Make nancy do it all automagically

[zendern]

• What are you trying to do?

Today you have to pass in either via standard in output from go list -m all or go list -m -json all or pass in the file that you would like nancy to use. go.sum(soon to be gone) or Gopkg.lock.

so, it would be great if nancy can do it automatically, I mean we don't need to run it like go list -m all | nancy

Originally posted by @SVilgelm in #69 (comment)

• What feature or behavior is this required for?

Make nancy a little more user friendly by just simply doing the right thing without configuration.

• How could we solve this issue? (Not knowing is okay!)

Dep path

1. Detect which dependency method you are using.
2. If dep, nancy will automatically find Gopkg.lock
3. Scan the project using the Gopkg.lock found

gomod path

1. Detect which dependency method you are using.
2. If gomod we will need to now see that go is installed
3. Execute go list -m all -json or maybe find a way to call it via code??
4. Pass the results into nancy

All other options should still work as expected. This really just removes the need for the user to pass in input from standard in (go mod) or via a file path (dep)

Other things to think about??
What about projects with many Gopck.lock (maybe monorepo)?? Do we just abort??

• Anything else?

No

cc @bhamail / @DarthHater