Yum Package Analysis

The Yum coordinate-based matching feature provides the ability to scan and evaluate Yum package dependencies found in a yum-packages.txt file.

What is supported

Files named yum-packages.txt (tab-separated list of Yum packages) will be analyzed.

What do we parse from the file?

The first two segments corresponding to the name and version of the dependency are evaluated. For example:

AntTweakBar.i386                         1.14-5.el5

Steps to analyze using the Sonatype IQ CLI

Create yum-packages.txt file

Run the Yum list command and pipe results to a txt file.

yum list installed > yum-packages.txt

Example yum-packages.txt file

AntTweakBar.i386                         1.14-5.el5            installed
AGReader.i686                                                    1.2-6.el6                              installed
389-admin.x86_64                         1.1.29-1.el5           installed

Run a scan

Invoke a Sonatype IQ CLI scan of a directory or subdirectories containing a yum-packages.txt file. Instructions on how to do this can be found here: Sonatype CLI