advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Please add anaconda / conda-forge support

Open greyskyy opened this issue 3 years ago • 1 comments

For many science applications, python environments are added via conda, rather than directly from the pypi registry. Support for the defaults and conda-forge channels would greatly increase the applicability of the integrated software supply chain management to these applications.

Even the ability to translate a conda environment.yml file into a requirements.txt for python library translation would be an appreciated step forward.

greyskyy avatar Oct 05 '22 16:10 greyskyy

The dependency submission API allows you to scan your Conda dependencies. For the ones that came from pypi, we can send alerts, although we don't curate advisories for dependencies that are published directly to Conda. Here's a GitHub Action you can use to get some functionality: https://github.com/jhutchings1/conda-dependency-submission-action

jhutchings1 avatar Feb 15 '23 21:02 jhutchings1