Go modules · proxy.golang.org

github.com/AthenZ/athenz

Shell Credential File Read, Obfuscation Density

Why PkgRadar flagged v1.12.44-0.20260624035623-3a7ae0530aa5

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/athenz/[email protected]/libs/go/zmssvctoken/keystore.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.12.44-0.20260624035623-3a7ae0530aa5`	High risk	45	2026-06-26
`v1.12.44-0.20260619152821-0afddc9c6af7`	Low risk	0	2026-06-20
`v1.12.43`	Low risk	0	2026-06-20
`v1.12.43-0.20260618012012-5c5421270ce5`	Low risk	0	2026-06-19
`v1.12.43-0.20260602175023-3aefdf17f7db`	Low risk	0	2026-06-05
`v1.12.38-0.20260409205040-51fda18727a2`	Low risk	0	2026-06-05
`v1.12.43-0.20260602050927-1c234e361ef9`	Low risk	0	2026-06-03
`v1.12.43-0.20260528063514-7f32fa5f302f`	Low risk	0	2026-05-30
`v1.12.42`	Low risk	0	2026-05-30
`v1.12.43-0.20260528063957-fed5efe72c77`	Low risk	0	2026-05-30

Block this in CI

PkgRadar gates github.com/AthenZ/athenz (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/AthenZ/[email protected]