Nancy

This scanner component runs the sonatype's open source SCA for Go, Nancy. You can find more about nancy in its repository

How to use with Smithy

Open-Source

Add the component to the workflow

# file: ./my-workflow/workflow.yaml
description: Nancy based workflow
name: nancy
components:
- component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.2
- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.1
- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.1
- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.1

Configure the run parameters of the component in the overrides file

# file: ./my-workflow/overrides.yaml
git-clone:
- name: "repo_url"
  type: "string"
  value: "https://github.com/0c34/govwa.git"
- name: "reference"
  type: "string"
  value: "master"

SaaS

In the Smithy UI, open the page to create a new workflow.
Add a git-clone target and configure it to point to a repository with the source code for a golang application.
Find Nancy in the Scanners dropdown. Click to add it to the workflow.
Run the workflow as normal.

Options

This component does not accept options.

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options