Please add anaconda / conda-forge support

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.71k stars 318 forks source link

Please add anaconda / conda-forge support #731

Open greyskyy opened 1 year ago

greyskyy commented 1 year ago

For many science applications, python environments are added via conda, rather than directly from the pypi registry. Support for the defaults and conda-forge channels would greatly increase the applicability of the integrated software supply chain management to these applications.

Even the ability to translate a conda environment.yml file into a requirements.txt for python library translation would be an appreciated step forward.

jhutchings1 commented 1 year ago

The dependency submission API allows you to scan your Conda dependencies. For the ones that came from pypi, we can send alerts, although we don't curate advisories for dependencies that are published directly to Conda. Here's a GitHub Action you can use to get some functionality: https://github.com/jhutchings1/conda-dependency-submission-action