Conda Application Analysis

NEW IN RELEASE 88

The Conda coordinate based matching feature provides the ability to scan and evaluate  dependencies for any language (Python, Java, JavaScript, C++) found in the conda.txt file.

What is supported

Files named conda.txt  will be analyzed. Only requirements using the "=" operator and version without wildcards will be considered. 

Integrations with Conda scanning support

  • CLI from version 88
  • Jenkins from version 3.9.20200623-110149.2e546a0
  • Bamboo from version 1.16.0

Steps to analyze using the CLI

Create requirements

Run conda list command with the flag -e (export).

conda list -e > conda.txt

The conda.txt encoding is UTF-8.  Special note for Microsoft Windows users, the cmd.exe encoding may need to be changed to UTF-8.  Please refer to Microsoft documentation on how to do this.

Example conda.txt file 

# platform: linux-64
asn1crypto=0.24.0=py37_0
ca-certificates=2019.1.23=0
certifi=2019.3.9=py37_0
cryptography=2.4.2=py37h1ba5d50_0
libedit=3.1.20181209=hc058e9b_0
openssl=1.1.1b=h7b6447c_1

Run a scan

Invoke a CLI scan of a directory or subdirectories containing a conda.txt file.  Instructions on how to do this can be found here: Nexus IQ CLI.

Output from cli

Dashboard results

Report results