Go Modules
Stout implements the full GOPROXY protocol.
Point your Go toolchain at your Stout instance and go get works out of the box.
Configure Your Client
Set the GOPROXY environment variable to your Stout instance:
# Local development
export GOPROXY=http://localhost:7888/go,https://proxy.golang.org,direct
# Production
export GOPROXY=https://registry.stout.io/go,https://proxy.golang.org,direct
The trailing ,https://proxy.golang.org,direct provides fallback to the public proxy
for modules that aren't in your registry.
Install a Module
Once GOPROXY is set, use Go as normal:
go get github.com/myorg/mymodule@v1.2.0
Stout will clone the source, build the module, scan for vulnerabilities, sign with Sigstore,
and serve the zip and go.mod back to your client.
Publish a Module
Stout builds from source — there are no pre-built uploads. Submit a module for building via the API:
curl -X POST https://registry.stout.io/api/v1/builds \
-H "Authorization: Bearer $STOUT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"format": "go",
"repo": "https://github.com/myorg/mymodule",
"version": "v1.2.0"
}'Authentication
For private modules, configure Go with GONOSUMCHECK and netrc:
# Skip checksum verification for private modules
export GONOSUMCHECK=github.com/myorg/*
# ~/.netrc
machine registry.stout.io
login token
password your-stout-api-tokenEndpoints
| Method | Path | Description |
|---|---|---|
GET | /go/{module}/@v/list | List available versions |
GET | /go/{module}/@v/{version}.info | Version metadata (JSON) |
GET | /go/{module}/@v/{version}.mod | go.mod file |
GET | /go/{module}/@v/{version}.zip | Module source zip |