PkgRadar

Go modules · proxy.golang.org

github.com/grafana/alloy

Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.

Why PkgRadar flagged v0.0.0-20260611062835-0ed4a6087333

SeveritySignalEvidence
mediumGo Generate Shell//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/grafana/[email protected]/internal/static/integrations/snmp_exporter/common/common.go
mediumRemote Payloadmatched "github.com/prometheus-operator/prometheus-operator/releases/download" · github.com/grafana/[email protected]/integration-tests/k8s/deps/prometheus_operator.go
mediumRemote Payloadmatched "cUrl " · github.com/grafana/[email protected]/internal/component/faro/receiver/sourcemaps.go
mediumRemote Payloadmatched "cURL " · github.com/grafana/[email protected]/internal/web/ui/ui.go
mediumGo Mod Replace Localgo.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/grafana/[email protected]/go.mod

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20260611062835-0ed4a6087333High risk662026-06-12
v0.0.0-20260610092523-46cd81f6aeb5High risk662026-06-11
v1.16.1-0.20260610060458-68b41d59fd7bHigh risk662026-06-11
v0.0.0-20260610060458-68b41d59fd7bHigh risk662026-06-11
v1.16.1-0.20260609144024-805ec5e93d0eHigh risk662026-06-10
v0.0.0-20260609140727-3c1ebce12188High risk662026-06-10
v1.16.1-0.20260609132545-4c06a64254aaHigh risk662026-06-10
v0.0.0-20260609132545-4c06a64254aaHigh risk662026-06-10
v0.0.0-20260609120433-8a69e8cfa207High risk662026-06-10
v1.16.1-0.20260609070302-0c1ff8efaf16High risk662026-06-10
v0.0.0-20260609070302-0c1ff8efaf16High risk662026-06-10
v1.16.1-0.20260608235505-bee0d18011c3High risk662026-06-10
v0.0.0-20260608235505-bee0d18011c3High risk662026-06-10
v1.17.0-rc.0High risk662026-06-09
v1.16.1-0.20260608194217-06025b84eaccHigh risk662026-06-09
v0.0.0-20260608194217-06025b84eaccHigh risk662026-06-09
v1.16.1-0.20260608183320-c0a112e44fc6High risk662026-06-09
v0.0.0-20260608183320-c0a112e44fc6High risk662026-06-09
v1.16.1-0.20260608152852-7749d4f3f5f2High risk662026-06-09
v0.0.0-20260608152852-7749d4f3f5f2High risk662026-06-09
v1.16.3Review542026-06-09
v1.16.1-0.20260608093643-dcb1ef33f57dHigh risk662026-06-09
v0.0.0-20260608093643-dcb1ef33f57dHigh risk662026-06-09
v1.16.1-0.20260608090217-541350ef331dHigh risk662026-06-09
v0.0.0-20260608090217-541350ef331dHigh risk662026-06-09
v0.0.0-20260608083919-cf35ad630f21High risk662026-06-09
v1.16.1-0.20260608053240-2ed21e631728High risk662026-06-09
v0.0.0-20260608053240-2ed21e631728High risk662026-06-09
v0.0.0-20260605203330-c03b9af8c59cHigh risk662026-06-06
v0.0.0-20260605184728-efbad6de6cddHigh risk662026-06-06
v0.0.0-20260605183241-ec09c439407eHigh risk662026-06-06
v1.16.1-0.20260605133038-fcb3d3ef3cc3High risk662026-06-06
v0.0.0-20260605092139-94664d3ca593High risk662026-06-06
v0.0.0-20260605090429-ed526ef9f190High risk662026-06-06
v1.16.1-0.20260605065831-78654422caa4High risk662026-06-06
v0.0.0-20260605065831-78654422caa4High risk662026-06-06
v1.16.1-0.20260604162956-74d595ab2ce8High risk662026-06-05
v0.0.0-20260604152833-fd0c97463e83High risk662026-06-05
v0.0.0-20260604143856-433d2c3a8460High risk662026-06-05
v1.16.1-0.20260604134729-92703f02ab71High risk662026-06-05
v0.0.0-20260604134729-92703f02ab71High risk662026-06-05
v0.0.0-20260604133602-5f2a9aa9dfbaHigh risk662026-06-05
v1.16.1-0.20260604125546-51fb7d21eb9cHigh risk662026-06-05
v0.0.0-20260604122650-065ef03d6273High risk662026-06-05
v1.16.1-0.20260604120234-0d044f57ee09High risk662026-06-05
v0.0.0-20260604120234-0d044f57ee09High risk662026-06-05
