Go modules · proxy.golang.org

github.com/djoshy/machine-config-operator

Tls Verification Disabled: matched "InsecureSkipVerify: true"

Why PkgRadar flagged v0.0.0-20260618140350-5d90e399e718

Severity	Signal	Evidence
medium	Tls Verification Disabled	matched "InsecureSkipVerify: true" · github.com/djoshy/[email protected]/cmd/apiserver-watcher/run.go
medium	Tls Verification Disabled	matched "verify=false" · github.com/djoshy/[email protected]/devex/cmd/mco-builder/internal/builders/common.go
medium	Tls Verification Disabled	matched "verify=false" · github.com/djoshy/[email protected]/devex/cmd/mco-builder/internal/builders/podman.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260618140350-5d90e399e718`	Review	36	2026-06-20
`v0.0.0-20260611174504-ae65f6d89b01`	Low risk	0	2026-06-13
`v0.0.0-20260608192052-62dbab4477ce`	Low risk	0	2026-06-10
`v0.0.0-20260602183623-3ffecb58d54a`	Low risk	0	2026-06-05

Block this in CI

PkgRadar gates github.com/djoshy/machine-config-operator (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/djoshy/[email protected]