[
  {
    "dimension": "security",
    "review_id": "review-20250125-143022",
    "analysis_timestamp": "2025-01-25T14:30:22Z",
    "cli_tool_used": "gemini",
    "model": "gemini-2.5-pro",
    "analysis_duration_ms": 2145000,
    "summary": {
      "total_findings": 15,
      "critical": 2,
      "high": 4,
      "medium": 6,
      "low": 3,
      "files_analyzed": 47,
      "lines_reviewed": 8932
    },
    "findings": [
      {
        "id": "sec-001-a1b2c3d4",
        "title": "SQL Injection vulnerability in user query",
        "severity": "critical",
        "category": "injection",
        "description": "Direct string concatenation in SQL query allows injection attacks. User input is not sanitized before query execution.",
        "file": "src/database/query-builder.ts",
        "line": 145,
        "snippet": "const query = `SELECT * FROM users WHERE id = ${userId}`;",
        "recommendation": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = ?', [userId])",
        "references": [
          "OWASP Top 10 - A03:2021 Injection",
          "https://owasp.org/www-community/attacks/SQL_Injection"
        ],
        "impact": "Potential data breach, unauthorized access to user records, data manipulation",
        "metadata": {
          "cwe_id": "CWE-89",
          "owasp_category": "A03:2021-Injection"
        },
        "iteration": 0,
        "status": "pending_remediation",
        "cross_references": []
      }
    ],
    "cross_references": [
      {
        "finding_id": "sec-001-a1b2c3d4",
        "related_dimensions": ["quality", "architecture"],
        "reason": "Same file flagged in multiple dimensions"
      }
    ]
  }
]