1. How is Anaconda Team Edition different from other software repositories?
Team Edition is built by data scientists for data scientists, with a focus on Conda, Python and R. Team Edition’s UI is more familiar to data scientists, and it is designed for the management of data science and machine learning packages within channels.
Team Edition outperforms other repositories when it comes to secure data science because it is a Conda-native platform maintained by the builders of Conda packages. Not only do we carefully curate and scan for malware, but we also know what is within each package we build, so we can more accurately match the CVE data to the build artifacts than anyone else. Our CVE scores are also more up to date because we know when patches are implemented between releases. Unlike other platforms, we don’t only provide CVE data, we link dependency trees to CVE scores and provide package metadata you can trust. This metadata is only available from Anaconda.
2. How do I manage security and control access to packages?
Your administrators can govern access according to users, groups, and roles. They can also control the risk level of the packages they wish to mirror from Anaconda’s repository. Risk levels are reported according to the NIST scoring system. Scores (1-10) are assigned to each package, and these are set according to NIST’s Common Vulnerability Scoring System (CVSS). CVSS is a framework for communicating the characteristics and severity of software vulnerabilities. Administrators can also filter packages based on licenses, blacklists, and whitelists.
3. Why would I want to mirror packages into my infrastructure from Anaconda, PyPI, CRAN?
By mirroring packages to your own infrastructure, you own your availability. This means that you are not dependent on Anaconda, PyPI or CRAN to be online when your team needs packages. It also saves time by downloading packages from the Internet and frees up bandwidth for other tasks. With Team Edition, data scientists search for packages they need within a mirrored repository of packages that meet IT and InfoSec’s standards. This empowers data scientists to get to work immediately without waiting for download approval.
4. How do I share artifacts and packages efficiently across my organization?
Users can share packages and artifacts by using public channels or by sharing them within user groups associated with private channels.
5. How do I find a package once it has been uploaded to my organization’s repository?
Users can search for packages using an advanced search feature that looks for occurrences of that package across the entire system, on public channels as well as any private channel that the user has access to.
6. How do you ensure that both my proprietary packages and downloaded open-source packages are always available?
Both proprietary and open-source packages are stored within Anaconda Team Edition that resides on your company’s infrastructure. The availability of this repository is 100% controlled by your company’s IT infrastructure and system administrators.
7. What kind of package metadata is available with Team Edition?
The metadata for packages in Team Edition is very comprehensive. Users can find license information, descriptions, artifact family, package type, platform, client metadata, version, names of package maintainers, and more.
8. Why can’t I just use other solutions to scan data science and machine learning packages?
Anaconda Team Edition has been built with enhanced CVE matching capability to accurately identify affected Anaconda-built conda packages. Anaconda builds these conda packages, knows exactly what is in them, and can add available patches and release new builds that mitigate vulnerabilities. Further, Anaconda Team Edition keeps track of and displays package dependencies making it possible to identify vulnerabilities across dependent packages.
9. What are the minimum requirements for installation?
Installing Team Edition in your environment is fast and easy and involves the installation of a Docker image on a host running a Linux operating system. See our pre-implementation sheet for more information.
10. How does Anaconda Team Edition differ from Anaconda Distribution?
Anaconda Distribution is made for solo practitioners and does not support a range of enterprise requirements. Anaconda Team Edition provides the ability to mirror Python and R packages, CVE reporting, user access control, audit trails, and other governance and security features. See anaconda.com/repository for more information.