R (CRAN) Application Analysis
The CRAN coordinate-based matching feature provides the ability to scan and evaluate R language dependencies found in a cran-installed.packages file.
What is supported
Files named cran-installed.packages (exported via installed.packages() command in CRAN console) will be analyzed
Here is an example of how to export the installed CRAN package name and version into a file using CRAN console.
sink("/path/to/cran-installed.packages")
installed.packages()[,c(1,3:4)]What do we parse from the file?
The segments corresponding to the package name and version of the dependency are evaluated. For example:
Package Version crosstalk "crosstalk" "1.0.0"
Steps to analyze using the Sonatype IQ CLI
Invoke a Sonatype IQ CLI scan of a directory or subdirectories containing a cran-installed.packages file. Instructions on how to do this can be found here: Sonatype IQ CLI.
Example cran-installed.packages file (file is edited for clarity)
Package Version crosstalk "crosstalk" "1.0.0" readxl "readxl" "1.0.9" widgetframe "widgetframe" "0.9.0"