R (CRAN) Application Analysis

NEW IN RELEASE 89

The CRAN coordinate based matching feature provides the ability to scan and evaluate R language dependencies found in a cran-installed.packages file.

What is supported

Files named cran-installed.packages (exported via installed.packages() command in CRAN console) will be analyzed

Here is an example of how to export the installed CRAN package names and version in to a file using CRAN console.

sink("/path/to/cran-installed.packages") 
installed.packages()[,c(1,3:4)]

What do we parse from the file?

The segments corresponding to package name and version of the dependency are evaluated. For example:

		     Package  	   Version
crosstalk	"crosstalk"    "1.0.0"

Steps to analyze using the Nexus IQ CLI

Invoke a Nexus IQ CLI scan of a directory or subdirectories containing a cran-installed.packages file. Instructions on how to do this can be found here: Nexus IQ CLI.

Example cran-installed.packages file (file is edited for clarity)

			Package  		Version
crosstalk	"crosstalk"  	"1.0.0"
readxl		"readxl"  		"1.0.9"
widgetframe	"widgetframe"	"0.9.0"

Output from Nexus IQ CLI

Nexus Lifecycle Dashboard Results

Nexus Lifecycle Report Results

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the cran-installed.packages file. A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/cran-installed.packages']], iqStage: 'build'

To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.

Steps to analyze using the Bamboo plugin

Bamboo Scan Targets control what files are examined. To evaluate R (CRAN), add cran-installed.packages to the scan targets via "**/cran-installed.packages". To find more information on how to configure Bamboo please go to the Nexus IQ for Bamboo.

Stay up to date on all things Springshell with our continuously updated guide, Find and Fix Springshell.