PkgRadar

Go modules · proxy.golang.org

github.com/bitrise-io/bitrise/v2

Remote Payload: matched "curl "

Why PkgRadar flagged v2.40.4

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · github.com/bitrise-io/bitrise/[email protected]/bitrise/dependencies.go
mediumRemote Payloadmatched "github.com/bitrise-io/bitrise/releases/download" · github.com/bitrise-io/bitrise/[email protected]/cli/update.go
mediumRemote Payloadmatched "github.com/jdx/mise/releases/download" · github.com/bitrise-io/bitrise/[email protected]/toolprovider/mise/bootstrap.go
mediumRemote Payloadmatched "github.com/\" + githubUser + \"/\" + toolName + \"/releases/download" · github.com/bitrise-io/bitrise/[email protected]/tools/tools.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v2.40.4Review482026-05-30

Block this in CI

PkgRadar gates github.com/bitrise-io/bitrise/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/bitrise-io/bitrise/[email protected]
Start free — 25 scans / moView full evidence
github.com/bitrise-io/bitrise/v2 — Go modules security scan | PkgRadar