Go modules · proxy.golang.org
github.com/stacklok/minder
Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.
Why PkgRadar flagged v0.0.0-20260613033617-437ace3a088a
| Severity | Signal | Evidence |
|---|---|---|
| medium | Go Generate Shell | //go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/stacklok/[email protected]/internal/auth/keycloak/client/client.go |
| medium | Remote Payload | matched "cUrl " · github.com/stacklok/[email protected]/cmd/server/app/serve.go |
| medium | Remote Payload | matched "cUrl " · github.com/stacklok/[email protected]/internal/auth/keycloak/keycloak.go |
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/internal/engine/actions/alert/security_advisory/security_advisory.go |
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/internal/engine/actions/remediate/gh_branch_protect/gh_branch_protect.go |
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/internal/engine/actions/remediate/pull_request/pull_request.go |
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/internal/engine/actions/remediate/rest/rest.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260613033617-437ace3a088a | High risk | 95 | 2026-06-14 |
v0.0.0-20260612074617-0dcc010d1e31 | High risk | 95 | 2026-06-13 |
v0.1.3-0.20260611220816-fd280fdc2a3c | High risk | 95 | 2026-06-13 |
v0.1.3-0.20260610235905-9c5063c739e9 | High risk | 95 | 2026-06-12 |
v0.1.3-0.20260604220734-196d981350b4 | High risk | 95 | 2026-06-06 |
v0.1.3-0.20260604061857-f0d4cba326e2 | High risk | 95 | 2026-06-05 |
v0.1.3-0.20260528133401-71a061f9ab60 | Review | 95 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/stacklok/[email protected]