Open Tagar opened 6 years ago
This is a feature that we're looking to add to Anaconda Enterprise soon. We have some prototype stuff that matches CVE's with out packages, allowing us to examine not just python packages.
Note: we definitely do not patch old releases, so any vulnerabilities in Anaconda 4.4 will still be there. The component packages can be updated, but we do not patch and reissue old versions.
Thanks a lot for quick response @msarahan That's great that you'll be checking not only Python vulnerabilities and comparing against CVE vulnerabilities.
safety
output for Anaconda 4.4:Does Anaconda track all Python package vulnerabilities that are part of Anaconda distro?
Is it part of Anaconda Enterprise perhaps?
Thanks.