What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

Nancy, on a Boat! (Announcing Nancy for Docker)

October 17, 2019 By DJ Schleen

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal. 

docker-nancyNancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.

To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.

I demonstrate how you can use docker-nancy in the video below: 

Additional details can be found at GitHub. Thank you to The Lonely Island for your late night inspiration about boats...

 

Tags: Docker, Product, Post developers/devops, Nancy

Written by DJ Schleen

DevSecOps Advocate