nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index.

To use nancy, assuming you have a built version of it:

./nancy /path/to/your/Gopkg.lock

nancy currently works for projects that use dep, but we have plans to support go mod projects, as well.

Nancy Drew was the first female detective used extensively in literature, and gave women across the world a new hero.

This project is called nancy as like the great detective herself, it looks for problems you might not be aware of, and gives you the information to help put them to an end!

TBD

nancy is written using Golang 1.11, so it is best you start there.

Tests can be run like go test ./... -v

We care a lot about making the world a safer place, and that's why we created nancy. If you as well want to speed up the pace of software development by working on this project, jump on in! Before you start work, create a new issue, or comment on an existing issue, to let others know you are!

The nancy logo was created using a combo of Gopherize.me and good ole Photoshop. Thanks to the creators of Gopherize for an easy way to make a fun Gopher :)

Original Gopher designed by Renee French.

It is worth noting that this is NOT SUPPORTED by Sonatype, and is a contribution of ours to the open source community (read: you!)

Remember:

• Use this contribution at the risk tolerance that you have
• Do NOT file Sonatype support tickets related to nancy support in regard to this project
• DO file issues here on GitHub, so that the community can pitch in

Phew, that was easier than I thought. Last but not least of all:

Have fun creating and using nancy and the Sonatype OSS Index, we are glad to have you here!

Looking to contribute to our code but need some help? There's a few ways to get information:

• Chat with us on Gitter