Go modules · proxy.golang.org
github.com/yangkenneth/cosign/v3
Remote Payload: matched "curl "
Why PkgRadar flagged v3.0.0-20260607222312-8f7f96ccc1a9
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/yangkenneth/cosign/[email protected]/cmd/cosign/cli/signcommon/common.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v3.0.0-20260607222312-8f7f96ccc1a9 | Review | 12 | 2026-06-08 |
v3.0.0-20251218164947-627da1a0ccd1 | Review | 12 | 2026-06-08 |
v3.0.0-20260607214713-3604a89f1efc | Review | 12 | 2026-06-08 |
Block this in CI
pkgradar gate --ecosystem go github.com/yangkenneth/cosign/[email protected]