PkgRadar

Go modules · proxy.golang.org

github.com/Sigstore/sigstore

Remote Payload: matched "curl "

Why PkgRadar flagged v1.4.1

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · github.com/sigstore/[email protected]/go.sum

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.7.2Low risk02026-06-14
v1.7.1Low risk02026-06-14
v1.4.1Review122026-06-14
v1.10.7Low risk02026-06-14
v1.9.1Low risk02026-06-14
v1.6.3Low risk02026-06-14
v1.8.15Low risk02026-06-14
v1.10.0Low risk02026-06-14
v1.7.3Low risk02026-06-14
v1.7.5Low risk02026-06-14
v1.4.4Low risk02026-06-14
v1.5.2Low risk02026-06-14
v1.10.2Low risk02026-06-14
v1.9.4Low risk02026-06-14
v1.9.3Low risk02026-06-14
v1.4.0Review122026-06-14
v1.2.0Low risk02026-06-14
v1.10.4Low risk02026-06-14
v1.6.1Low risk02026-06-14
v1.10.5Low risk02026-06-14
v1.9.2Low risk02026-06-14
v1.10.6Low risk02026-06-14
v1.9.5Low risk02026-06-14
v1.8.1Low risk02026-06-14
v1.10.3Low risk02026-06-14
v1.6.2Low risk02026-06-14
v1.0.1Low risk02026-06-14
v1.1.0Low risk02026-06-14
v1.8.4Low risk02026-06-14
v1.7.6Low risk02026-06-14
v1.10.9-0.20260609054351-f2384199269bLow risk02026-06-14
v1.10.8Low risk02026-06-14
v1.0.2-0.20211210190220-04746d994282Low risk02026-06-14

Block this in CI

PkgRadar gates github.com/Sigstore/sigstore (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/Sigstore/[email protected]
Start free — 25 scans / moView full evidence