PkgRadar

Go modules · proxy.golang.org

github.com/CloudPosse/atmos

Remote Payload: matched "cURL "

Why PkgRadar flagged v1.222.0-rc.0.0.20260615020324-7fc9c3ed5534

SeveritySignalEvidence
mediumRemote Payloadmatched "cURL " · github.com/cloudposse/[email protected]/pkg/aws/security/ocsf.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/config/default.go
mediumRemote Payloadmatched "cURL " · github.com/cloudposse/[email protected]/pkg/git/yaml_tags.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/http/client.go
mediumRemote Payloadmatched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/installer/asset.go
mediumRemote Payloadmatched "curl " · github.com/cloudposse/[email protected]/pkg/toolchain/installer/download.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/toolchain/installer/installer.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/toolchain/registry/aqua/aqua.go
mediumRemote Payloadmatched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/verification/checksum.go
mediumRemote Payloadmatched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/verification/signature.go
mediumRemote Payloadmatched "cURL\n\t" · github.com/cloudposse/[email protected]/pkg/utils/yaml_utils.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.222.0-rc.0.0.20260615020324-7fc9c3ed5534High risk1652026-06-16
v1.222.0-rc.0High risk1652026-06-16
v1.221.1High risk1652026-06-14
v1.221.1-0.20260611082140-06e019685d48High risk1652026-06-12
v1.221.0High risk1652026-06-12
v1.221.0-test.0High risk1652026-06-12
v1.221.0-rc.6High risk1652026-06-08
v1.221.0-rc.5High risk1652026-06-08
v1.221.0-rc.4High risk1652026-06-05
v1.221.0-rc.3High risk1652026-06-04
v1.221.0-rc.2High risk1652026-06-03
v1.221.0-rc.1.0.20260530233219-30238462ca77High risk1652026-06-01
v1.221.0-rc.0High risk1652026-06-01
v1.221.0-rc.1High risk1652026-06-01
v1.220.0Review1652026-05-29

Block this in CI

PkgRadar gates github.com/CloudPosse/atmos (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/CloudPosse/[email protected]
Start free — 25 scans / moView full evidence