PkgRadar

Go modules · proxy.golang.org

github.com/wireapp/smallstep-certificates

Shell Credential File Read, Tls Verification Disabled, Credential file access

Why PkgRadar flagged v0.0.42-test.92

SeveritySignalEvidence
highShell Credential File Readgithub.com/wireapp/[email protected]/authority/provisioner/keystore.go
mediumTls Verification Disabledgithub.com/wireapp/[email protected]/acme/challenge.go
mediumTls Verification Disabledgithub.com/wireapp/[email protected]/acme/client.go
mediumTls Verification Disabledgithub.com/wireapp/[email protected]/authority/linkedca.go
mediumTls Verification Disabledgithub.com/wireapp/[email protected]/ca/client.go
mediumTls Verification Disabledgithub.com/wireapp/[email protected]/commands/app.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.42-test.92High risk1102026-06-24
v0.0.42-test.99High risk1102026-06-24
v0.0.42-test.93High risk1102026-06-24
v0.0.42-test.94High risk1102026-06-24
v0.0.42-test.95High risk1102026-06-24
v0.0.42-test.96High risk1102026-06-24
v0.0.42-test.97High risk1102026-06-24
v0.0.42-test.100High risk1102026-06-24
v0.0.42-test.91High risk1102026-06-24
v0.0.42-test.101High risk1102026-06-24
v0.0.42-test.106High risk1102026-06-24
v0.0.42-test.107High risk1102026-06-24
v0.0.42-test.108High risk1102026-06-24
v0.0.42-test.109High risk1102026-06-24
v0.18.3-rc4High risk1032026-06-24
v0.19.0High risk1032026-06-24
v0.20.0High risk1032026-06-24
v0.21.0High risk1032026-06-24
v0.22.0High risk982026-06-24
v0.22.2-rc18High risk982026-06-24
v0.22.1High risk982026-06-24
v0.23.0-rc.2High risk1102026-06-24
v0.22.2-rc17High risk982026-06-24
v0.23.0-rc.1High risk982026-06-24
v0.23.0-rc.3High risk1102026-06-24
v0.9.2-rc.1High risk572026-06-24
v0.9.1High risk572026-06-24
v0.0.42-test.98High risk1102026-06-24
v0.9.1-rc.1High risk572026-06-24
v0.9.0-rc.1High risk572026-06-24
v0.9.0High risk572026-06-24
v0.8.5-rc.3Review122026-06-24

Block this in CI

PkgRadar gates github.com/wireapp/smallstep-certificates (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/wireapp/[email protected]
Start free — 25 scans / moView full evidence