PyPI · pypi.org
devsecops-engine-tools
Remote Payload: matched "curl "
Why PkgRadar flagged 1.154.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · devsecops_engine_tools-1.154.1/devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/driven_adapters/bearer/bearer_tool.py |
| medium | Remote Payload | matched "github.com/gitleaks/gitleaks/releases/download" · devsecops_engine_tools-1.154.1/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py |
| medium | Remote Payload | matched "curl " · devsecops_engine_tools-1.154.1/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py |
| medium | Credential file access | matched ".ssh/" · devsecops_engine_tools-1.154.1/devsecops_engine_tools/engine_utilities/ssh/managment_private_key.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.154.1 | High risk | 28 | 2026-06-03 |
1.154.0 | High risk | 28 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem pypi devsecops-engine-tools==1.154.1