Modes of Operation
The Lineaje GOS Artifactory Proxy ships with two operating modes, allowing teams to adopt it incrementally without disrupting existing delivery pipelines.
Enforce Mode
In Enforce mode, the proxy strictly blocks the download of any package that does not meet the GOS criteria or fails a custom policy check. The build receives an HTTP 4XX error response and the download is stopped. This is the recommended steady-state operating mode for production build pipelines where supply chain integrity is non-negotiable.
Build fails fast when a non-gold dependency is requested
Stops unsafe code before it can be compiled, tested, or deployed
Provides an immutable audit trail of every blocked attempt
Policy violation details are logged to the Lineaje platform and surfaced in build output
Observe Mode
In Observe mode, all artifact downloads are permitted regardless of GOS status or policy violations. However, every non-compliant download is recorded, classified, and reported on the Lineaje GOS dashboard. Observe mode is ideal for:
Initial onboarding and baselining — understand your current open source risk posture before enforcing
Teams that need visibility without yet committing to hard enforcement
Audit and compliance reporting without disrupting existing build pipelines
Gradually building the organizational muscle to move toward Enforce mode
Observe mode does NOT prevent unsafe packages from entering your build. It is a transitional tool. Lineaje recommends transitioning to Enforce mode within 90 days of initial deployment.
Last updated