{{announcement.body}}
{{announcement.title}}

Nancy, on a Boat! (Announcing Nancy for Docker)

DZone 's Guide to

Nancy, on a Boat! (Announcing Nancy for Docker)

Nancy is back, and this time, it's checking for your Golang vulnerabilities as a Docker image.

· Cloud Zone ·
Free Resource


Nancy has arrived.
You may also enjoy:  Integrating Docker Solutions Into Your CI/CD Pipeline

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal.

Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.

To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.

I demonstrate how you can use docker-nancy in the video below:


Additional details can be found at GitHub. Thank you to The Lonely Island for your late-night inspiration about boats...

Further Reading

Don't Let Open Source Vulnerabilities Crawl Into Your Docker Images

Check Docker Images for Vulnerabilities With Anchore Engine

Topics:
nancy ,docker ,docker security ,vulnerabilities ,cloud ,golang ,golang vulnerabilities

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}