Nancy, on a Boat! (Announcing Nancy for Docker)

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal. 

docker-nancyNancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.

To see how Nancy will output when finding vulnerabilities, use our intentionally vulnerable repo. Check out this build on Travis-CI or this build on CircleCI.

I demonstrate how you can use docker-nancy in the video below: 

Additional details can be found at GitHub. Thank you to The Lonely Island for your late night inspiration about boats

 


*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by DJ Schleen. Read the original post at: https://blog.sonatype.com/nancy-on-a-boat-announcing-nancy-for-docker

DJ Schleen

DJ is a seasoned DevSecOps advocate at Sonatype and provides thought leadership to organizations looking to integrate security into their DevOps practices. He comes from a practitioner background and specializes in architecting DevSecOps pipelines, automating security in DevOps environments, and breaking down organizational silos that inhibit the delivery of safer software. DJ has worked to streamline development pipelines and practices for many Fortune 100 organizations by focusing on culture and technique. He uses this expertise to surface the right technology to serve business goals and support outcomes. He is an international speaker, blogger, instructor and author in the DevSecOps community where he encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey.

dj-schleen has 10 posts and counting.See all posts by dj-schleen