Min Versions + Go Collector

✓ Guardrail ↓ Collector Stable Security And Compliance

Enforce Min Versions using data collected by Go Collector. Automatically check security and compliance standards on every PR.

Guardrail: Ensures dependencies meet minimum safe version requirements. Validates that project dependencies are at or above specified versions to enforce security patches and compatibility standards.

Data Source: Analyze Go projects to collect module info, dependencies, test coverage, and golangci-lint results. Enforce Go-specific engineering standards.

Get Started View on GitHub

How Go Collector Powers This Guardrail

The Go Collector gathers metadata from your languages, build systems. This data flows into Lunar's Component JSON, where the Min Versions guardrail evaluates it against your standards.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.

↓ Go Collector Gathers Data Collector

Extracts metadata from code, configs, and tool outputs

{ } Component JSON

Data centralized in structured format for evaluation

✓ Min Versions Checks Guardrail

Pass/fail result with actionable feedback in PRs

Quick Start Configuration

Add both the collector and policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml

# Step 1: Enable the Go Collector
collectors:
  - uses: github://earthly/lunar-lib/collectors/golang@v1.0.0
    # with: ...

# Step 2: Enable the Dependency Guardrails
policies:
  - uses: github://earthly/lunar-lib/policies/dependencies@v1.0.0
    include: [min-versions]
    # with: ...

What Go Collector Collects

This collector gathers the following data that the Min Versions guardrail evaluates.

Collector ci-before-command

`cicd`

Records every Go command executed in CI pipelines along with the Go version. Writes command strings and version info to .lang.go.cicd for audit trails and build reproducibility analysis.

Collector ci-before-command

`test-scope`

Determines whether go test runs recursively (./...) or targets specific packages. Writes scope to .lang.go.tests.scope as "recursive" or "package" to verify comprehensive test execution in CI.

Collector ci-after-command

`test-coverage`

Extracts coverage percentage from go test -coverprofile output after tests complete. Parses the coverage profile file, runs go tool cover -func to calculate total percentage, and writes results to .lang.go.tests.coverage including the raw profile.

Collector code

`project`

Analyzes Go project structure by detecting go.mod, go.sum, vendor directory, and goreleaser configuration. Extracts the module path and Go version from go.mod using go list. Writes project metadata to .lang.go with build system info.

View all 6 collectors in Go Collector →

Example Data Flow

Here's an example of the data that Go Collector writes to the Component JSON, which Min Versions then evaluates.

{ } component.json From Go Collector

{
  "lang": {
    "go": {
      "module": "github.com/acme/myproject",
      "version": "1.21",
      "build_systems": ["go"],
      "native": {
        "go_mod": { "exists": true, "version": "1.21" },
        "go_sum": { "exists": true },
        "vendor": { "exists": false },
        "goreleaser": { "exists": true },
        "golangci_lint": {
          "passed": false,
          "config_exists": true,
          "exit_code": 1,
          "output": "main.go:42:5: unused variable 'x' (unused)"
        }
      },
      "source": { "tool": "go", "integration": "code" },
      "cicd": {
        "cmds": [{ "cmd": "go test ./...", "version": "1.21.5" }],
        "source": { "tool": "go", "integration": "ci" }
      },
      "tests": {
        "scope": "recursive",
        "coverage": {
          "percentage": 78.5,
          "profile_path": "coverage.out",
          "source": { "tool": "go cover", "integration": "ci" }
        }
      },
      "dependencies": {
        "direct": [
          { "path": "github.com/stretchr/testify", "version": "v1.8.4", "indirect": false }
        ],
        "transitive": [
          { "path": "github.com/davecgh/go-spew", "version": "v1.1.1", "indirect": true }
        ],
        "source": { "tool": "go mod", "integration": "code" }
      },
      "lint": {
        "warnings": [
          { "file": "main.go", "line": 42, "column": 5, "message": "unused variable 'x'", "linter": "unused" }
        ],
        "linters": ["golangci-lint"],
        "source": { "tool": "golangci-lint", "integration": "code" }
      }
    }
  }
}

Configuration Options

Go Collector Inputs

Input	Required	Default	Description
`lint_timeout`	Optional	`10m`	Timeout for golangci-lint (e.g., 5m, 10m)

Dependency Guardrails Inputs

Input	Required	Default	Description
`language`	Required	—	Programming language to check (e.g., "go", "java", "python", "nodejs")
`min_versions`	Optional	`{}`	JSON object mapping dependency paths to minimum safe versions (e.g., {"github.com/example/lib": "1.0.0"})
`include_indirect`	Optional	`false`	Whether to also check indirect (transitive) dependencies

Learn More

Guardrail · Dependency Guardrails Min Versions View all compatible integrations

→

Collector Go Collector View full documentation

→

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process

Infrastructure conventions

Post-mortem action items

Security & compliance policies

Testing & quality requirements

Book a Demo

See it work with your own use cases

See How It Works