Skip to main content
Enabling environment management allows organization administrators to monitor the installed in your local , view any common vulnerabilities and exposures () associated with them, and, if necessary, enforce security standards by temporarily blocking your environment from use while offering guidance on remediating the issue. You can use these tools to ensure your local environments are in compliance with organizational security requirements and avoid machine quarantines or losing access to an environment due to administrator intervention.

Enabling environment management

In order to utilize the Environments feature, you must first complete the required setup steps.

Installing required plugins

Environment logging and scanning requires a few plugins in your (base) environment that expand the functionality of conda. These are provided by the anaconda-env-manager metapackage.
If your organization has environment management enabled, running anaconda login automatically prompts you to install anaconda-env-manager after authentication. After installation, your environments are automatically registered with your organization as they are created. To verify the required plugins are installed, run: 
conda list --name base anaconda-env-manager
If the output displays package information for anaconda-env-manager, you’re all set and can start logging your environments. If not, install it manually: 
conda install --name base --channel anaconda-cloud anaconda-env-manager

Registering your organization

If you installed anaconda-env-manager via anaconda login, your organization was registered automatically. If you installed manually or need to register with a different organization, follow these steps:
  1. Open Anaconda Prompt (Terminal on macOS/Linux).
  2. Authenticate to Anaconda by running the following command: 
    anaconda login
    Complete the login process in the browser window that opens.
  3. After successfully logging in, return to the command line and register your environments with your organization: 
    anaconda env-log register
    If you belong to more than one organization, use the arrow keys to select the organization you want to register your environments with.
With the organization registered, newly created environments are automatically logged to the registered organization.

Logging environments

Existing environments can be manually logged by running:
Verify you’re authenticated by running anaconda login in your terminal prior to manually logging an environment.
anaconda env-log log --name <ENV_NAME>

Viewing logged environments

Environments you’ve logged to your organization can be viewed at any time from the Environments page. Under Org Management, select Environments.
View logged environments
The Environments page shows you:
  • Environment names and locations
  • The number of packages in the environments
  • The number of CVEs associated with the packages in the environments, as well as how many have an Active status
  • The last time the environments were updated

Searching and filtering

Use the search box at the top of the table to find your environments by name or path. You can also filter by platform.
As a user, you can only view the environments that you’ve logged to your organization.
Environment search and filters
To find all environments affected by a specific vulnerability, search by CVE ID using the unified search at the top of the page. The results include every environment in your organization that contains packages associated with that CVE.

Exploring logged environments

Browse your logged environments to gain insights into the packages that they contain. You can see which packages are present in the environment as well as any CVEs associated with them.

Viewing environment packages

The environment’s Packages page shows you which packages are in an environment and what they were sourced from.
  1. Under Org Management, select Environments.
  2. Select the package count displayed under the PACKAGES column.
    Viewing a logged environment's packages
    Use the navigation controls at the bottom to browse the environment’s packages.

Viewing environment CVEs

The CVEs tab shows all CVEs associated with the environment. Each entry includes the CVE name, CVSS score, Anaconda curation date, a description of the vulnerability, and its current status.
  1. Under Org Management, select Environments.
  2. Select the CVE count displayed under the CVES column. Use the filters at the top of the page to locate critical CVEs efficiently. Select a CVE from the list to view its details.
    Viewing a logged environment's CVEs
The active filter is automatically applied to the CVE panel’s displayed results.

Scanning environments

Scanning an environment checks the most recently saved conda environment log for CVEs associated with the packages it contains.
Environments are automatically scanned when created, but not when they are logged or when the log updates. To ensure an accurate assessment of an environment’s current CVE state, perform a scan before you explore it in Anaconda.com. You can also scan environments locally to identify potential issues immediately.
Use anaconda-audit to scan a local environment.To scan an environment, open Anaconda Prompt (Terminal on macOS/Linux) and run the following command:
anaconda audit scan --name <ENV_NAME>
This command uses the default conda environment path prefix. If you have environments in non-default locations, you can use the --prefix flag to specify the path to the environment. For example:
anaconda audit scan --prefix /path/to/env/<ENV_NAME>
To scan an environment for a specific CVE:
Open Anaconda Prompt and run the following command:
anaconda audit scan --prefix /path/to/env/<ENV_NAME> | findstr "<CVE_NAME>"
The audit scan returns a list of environment packages, and displays the following information for each package:
  • Version number
  • Build number
  • Source channel
  • CVE curation status
  • CVSS score
  • CVE status
A summary of the scan results is displayed at the end of the scan that shows a matrix of the number of CVEs and their statuses by severity level.
Scan results are color coded to help you identify the CVE severity, and a checkmark is displayed beside a CVE name to indicate that it has undergone Anaconda curation. CVEs that are stricken through have a status of cleared and are safe to use in your environment.