Nancy, on a Boat! (Announcing Nancy for Docker)
Nancy is back, and this time, it's checking for your Golang vulnerabilities as a Docker image.
Join the DZone community and get the full member experience.
Join For Free
You may also enjoy: Integrating Docker Solutions Into Your CI/CD Pipeline
Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal.
Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.
I demonstrate how you can use docker-nancy in the video below:
Additional details can be found at GitHub. Thank you to The Lonely Island for your late-night inspiration about boats...
Further Reading
Don't Let Open Source Vulnerabilities Crawl Into Your Docker Images
Published at DZone with permission of DJ Schleen, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments