Go modules · proxy.golang.org

github.com/sonarsource/sonarlint-core

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260528092308-3e85b7bf3d97

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/sonarsource/[email protected]/backend/core/src/main/resources/ai/hooks/sonarqube_analysis_hook.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260608080727-5c51a13837a6`	Low risk	0	2026-06-09
`v0.0.0-20260604102059-77d1451f2084`	Low risk	0	2026-06-05
`v0.0.0-20260602160452-e5286fc2e417`	Low risk	0	2026-06-04
`v0.0.0-20260528092308-3e85b7bf3d97`	Review	12	2026-05-29
`v0.0.0-20260527171413-de327f9b90a4`	Review	12	2026-05-29

Block this in CI

PkgRadar gates github.com/sonarsource/sonarlint-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/sonarsource/[email protected]