PkgRadar

Go modules · proxy.golang.org

github.com/SECUREGO/gosec/v2

Shipped Live Secret, Remote Payload, Tls Verification Disabled +1 more

Why PkgRadar flagged v2.20.0

SeveritySignalEvidence
highShipped Live Secret
mediumRemote Payload
mediumRemote Payload
mediumTls Verification Disabled

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v2.20.0High risk812026-07-05
v2.27.1High risk932026-07-05
v2.27.2-0.20260629081114-11023e51e1f4High risk932026-07-05

Block this in CI

PkgRadar gates github.com/SECUREGO/gosec/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/SECUREGO/gosec/[email protected]
github.com/SECUREGO/gosec/v2 — Go modules security scan | PkgRadar