PkgRadar

Go modules · proxy.golang.org

github.com/lowrisc/opentitan

Remote Payload: matched "github.com/bazelbuild/bazelisk/releases/download"

Why PkgRadar flagged v0.0.0-20260528083003-030d10386cda

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/bazelbuild/bazelisk/releases/download" · github.com/lowrisc/[email protected]/bazelisk.sh
mediumRemote Payloadmatched "curl " · github.com/lowrisc/[email protected]/util/prep-bazel-airgapped-build.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20260611152841-a586f966ee39Low risk02026-06-12
v0.0.0-20260611135838-1b0a5909b134Low risk02026-06-12
v0.0.0-20260611132428-65e49a1cfb6bLow risk02026-06-12
v0.0.0-20260610144220-26f59d7c5476Low risk02026-06-11
v0.0.0-20260610144055-b47abbc1c0a8Low risk02026-06-11
v0.0.0-20260610134047-0bc453e2931bLow risk02026-06-11
v0.0.0-20260610094633-47f41b936a54Low risk02026-06-11
v0.0.0-20260609173554-3e70efbd5809Low risk02026-06-10
v0.0.0-20260609124855-e1ddeb5ab3dcLow risk02026-06-10
v0.0.0-20260608140432-d730ff6216d3Low risk02026-06-09
v0.0.0-20260608120900-3369103a6b9bLow risk02026-06-09
v0.0.0-20260608120114-6164fc088836Low risk02026-06-09
v0.0.0-20260605212631-2348eb2d2a78Low risk02026-06-06
v0.0.0-20260605114406-24267c842803Low risk02026-06-06
v0.0.0-20260604111750-53fb3313cb5dLow risk02026-06-05
v0.0.0-20260603183812-641be10ac7ebLow risk02026-06-04
v0.0.0-20260603150836-b6d8cec1acdfLow risk02026-06-04
v0.0.0-20260602082024-26c360be60dfLow risk02026-06-03
v0.0.0-20260601092547-a58153c55f35Low risk02026-06-02
v0.0.0-20260529082438-1bd5f9a0371fLow risk02026-05-30
v0.0.0-20260528141836-1d0cf808c91fLow risk02026-05-29
v0.0.0-20260528083003-030d10386cdaReview242026-05-29
v0.0.0-20260528082924-77fe7fcb1a3bReview242026-05-29

Block this in CI

PkgRadar gates github.com/lowrisc/opentitan (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/lowrisc/[email protected]
Start free — 25 scans / moView full evidence