Go modules · proxy.golang.org
github.com/securesign/secure-sign-operator
Remote Payload: matched "curl "
Why PkgRadar flagged v1.1.1-0.20260612062140-d8a5bcf898c4
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/securesign/[email protected]/internal/controller/ctlog/actions/monitor/statefulset.go |
| medium | Remote Payload | matched "curl " · github.com/securesign/[email protected]/internal/controller/rekor/actions/backfillRedis/backfill_redis_cronjob.go |
| medium | Remote Payload | matched "curl " · github.com/securesign/[email protected]/internal/controller/rekor/actions/monitor/statefulset.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.1.1-0.20260612062140-d8a5bcf898c4 | High risk | 36 | 2026-06-15 |
v1.3.5 | Review | 24 | 2026-06-15 |
v1.1.1-0.20260530212140-64ea0fb65397 | High risk | 36 | 2026-06-02 |
v1.4.1 | High risk | 36 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem go github.com/securesign/[email protected]