Go modules · proxy.golang.org
github.com/sigstore/k8s-manifest-sigstore
Remote Payload: matched "curl "
Why PkgRadar flagged v0.5.5-0.20260528070810-02f8549386d7
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/sigstore/[email protected]/go.sum |
| medium | Remote Payload | matched "curl " · github.com/sigstore/[email protected]/pkg/k8smanifest/provenance.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.5.5-0.20260528070810-02f8549386d7 | Review | 24 | 2026-05-30 |
v0.0.0-20260528070810-02f8549386d7 | Review | 24 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem go github.com/sigstore/[email protected]