Python Application Analysis
The Python coordinate based matching feature provides the ability to scan and evaluate Python dependencies found in a requirements.txt file.
What is supported
Files named requirements.txt will be analyzed. Only requirements using the "==" operator and version without wildcards will be considered. One requirement can be matched to multiple python packages.
Steps to analyze using the CLI
Run pip freeze
pip freeze > requirements.txt
Example file content
Add environment markers (optional)
Adding environment markers can simplify the results by filtering out components that are not relevant to your deployment platform. Only the
sys_platform environment marker is supported at the moment.
Add the environment marker next to the component(s) in the requirements.txt.
|Django==1.6; sys_platform == 'win32'|
Run a scan
Invoke a CLI scan of the directory containing requirements.txt. Instructions on how to do this can be found here https://help.sonatype.com/integrations/nexus-iq-cli.