Go modules · proxy.golang.org
github.com/ovh/cds
Remote Payload: matched "curl "
Why PkgRadar flagged v0.57.1-0.20260611135522-3f8f544f1462
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/ovh/[email protected]/cli/cdsctl/main.go |
| medium | Remote Payload | matched "curl " · github.com/ovh/[email protected]/engine/api/workermodel/init.go |
| medium | Remote Payload | matched "github.com/ovh/cds/releases/download" · github.com/ovh/[email protected]/engine/cmd_database.go |
| medium | Remote Payload | matched "curl " · github.com/ovh/[email protected]/engine/hatchery/swarm/swarm_util_kill.go |
| medium | Remote Payload | matched "cURL " · github.com/ovh/[email protected]/engine/vcs/github/github.go |
| medium | Remote Payload | matched "curl " · github.com/ovh/[email protected]/engine/worker/cmd.go |
| medium | Remote Payload | matched "github.com/ovh/cds/releases/download" · github.com/ovh/[email protected]/sdk/download.go |
| medium | Remote Payload | matched "curl " · github.com/ovh/[email protected]/sdk/hatchery/hatchery.go |
| medium | Remote Payload | matched "cURL " · github.com/ovh/[email protected]/sdk/hooks_repository_event.go |
| medium | Remote Payload | matched "cURL " · github.com/ovh/[email protected]/sdk/v2_workflow_run_detail.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/ovh/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.57.1-0.20260611135522-3f8f544f1462 | High risk | 130 | 2026-06-12 |
v0.0.0-20260611135522-3f8f544f1462 | High risk | 130 | 2026-06-12 |
Block this in CI
pkgradar gate --ecosystem go github.com/ovh/[email protected]