Go modules · proxy.golang.org

github.com/heptio/velero

Tls Verification Disabled: matched "--insecure"

Why PkgRadar flagged v1.10.0-rc.1.0.20260617123033-2826b98190ec

Severity	Signal	Evidence
medium	Tls Verification Disabled	matched "--insecure" · github.com/heptio/[email protected]/pkg/cmd/util/downloadrequest/downloadrequest.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.10.0-rc.1.0.20260617123033-2826b98190ec`	Review	35	2026-06-20
`v1.18.2-rc.1`	Review	47	2026-06-20

Block this in CI

PkgRadar gates github.com/heptio/velero (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/heptio/[email protected]