Go modules · proxy.golang.org

github.com/victoriaMetrics/VictoriaMetrics

Remote Payload, Tls Verification Disabled, Credential file access +1 more

Why PkgRadar flagged v1.103.0-cluster

Severity	Signal	Evidence
medium	Remote Payload	github.com/victoriametrics/[email protected]/app/vmalert/rule/utils.go
medium	Remote Payload	github.com/victoriametrics/[email protected]/app/vmalert/web.qtpl.go
medium	Remote Payload	github.com/victoriametrics/[email protected]/app/vmctl/vm_native.go
medium	Tls Verification Disabled	github.com/victoriametrics/[email protected]/lib/backup/s3remote/s3.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.103.0-cluster`	Review	41	2026-06-23
`v1.79.11-cluster`	Review	17	2026-06-23
`v1.39.0-cluster`	Review	5	2026-06-23
`v1.37.0-cluster`	Review	5	2026-06-23
`v1.139.0`	Review	29	2026-06-23
`v1.41.0-cluster`	Review	5	2026-06-23
`v1.93.8`	Review	41	2026-06-23
`v1.54.1`	Review	17	2026-06-23
`v1.64.0-cluster`	Review	17	2026-06-23
`v0.12.1-victorialogs`	Review	41	2026-06-23
`v1.18.7`	Low risk	0	2026-06-23
`v1.85.3`	Review	41	2026-06-23
`v1.28.2-cluster`	Low risk	0	2026-06-23
`v1.38.1-cluster`	Review	5	2026-06-23
`v1.110.10`	Review	41	2026-06-23
`v1.122.3`	Review	41	2026-06-23
`v1.145.1-0.20260619121831-9356c2111a0e`	Review	29	2026-06-23
`v1.119.0`	Review	41	2026-06-23
`v1.145.0`	Review	29	2026-06-23

Block this in CI

PkgRadar gates github.com/victoriaMetrics/VictoriaMetrics (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/victoriaMetrics/[email protected]