/intentionally-vulnerable-golang-project

This is a project we created that has dependencies with vulnerabilities, for us to test out nancy

Primary LanguageShell

Intentionally vulnerable Golang project

Build Status CircleCI

This is just a minimal repo for testing Sonatype's nancy against an intentionally vulnerable list of dependencies, and as well showing a small example of how to use it in Travis-CI and CircleCI

Project is currently setup to use both dep and go mod so you should be able to use either one.

To see how nancy will output when finding vulnerabilities, check out this build on Travis-CI or this build on CircleCI