Go recently gained proper dependency management with the addition of innovative module support in the toolchain. This is a great step forward in the Go ecosystem, but it comes with some challenges for enterprise software development. As of Go 1.13, every go get defaults to fetching packages from a Google managed open source module proxy. This is great for open source development.

But you’re an enterprise

And your developers:

• Require high quality repeatable builds
• Have guidelines about which software packages are allowed (such as MIT OK, GPL not)
• Have private modules that aren’t available at the public mirror

And your business & engineering leads:

• Prefer that module mirrors and upstream repositories can’t gain insights about your software and development process from looking at their logs
• Prefer business relationships with contractually guaranteed trust

The Golang Labs Module Proxy solves these problems

We offer a commercial service that:

• Provides a module proxy that is private and tunable for your organization
• Keeps your private module information from leaking outside your organization
• Enables your builds to always have access to the exact version of the upstream module that you built against, even if the upstream source repository is modified or goes away
• Provides the ability to limit public modules by repository source, license type, and more
• Provides metrics and analytics to track module usage

See Features for more info.