Yes(technically) our deploys are controlled via gitlab. 

Our internal packaging teams biggest worry is that we don't want someone to 
download something to their development laptop, compile the code into a 
standalone binary, then deploy that out to our container platforms.

In our production environment this isn't even an issue because we can can't 
even reach out to the internet in builds/deploys because its limited to 
only internal locations. Their concern is that in development people could 
`go get` packages that are not approved, then deploy those. While that is 
super cool and awesome in open source worlds, unfortunately I work for a 
bank that really likes to restrict and limit things so that they are as 
secure as can be.

On Wednesday, February 21, 2018 at 4:18:54 PM UTC-6, 
> Are the builds and deployment controlled? The command “go list” can be 
> used to simplify parsing the imports in each package, so a script could 
> check that every import is either an allowed standard library package or 
> one matching your internal URL.
> Matt
> On Wednesday, February 21, 2018 at 11:37:35 AM UTC-6, Brendan O'Dwyer 
> wrote:
>> My company wants to start using go more, and traditionally when we use 
>> java and python, when we package them for the developer laptops we override 
>> settings and configs for the installs to point to our internal Artifactory 
>> so that we don't have developers using packages that haven't been ok'd for 
>> use. I was wondering if there was anyway to do this or configure go to 
>> limit what its allowed to import from the open internet with the `go get` 
>> command?

You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to