Nancy, on a Boat! (Announcing Nancy for Docker)
Nancy, on a Boat! (Announcing Nancy for Docker)
Nancy is back, and this time, it's checking for your Golang vulnerabilities as a Docker image.
Join the DZone community and get the full member experience.
Join For Free
You may also enjoy: Integrating Docker Solutions Into Your CI/CD Pipeline
Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal.
Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.
I demonstrate how you can use docker-nancy in the video below:
Additional details can be found at GitHub. Thank you to The Lonely Island for your late-night inspiration about boats...
Further Reading
Don't Let Open Source Vulnerabilities Crawl Into Your Docker Images
Published at DZone with permission of DJ Schleen , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}