Conda Application Analysis

NEW IN RELEASE 88

The Conda coordinate-based matching feature provides the ability to scan and evaluate dependencies for any language (Python, Java, JavaScript, C++) found in the conda.txt file.

What is supported

Files named conda.txt  will be analyzed. Only exact requirements i.e. without wildcards will be considered.

Steps to analyze using the Nexus IQ CLI

Create requirements

NEW IN RELEASE 130

Run the conda list command with the flags --explicit and -e (export).

conda list --explicit -e > conda.txt

Example conda.txt file

# This file may be used to create an environment using:
# $ conda create --name <env> --file <this file>
# platform: linux-64
@EXPLICIT
https://repo.anaconda.com/pkgs/main/linux-64/asn1crypto-0.24.0-py37_0.conda
https://repo.anaconda.com/pkgs/main/linux-64/ca-certificates-2019.1.23-0.conda
https://repo.anaconda.com/pkgs/main/linux-64/certifi-2019.3.9-py37_0.conda
https://repo.anaconda.com/pkgs/main/linux-64/cryptography-2.4.2-py37h1ba5d50_0.conda
https://repo.anaconda.com/pkgs/main/linux-64/libedit-3.1.20181209-hc058e9b_0.conda
https://repo.anaconda.com/pkgs/main/linux-64/openssl-1.1.1b-h7b6447c_1.conda

Starting from release 130, the following command is deprecated. Please upgrade to release 130 and use the above command which includes the --explicit flag to include more details for more accurate results.

The conda.txt encoding is UTF-8.  Special note for Microsoft Windows users, the cmd.exe encoding may need to be changed to UTF-8.  Please refer to Microsoft documentation on how to do this.

Run the conda list command with the flag -e (export).

conda list -e > conda.txt

Example conda .txt file

# platform: linux-64
asn1crypto=0.24.0=py37_0
ca-certificates=2019.1.23=0
certifi=2019.3.9=py37_0
cryptography=2.4.2=py37h1ba5d50_0
libedit=3.1.20181209=hc058e9b_0
openssl=1.1.1b=h7b6447c_1

Scan using Nexus IQ CLI

Invoke a Nexus IQ CLI scan of a directory or subdirectories containing a conda.txt file.  Instructions on how to do this can be found here: Nexus IQ CLI.

Example output from Nexus IQ CLI

Example Nexus Lifecycle Dashboard Results

Example Nexus Lifecycle Report Results

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the conda.txt file. A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/conda.txt']], iqStage: 'build'

To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.

Steps to analyze using the Bamboo plugin

Bamboo Scan Targets control what files are examined.  To evaluate Conda, add conda.txt to the scan targets via "**/conda.txt".  To find more information on how to configure Bamboo please go to the Nexus IQ for Bamboo.