PkgRadar

Go modules · proxy.golang.org

github.com/actions/actions-runner-controller

Shipped Live Secret

Why PkgRadar flagged v0.27.7-0.20260627163032-24686a974e47

SeveritySignalEvidence
highShipped Live Secret

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.27.7-0.20260627163032-24686a974e47High risk452026-06-28
v0.27.7-0.20260619110817-c7005c3696e3Low risk02026-06-20
v0.27.7-0.20260615105113-9c5051416023Low risk02026-06-16
v0.27.7-0.20260612142817-391bc57773dcLow risk02026-06-13
v0.27.7-0.20260609115237-767e58e4b14aLow risk02026-06-10
v0.27.7-0.20260609085043-0acef229e2dfLow risk02026-06-10
v0.0.0-20260522100713-9bb16ae49d0cLow risk02026-05-31
v0.27.7-0.20260529225553-0dc5f8a0c22dLow risk02026-05-31

Block this in CI

PkgRadar gates github.com/actions/actions-runner-controller (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/actions/[email protected]
Start free — 25 scans / moView full evidence
github.com/actions/actions-runner-controller — Go modules security scan | PkgRadar