v0.0.0-20260604095945-5877b6523586High risk662026-06-05
v1.16.1-0.20260604093000-3b27597db082High risk662026-06-05
v1.16.1-0.20260604074318-8441213e4c74High risk662026-06-05
v0.0.0-20260604074318-8441213e4c74High risk662026-06-05
v0.0.0-20260603145852-3c48891b67e4High risk662026-06-04
v0.0.0-20260603142146-6c3bd6538241High risk662026-06-04
v1.16.1-0.20260603100131-f82d833dffdbHigh risk662026-06-04
v0.0.0-20260603100131-f82d833dffdbHigh risk662026-06-04
v1.16.1-0.20260603092239-03656f9c69faHigh risk662026-06-04
v0.0.0-20260602210634-3732b40afc94High risk662026-06-03
v0.0.0-20260602153750-6a208f46f822High risk662026-06-03
v1.16.1-0.20260602143535-b2fbe1ab52b6High risk662026-06-03
v0.0.0-20260602143535-b2fbe1ab52b6High risk662026-06-03
v1.16.1-0.20260602112829-a47de00d0747High risk662026-06-03
v0.0.0-20260602112829-a47de00d0747High risk662026-06-03
v0.0.0-20260602092718-b52a4d887b6cHigh risk662026-06-03
v1.16.1-0.20260601194600-1fbc9196fcc6High risk662026-06-02
v1.16.1-0.20260601182226-cb2ec4e2e820High risk662026-06-02
v0.0.0-20260601182226-cb2ec4e2e820High risk662026-06-02
v0.0.0-20260601173429-79323b5685acHigh risk662026-06-02
v0.0.0-20260601171617-95dc1929cc49High risk662026-06-02
v1.16.1-0.20260601152428-6430123c2d9bHigh risk662026-06-02
v0.0.0-20260601152428-6430123c2d9bHigh risk662026-06-02
v0.0.0-20260601144529-54157c870b8aHigh risk662026-06-02
v1.16.1-0.20260601141343-00641afefa08High risk662026-06-02
v0.0.0-20260601141343-00641afefa08High risk662026-06-02
v0.0.0-20260601125043-9f008b4226b0High risk662026-06-02
v1.16.1-0.20260601123538-9166a61d4085High risk662026-06-02
v0.0.0-20260601123538-9166a61d4085High risk662026-06-02
v1.16.1-0.20260601101015-3d73a381c1b6High risk662026-06-02
v0.0.0-20260601101015-3d73a381c1b6High risk662026-06-02
v1.16.1-0.20260601090135-6aaea619dbf6High risk662026-06-02
v0.0.0-20260601090135-6aaea619dbf6High risk662026-06-02
v0.0.0-20260601072352-a47e8039c884High risk662026-06-02
v1.16.1-0.20260601064530-a1e61c7abc7cHigh risk662026-06-02
v0.0.0-20260601064530-a1e61c7abc7cHigh risk662026-06-02
v0.0.0-20260530014404-8860ec155df6Review662026-05-31
v1.16.1-0.20260529194515-85e12ba42faaReview662026-05-30
v0.0.0-20260528112121-048c70b4e328High risk662026-05-30
v0.0.0-20260528103837-2b0b89661074High risk662026-05-30
v1.16.1-0.20260529154950-bf7eb2b7dcd9Review662026-05-30
v0.0.0-20260529154950-bf7eb2b7dcd9Review662026-05-30
v1.16.1-0.20260529141618-97658bfb3003Review662026-05-30
v0.0.0-20260529130909-ec0df0e71a77Review662026-05-30
v1.16.1-0.20260529095118-02883fbf2826Review662026-05-30
v0.0.0-20260529095118-02883fbf2826Review662026-05-30
v0.0.0-20260529091503-018210dc8a43Review662026-05-30
v1.16.1-0.20260529090230-61b2595a0af2Review662026-05-30
v0.0.0-20260529090230-61b2595a0af2Review662026-05-30
v1.16.1-0.20260529070703-5af5ae4d8aa4Review662026-05-30
v0.0.0-20260529070703-5af5ae4d8aa4Review662026-05-30
v0.0.0-20260528170725-35ea0a861517Review662026-05-29
v0.0.0-20260528162636-4c7b93b9fd3cReview662026-05-29
v0.0.0-20260528151137-0714031b381eReview662026-05-29
v1.16.1-0.20260528144034-25e3d0fa5521Review662026-05-29
v0.0.0-20260528144034-25e3d0fa5521Review662026-05-29
v1.16.1-0.20260528131955-13b7dba7c0e9Review662026-05-29
v0.0.0-20260528131955-13b7dba7c0e9Review662026-05-29
v1.16.1-0.20260528121324-415af2cb369dReview662026-05-29
v0.0.0-20260528121324-415af2cb369dReview662026-05-29

Block this in CI

PkgRadar gates github.com/grafana/alloy (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/grafana/[email protected]
Start free — 25 scans / moView full evidence