Nancy

Nancy is an open-source vulnerability scanning tool designed specifically for Golang projects that analyzes Go dependencies by scanning Gopkg.lock files or go.sum files and cross-referencing them against Sonatype OSS Index to identify known security vulnerabilities in both direct and transitive dependencies. The tool integrates seamlessly into CI/CD pipelines through simple command-line usage with support for vulnerability exclusions, caching to avoid rate limiting, and exit codes that fail builds when vulnerabilities are detected, enabling Go developers to proactively identify and remediate security risks throughout the development lifecycle.