User Guide

Requirements

• Python 3.8

Installing

pip install conda_vulnerability_scanner

Fetching the CVE database

python3 -m conda_vulnerability_scanner.scanner fetch --db-directory DB_DIRECTORY

Running the scan

conda list --json > PACKAGE_LIST_FILE
python3 -m conda_vulnerability_scanner.scanner fetch scan --db-directory DB_DIRECTORY --json-report-file JSON_REPORT_FILE --package-list-file PACKAGE_LIST_FILE [--cve-ignore-list-file CVE_IGNORE_LIST_FILE]
                    [--severity-filter {NONE,LOW,MEDIUM,HIGH,CRITICAL}]

The CVE_IGNORE_LIST_FILE contains one CVE number per line. Everything which starts with a # symbol is interpreted as a comment.