Go modules · proxy.golang.org

github.com/appthrust/local-irsa

Credential file access: matched ".aws/"

Why PkgRadar flagged v0.0.0-20260527222328-0f4d7677aa9a

Severity	Signal	Evidence
high	Credential file access	matched ".aws/" · github.com/appthrust/[email protected]/internal/app/kube.go
high	Credential file access	matched ".aws/" · github.com/appthrust/[email protected]/internal/app/webhook.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260527222328-0f4d7677aa9a`	High risk	50	2026-05-30

Block this in CI

PkgRadar gates github.com/appthrust/local-irsa (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/appthrust/[email protected]