Go modules · proxy.golang.org

gitlab.com/gitlab-org/ci-cd/docker-machine

Tls Verification Disabled, Remote Payload, Credential file access

Why PkgRadar flagged v0.16.2-gitlab.48

Severity	Signal	Evidence
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/boot2docker.go
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/coreos.go
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/generic.go
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/google_cos.go
medium	Remote Payload	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/rancheros.go
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/redhat.go
medium	Tls Verification Disabled	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/systemd.go
medium	Remote Payload	gitlab.com/gitlab-org/ci-cd/[email protected]/libmachine/provision/utils.go
medium	Credential file access	gitlab.com/gitlab-org/ci-cd/[email protected]/drivers/digitalocean/digitalocean.go
medium	Credential file access	gitlab.com/gitlab-org/ci-cd/[email protected]/drivers/vmwarefusion/fusion_darwin.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.16.2-gitlab.48`	Review	114	2026-06-25
`v0.16.2-gitlab.50`	Review	114	2026-06-25
`v0.16.2-gitlab.49`	Review	114	2026-06-25

Block this in CI

PkgRadar gates gitlab.com/gitlab-org/ci-cd/docker-machine (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go gitlab.com/gitlab-org/ci-cd/[email protected]