
-      "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
-    ),
-    addScmTokenBuilder,
-    addScmTokenHandler
-  ).command(
     mobbCliCommand.scan,
     chalk9.bold(
       "Scan your code for vulnerabilities, get automated fixes right away."
@@ -8586,10 +8692,17 @@ var parseArgs = async (args) => {
   ).command(
     mobbCliCommand.review,
     chalk9.bold(
-      "(beta) Mobb will review your github pull requests and provide comments with fixes "
+      "Mobb will review your github pull requests and provide comments with fixes "
     ),
     reviewBuilder,
     reviewHandler
+  ).command(
+    mobbCliCommand.addScmToken,
+    chalk9.bold(
+      "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
+    ),
+    addScmTokenBuilder,
+    addScmTokenHandler
   ).example(
     "$0 scan -r https://github.com/WebGoat/WebGoat",
     "Scan an existing repository"