Go modules · proxy.golang.org

github.com/SonarSource/sonarqube

DNS / OAST exfiltration: matched "oastify.com"

Why PkgRadar flagged v0.0.0-20260606202847-cd77e50dd252

Severity	Signal	Evidence
high	DNS / OAST exfiltration	matched "oastify.com" · github.com/sonarsource/[email protected]/response.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260606202847-cd77e50dd252`	High risk	30	2026-06-08
`v0.0.0-20260605203933-c89ae0efbb30`	High risk	30	2026-06-07
`v0.0.0-20260603210728-b22bb65fe8cc`	High risk	30	2026-06-05
`v0.0.0-20260601211543-e02ee4ece74f`	High risk	30	2026-06-03
`v0.0.0-20260529204925-7e37b0d8e3c2`	High risk	30	2026-05-30
`v0.0.0-20260528205042-4db10707fc31`	High risk	30	2026-05-30

Block this in CI

PkgRadar gates github.com/SonarSource/sonarqube (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/SonarSource/[email protected]