Go modules · proxy.golang.org
github.com/catenahq/scanctl
Remote Payload: matched "github.com/anchore/syft/releases/download"
Why PkgRadar flagged v0.0.0-20260610193833-0a30f5684da8
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/anchore/syft/releases/download" · github.com/catenahq/[email protected]/internal/runner/sbom.go |
| medium | Remote Payload | matched "github.com/aquasecurity/trivy/releases/download" · github.com/catenahq/[email protected]/internal/runner/tools.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260610193833-0a30f5684da8 | Review | 24 | 2026-06-11 |
v0.0.0-20260610175705-28d8b8d5820b | Review | 24 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem go github.com/catenahq/[email protected]