Go modules · proxy.golang.org

github.com/semgrep/semgrep-rules

Shipped Live Secret, Tls Verification Disabled, Messenger Bot Endpoint +1 more

Why PkgRadar flagged v0.0.0-20260617072517-d41fb34cf744

Severity	Signal	Evidence
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/aws-access-token.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/github-app-token.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/github-fine-grained-pat.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/github-oauth.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/github-pat.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/github-refresh-token.go
high	Shipped Live Secret	github.com/semgrep/[email protected]/generic/secrets/gitleaks/slack-access-token.go
medium	Tls Verification Disabled	github.com/semgrep/[email protected]/go/lang/security/audit/crypto/missing-ssl-minversion.fixed.go
medium	Tls Verification Disabled	github.com/semgrep/[email protected]/go/lang/security/audit/crypto/missing-ssl-minversion.go
medium	Tls Verification Disabled	github.com/semgrep/[email protected]/go/lang/security/audit/crypto/ssl.go
medium	Tls Verification Disabled	github.com/semgrep/[email protected]/go/lang/security/injection/tainted-url-host.go
medium	Tls Verification Disabled	github.com/semgrep/[email protected]/problem-based-packs/insecure-transport/go-stdlib/bypass-tls-verification.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260617072517-d41fb34cf744`	High risk	173	2026-06-24

Block this in CI

PkgRadar gates github.com/semgrep/semgrep-rules (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/semgrep/[email protected]