Go modules · proxy.golang.org

github.com/edgelesssys/contrast/imagepuller

Go Mod Replace Local: go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only.

Why PkgRadar flagged v0.0.0-20260615125729-3c61e1a1282d

Severity	Signal	Evidence
medium	Go Mod Replace Local	go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/edgelesssys/contrast/[email protected]/go.mod

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260615125729-3c61e1a1282d`	Review	10	2026-06-16
`v0.0.0-20260615110632-35f2a5b2be94`	Review	10	2026-06-16
`v0.0.0-20260615051213-7b53c2d612f7`	Review	10	2026-06-16
`v0.0.0-20260611154931-6615d9a567c3`	Review	10	2026-06-12
`v0.0.0-20260611093246-03f74709dd2b`	Review	10	2026-06-12
`v0.0.0-20260608095915-cc3d34b1a2e7`	Review	10	2026-06-09
`v0.0.0-20260608045208-0a13b4540c42`	Review	10	2026-06-09
`v0.0.0-20260603120623-406094d88986`	Review	10	2026-06-04
`v0.0.0-20260602120004-f99be92aa64f`	Review	10	2026-06-03
`v0.0.0-20260601115743-ca66f807b480`	Review	10	2026-06-02
`v0.0.0-20260601053317-c41978592d70`	Review	10	2026-06-02
`v0.0.0-20260529072545-959ddb9a345c`	Review	10	2026-05-30
`v0.0.0-20260528135839-006ce363736d`	Review	10	2026-05-29

Block this in CI

PkgRadar gates github.com/edgelesssys/contrast/imagepuller (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/edgelesssys/contrast/[email protected]