Flag environments with packages listed as CVE

[pierrotsmnrd]

The goal is to offer features based on the CVE detection. Before coding anything, we'll need to explore and scope.

1. Identify a reliable source of CVE with an API we can use

2. Define the features we want to add to Conda Store.

Examples (not a requirement list) :

• Forbid docker downloads of envs with packages marked as CVE
• Forbid creation of new envs with CVE-flagged packages
• Suggest package updates
• Give a visual feedback to the user

[pierrotsmnrd]

Following up a discussion on slack : National Vulnerability Database https://nvd.nist.gov/ They have an API.