Hamburger Cross Icon
Go Project Guardrails - Vendoring

Vendoring

Guardrail Go Project Guardrails Stable Devex Build And Ci
golang.vendoring

Enforces vendoring policy - can require vendor directory exists or forbid it, depending on team standards.

vendor go mod vendor dependencies
Get Started View All Go Project Guardrails

Compatible Integrations

This guardrail works with the following integrations. Click to see how to use Vendoring with each collector.

+
Vendoring + Go Collector Provides Go project metadata

Enable This Guardrail

Add the parent policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml 
policies:
  - uses: github://earthly/lunar-lib/policies/golang@v1.0.0
    include: [vendoring]
    # with: ...

How This Guardrail Works

This guardrail is part of the Go Project Guardrails policy. It evaluates data collected by integrations and produces a pass/fail check with actionable feedback.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement of your engineering standards.

Learn How Lunar Works
1
Integrations Gather Data
Collectors extract metadata from code, CI pipelines, tool outputs, and scans
2
{ } Centralized as JSON
All data merged into each component's unified metadata document
3
This Guardrail Checks Current
Vendoring runs and provides pass/fail feedback

Configuration Options

These inputs can be configured in your lunar-config.yml to customize how the parent policy (and this guardrail) behaves.

Input Required Default Description
min_go_version Optional 1.21 Minimum required Go version (e.g., "1.21", "1.22")
min_go_version_cicd Optional 1.21 Minimum required Go version for CI/CD commands (e.g., "1.21", "1.22")
vendoring_mode Optional none Vendoring enforcement mode: - "required": Fail if vendor/ directory doesn't exist - "forbidden": Fail if vendor/ directory exists - "none": Skip vendoring check (default)

Related Guardrails

Other guardrails in the Go Project Guardrails policy.

Guardrail Devex Build And Ci
Go Mod Exists

Ensures the project has a go.mod file for module management. Required for all Go projects using modules.
Guardrail Devex Build And Ci
Go Sum Exists

Ensures the project has a go.sum file for dependency verification. Required for reproducible builds.
Guardrail Devex Build And Ci
Min Go Version

Ensures the project uses at least the minimum required Go version. Helps maintain security and compatibility standards.
Guardrail Devex Build And Ci
Min Go Version Cicd

Ensures the Go version used in CI/CD commands meets the minimum required version. Helps maintain security and...
Guardrail Devex Build And Ci
Tests Recursive

Ensures tests run recursively (./...) to cover all packages. Prevents accidentally missing tests in subpackages.
Go Project Guardrails

Go Project Guardrails

This guardrail is part of the Go Project Guardrails policy, which includes 6 guardrails for devex build and ci.

View Policy

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check Infrastructure conventions
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Book a Demo
See it work with your own use cases
See How It Works