PkgRadar

Go modules · proxy.golang.org

github.com/cADDYserver/cADDY/v2

Tls Verification Disabled: matched "InsecureSkipVerify: true"

Why PkgRadar flagged v2.11.5-0.20260618174258-69d6ace32e23

SeveritySignalEvidence
mediumTls Verification Disabledmatched "InsecureSkipVerify: true" · github.com/caddyserver/caddy/[email protected]/caddytest/caddytest.go
mediumTls Verification Disabledmatched "--insecure" · github.com/caddyserver/caddy/[email protected]/modules/caddyhttp/reverseproxy/command.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v2.11.5-0.20260618174258-69d6ace32e23Review242026-06-20
v2.11.3Review242026-06-20
v2.11.5-0.20260618033102-d2e0ad1e9232Low risk02026-06-19
v2.11.4Low risk02026-06-19

Block this in CI

PkgRadar gates github.com/cADDYserver/cADDY/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/cADDYserver/cADDY/[email protected]
Start free — 25 scans / moView full evidence