Go modules · proxy.golang.org
github.tiyicn.workers.dev/anchore/syft
Remote Payload: matched "raw.githubusercontent.com"
Why PkgRadar flagged v1.45.2-0.20260609172243-b08d3c297000
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.tiyicn.workers.dev/anchore/[email protected]/internal/spdxlicense/license_list.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.tiyicn.workers.dev/anchore/[email protected]/syft/format/syftjson/to_format_model.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.45.2-0.20260609172243-b08d3c297000 | Review | 24 | 2026-06-11 |
v1.45.1 | Review | 24 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem go github.tiyicn.workers.dev/anchore/[email protected]