PkgRadar

Go modules · proxy.golang.org

github.com/Smallstep/certificates

Shell Credential File Read, Tls Verification Disabled, Credential file access

Why PkgRadar flagged v0.14.0

SeveritySignalEvidence
highShell Credential File Readgithub.com/smallstep/[email protected]/authority/provisioner/keystore.go
mediumTls Verification Disabledgithub.com/smallstep/[email protected]/acme/challenge.go
mediumTls Verification Disabledgithub.com/smallstep/[email protected]/ca/client.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.14.0High risk742026-06-25
v0.14.1High risk742026-06-25
v0.14.2High risk742026-06-25
v0.14.3High risk742026-06-25
v0.14.4High risk742026-06-25
v0.14.5High risk742026-06-25
v0.14.6High risk742026-06-25
v0.15.0High risk742026-06-25
v0.15.1High risk742026-06-25
v0.15.2High risk742026-06-25
v0.15.3High risk742026-06-25
v0.15.4High risk742026-06-25
v0.15.5High risk742026-06-25
v0.15.6High risk742026-06-25
v0.15.7High risk742026-06-25
v0.15.8High risk742026-06-25
v0.28.1High risk1102026-06-25
v0.15.9High risk742026-06-25
v0.28.2High risk1102026-06-25
v0.15.10High risk742026-06-25
v0.28.3High risk1102026-06-25
v0.15.11High risk742026-06-25
v0.28.4High risk1102026-06-25
v0.30.1High risk1102026-06-25
v0.15.12High risk742026-06-25
v0.29.0High risk1102026-06-25
v0.30.3-0.20260624125458-af6ef0cd105eHigh risk1102026-06-25
v0.30.2High risk1102026-06-25
v0.15.13High risk742026-06-25
v0.30.0High risk1102026-06-25

Block this in CI

PkgRadar gates github.com/Smallstep/certificates (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/Smallstep/[email protected]
Start free — 25 scans / moView full evidence