Awesome
Intentionally vulnerable Golang project
This is just a minimal repo for testing Sonatype's nancy
against an intentionally vulnerable list of
dependencies, and as well showing a small example of how to use it in Travis-CI and CircleCI
Project is currently setup to use both dep
and go mod
so you should be able to use either one.
To see how nancy
will output when finding vulnerabilities, check out this build on Travis-CI or this build on CircleCI