PkgRadar

Go modules · proxy.golang.org

github.com/harness/drone

Shell Credential File Read, Tls Verification Disabled, Remote Payload +3 more

Why PkgRadar flagged v1.0.4-gitspaces-beta.0.20260629152652-90e17cd9a630

SeveritySignalEvidence
highShell Credential File Read
highShell Credential File Read
mediumTls Verification Disabled
mediumRemote Payload
mediumTls Verification Disabled
mediumRemote Payload
mediumRemote Payload
mediumTls Verification Disabled
mediumTls Verification Disabled
mediumRemote Payload
mediumGo Mod Replace Local

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.4-gitspaces-beta.0.20260629152652-90e17cd9a630High risk1802026-06-30
v0.0.0-20260629152652-90e17cd9a630High risk1802026-06-30

Block this in CI

PkgRadar gates github.com/harness/drone (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/harness/[email protected]
github.com/harness/drone — Go modules security scan | PkgRadar