PkgRadar

Go modules · proxy.golang.org

github.com/tripleaze/chainguard/chaincheck

Remote Payload

Why PkgRadar flagged v1.0.9

SeveritySignalEvidence
mediumRemote Payloadgithub.com/tripleaze/chainguard/[email protected]/cmd/inspect.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.9Review122026-06-23
v1.1.2-0.20260622004536-fc81eb3591bfReview122026-06-23
v1.1.0Review122026-06-23
v1.1.1Review122026-06-23
v0.0.0-20260621195020-70a8aa37575dLow risk02026-06-22
v0.0.0-20260621193325-e2272c17a2acLow risk02026-06-22
v0.0.0-20260621190551-60e277231921Low risk02026-06-22
v0.0.0-20260621185148-c44e715c1ccdLow risk02026-06-22

Block this in CI

PkgRadar gates github.com/tripleaze/chainguard/chaincheck (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/tripleaze/chainguard/[email protected]
Start free — 25 scans / moView full evidence