Skip to main content

R (CRAN) Application Analysis

The CRAN coordinate-based matching feature provides the ability to scan and evaluate R language dependencies found in a cran-installed.packages file.

What is supported

Files named cran-installed.packages (exported via installed.packages() command in CRAN console) will be analyzed

Here is an example of how to export the installed CRAN package name and version into a file using CRAN console.

sink("/path/to/cran-installed.packages") 
installed.packages()[,c(1,3:4)]

What do we parse from the file?

The segments corresponding to the package name and version of the dependency are evaluated. For example:

                     Package       Version
crosstalk       "crosstalk"    "1.0.0"

Steps to analyze using the Sonatype IQ CLI

Invoke a Sonatype IQ CLI scan of a directory or subdirectories containing a cran-installed.packages file. Instructions on how to do this can be found here: ???

Examplecran-installed.packages file (file is edited for clarity)

                        Package                 Version
crosstalk       "crosstalk"   "1.0.0"
readxl          "readxl"              "1.0.9"
widgetframe     "widgetframe" "0.9.0"