A
100/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
100/100
LOW 1
Findings (1)
LOW
go install from remote
L23 Detects go install fetching and compiling arbitrary Go packages
go install golang.org/x/tools/gopls@ FIX
Pin Go install targets to a specific version (e.g., go install example.com/tool@v1.2.3). Avoid @latest as it fetches whatever is currently published.
FP?
Likely FP if the go install target is a well-known tool (e.g., golang.org/x/ packages) pinned to a specific version in documentation.