Go modules · proxy.golang.org
github.com/mindersec/minder
Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.
Why PkgRadar flagged v0.0.0-20260529074101-4ea1aea8a17d
| Severity | Signal | Evidence |
|---|---|---|
| medium | Go Generate Shell | //go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/mindersec/[email protected]/internal/auth/keycloak/client/client.go |
| medium | Remote Payload | matched "cUrl " · github.com/mindersec/[email protected]/cmd/server/app/serve.go |
| medium | Remote Payload | matched "cUrl " · github.com/mindersec/[email protected]/internal/auth/keycloak/keycloak.go |
| medium | Remote Payload | matched "curl " · github.com/mindersec/[email protected]/internal/engine/actions/alert/security_advisory/security_advisory.go |
| medium | Remote Payload | matched "curl " · github.com/mindersec/[email protected]/internal/engine/actions/remediate/gh_branch_protect/gh_branch_protect.go |
| medium | Remote Payload | matched "curl " · github.com/mindersec/[email protected]/internal/engine/actions/remediate/pull_request/pull_request.go |
| medium | Remote Payload | matched "curl " · github.com/mindersec/[email protected]/internal/engine/actions/remediate/rest/rest.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260529074101-4ea1aea8a17d | Review | 95 | 2026-05-30 |
v0.1.3-0.20260529063433-14b279a522ca | Review | 95 | 2026-05-30 |
v0.0.0-20260529063433-14b279a522ca | Review | 95 | 2026-05-30 |
v0.1.3-0.20260528210318-6a8895eec79f | Review | 95 | 2026-05-30 |
v0.0.0-20260528210318-6a8895eec79f | Review | 95 | 2026-05-30 |
v0.1.3-0.20260528133401-71a061f9ab60 | Review | 95 | 2026-05-29 |
v0.0.0-20260528133401-71a061f9ab60 | Review | 95 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/mindersec/[email protected]