Open greyskyy opened 1 year ago
The dependency submission API allows you to scan your Conda dependencies. For the ones that came from pypi, we can send alerts, although we don't curate advisories for dependencies that are published directly to Conda. Here's a GitHub Action you can use to get some functionality: https://github.com/jhutchings1/conda-dependency-submission-action
For many science applications, python environments are added via
conda
, rather than directly from the pypi registry. Support for thedefaults
andconda-forge
channels would greatly increase the applicability of the integrated software supply chain management to these applications.Even the ability to translate a conda
environment.yml
file into arequirements.txt
for python library translation would be an appreciated step forward.