Nancy, on a Boat! (Announcing Nancy for Docker)

DZone 's Guide to

Nancy, on a Boat! (Announcing Nancy for Docker)

Nancy is back, and this time, it's checking for your Golang vulnerabilities as a Docker image.

· Cloud Zone ·
Free Resource

Nancy has arrived.
You may also enjoy:  Integrating Docker Solutions Into Your CI/CD Pipeline

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal.

Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.

To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.

I demonstrate how you can use docker-nancy in the video below:

Additional details can be found at GitHub. Thank you to The Lonely Island for your late-night inspiration about boats...

Further Reading

Don't Let Open Source Vulnerabilities Crawl Into Your Docker Images

Check Docker Images for Vulnerabilities With Anchore Engine

cloud, docker, docker security, golang, golang vulnerabilities, nancy, vulnerabilities

Published at DZone with permission of DJ Schleen , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}