How do I use it?
nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index.
To use nancy , assuming you have a built version of it:
./nancy /path/to/your/Gopkg.lock./nancy /path/to/your/go.sum
nancy currently works for projects that use dep or go mod for dependencies.
You can see an example of using nancy in Travis-CI at this intentionally vulnerable repo we made.
Where do I get this?
Who can I contact about it?
COMPANY: Sonatype
CONTACT: kduck@sonatype.com