Golang Vulnerability Audit Tool - Nancy



How do I use it?

nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index.

To use nancy , assuming you have a built version of it:

  • ./nancy /path/to/your/Gopkg.lock
  • ./nancy /path/to/your/go.sum

nancy currently works for projects that use dep or go mod for dependencies.

You can see an example of using nancy in Travis-CI at this intentionally vulnerable repo we made.

Where do I get this?

Who can I contact about it?
COMPANY: Sonatype

CONTACT: kduck@sonatype.com