Audit conda environments
pip install -i https://pypi.anaconda.org/anaconda-cloud/simple anaconda-audit
pip install -i https://pypi.anaconda.org/anaconda-cloud/label/dev/simple anaconda-audit
conda install anaconda-cloud::anaconda-audit
conda install anaconda-cloud/label/dev::anaconda-audit
Audit conda environments for known vulnerabilities.
You will need to have logged into your Anaconda.cloud account using either Anaconda Navigator or by running
anaconda login
in your terminal.
The primary command-line invocation is anaconda audit scan
, which can scan environments by name or prefix path.
Usage: anaconda audit scan [OPTIONS]
Scan environment for vulnerabilities
╭─ Options ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ --prefix -p TEXT Path to conda environment (default is currently active environment) [default: None] │
│ --name -n TEXT Name of conda environment (default is currently active environment) [default: None] │
│ --summary --no-summary Include summary table. Disabled with --json [default: summary] │
│ --json --no-json Detailed output in JSON format [default: no-json] │
│ --affected-only --no-affected-only Do not display packages without CVE matches [default: no-affected-only] │
│ --include-cleared --no-include-cleared Include cleared CVE matches [default: include-cleared] │
│ --include-mitigated --no-include-mitigated Include mitigated CVE matches [default: include-mitigated] │
│ --include-disputed --no-include-disputed Include disputed CVE matches [default: include-disputed] │
│ --set-exit-code --no-set-exit-code Set exit code to 1 if any active or reported CVEs found. [default: set-exit-code] │
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
You can use anaconda-audit with a Package Security Manager instance instead of Anaconda.cloud. To do so you will need to
have conda-repo-cli
installed.
conda install conda-repo-cli
secondly, have configured conda-repo-cli for your site url, and finally logged into your account.
conda repo config
You will need appropriate privileges to access CVE information.
conda repo login
Finally, you can set the ANACONDA_AUDIT_API_SITE
environment variable to the site name from the conda-repo-cli
configuration.
ANACONDA_AUDIT_API_SITE='site-name' anaconda audit scan
Ensure you have conda
installed.
Then run:
make setup
make test
make tox