Go modules · proxy.golang.org

github.com/google/go-containerRegistry

Remote Payload, Tls Verification Disabled

Why PkgRadar flagged v0.20.6

Severity	Signal	Evidence
medium	Remote Payload	github.com/google/[email protected]/cmd/crane/cmd/auth.go
medium	Tls Verification Disabled	github.com/google/[email protected]/pkg/crane/options.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.20.6`	Review	24	2026-06-21
`v0.21.6`	Review	24	2026-06-21
`v0.18.0`	Review	24	2026-06-21
`v0.21.0`	Review	24	2026-06-21
`v0.19.1`	Review	24	2026-06-21
`v0.20.4`	Review	24	2026-06-21
`v0.12.0`	Low risk	0	2026-06-21
`v0.20.5`	Review	24	2026-06-21
`v0.21.5`	Review	24	2026-06-21
`v0.1.2`	Low risk	0	2026-06-21
`v0.1.3`	Low risk	0	2026-06-21
`v0.9.0`	Review	12	2026-06-21
`v0.3.0`	Low risk	0	2026-06-21
`v0.21.4`	Review	24	2026-06-21
`v0.15.0`	Review	12	2026-06-21
`v0.4.0`	Low risk	0	2026-06-21
`v0.20.2`	Review	24	2026-06-21
`v0.20.1`	Review	24	2026-06-21
`v0.4.1`	Low risk	0	2026-06-21
`v0.1.4`	Low risk	0	2026-06-21
`v0.21.1`	Review	24	2026-06-21
`v0.21.2`	Review	24	2026-06-21
`v0.20.0`	Review	24	2026-06-21
`v0.5.1`	Low risk	0	2026-06-21
`v0.6.1`	Low risk	0	2026-06-21
`v0.8.0`	Low risk	0	2026-06-21
`v0.5.0`	Low risk	0	2026-06-21
`v0.6.0`	Low risk	0	2026-06-21
`v0.7.0`	Low risk	0	2026-06-21
`v0.14.0`	Review	12	2026-06-21
`v0.12.1`	Low risk	0	2026-06-21
`v0.11.0`	Review	12	2026-06-21

Block this in CI

PkgRadar gates github.com/google/go-containerRegistry (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/google/[email protected]