Administrators can monitor the installed in user environments, view any Common Vulnerabilities and Exposures () associated with them and, if necessary, enforce security standards by blocking the environment from use. IT administrators can also provide a custom message to guide users through environment remediation. This telemetric data assists your IT administrators with auditing tasks by ensuring users are compliant with your security requirements and providing historical tracking for infrastructure audits. In order to utilize the Environments feature, organization members (including administrators) must first complete the required setup steps to enable environment management.

Enabling environment management

Administrators can enhance organizational security by requiring members to log their local conda with the organization. Environments that are logged with an organization can be monitored, scanned, and blocked from use if a vulnerability is discovered. For more information about logging, scanning, and managing environments, see Environments.
Implementing environment logging requires coordination at the organizational level.

Prerequisites

Environment logging and scanning requires the following:
  • An Anaconda.com account
  • Python 3.10 or later in your (base) environment

Installing required plugins

Environment logging and scanning requires the installation of a few plugins in your (base) environment that expand the functionality of conda. Obtain the necessary plugins by installing the anaconda-env-manager “metapackage” (which contains all of the plugins listed below). To install anaconda-env-manager, run the following command: 
conda install --name base anaconda-cloud::anaconda-env-manager

Registering your organization

To ensure your environments are properly logged to your organization on Anaconda.com, you must log in via the CLI and register your organization with conda. To register your organization:
  1. Open Anaconda Prompt (Terminal on macOS/Linux).
  2. Authenticate to Anaconda by running the following command: 
    anaconda login --at anaconda.com
    When prompted for your username and password, enter your Anaconda.com credentials and complete the login process in the browser window that opens.
  3. After successfully logging in, return to the command line and register your organization by running the following command: 
    # Replace <ORG_ID> with your ORG_ID — found in your organization's URL —
# https://anaconda.com/app/organizations/<ORG_ID>
conda env-log register --organization-name <ORG_ID>
With the organization registered (and anaconda-env-log installed in the (base) environment), newly created environments are logged to the registered organization.

Logging environments

With anaconda-env-log installed, all newly created environments are automatically logged within conda, and existing environments are automatically logged whenever you perform certain conda actions (install, remove, rename, or update) in them. Existing environments can also be logged manually by running the following command:
You must log in to Anaconda.com using the CLI prior to manually logging an environment.
# Replace <ENV_NAME> with the name of the environment you want to log to your organization
conda env-log log --name <ENV_NAME>

Viewing logged environments

Environments logged with an organization can be viewed at any time from the Environments page. Members can view the environments they’ve logged, while administrators have access to view every environment logged with the organization.
  1. Navigate to your Organizations page.
  2. Select your organization.
  3. Under Org Management, select Environments.
The Environments page shows you:
  • Environment names and locations
  • The number of packages in the environments
  • The number of CVEs associated with the packages in the environments
  • The environment’s creator
  • The last time the environments were updated
Use the filters at the top of the table to locate environments efficiently.

Exploring logged environments

Environments that are logged with an organization can be browsed to gain insights into the packages that they contain. You can see which packages are present in the environment as well as any CVEs associated with them.

Viewing environment packages

The environment’s Packages page shows you which packages are in an environment and what they were sourced from.
  1. Navigate to your Organizations page.
  2. Select your organization.
  3. Under Org Management, select Environments.
  4. Select the package count displayed under the PACKAGES column.
    Use the navigation controls at the bottom to browse the environment’s packages.

Viewing environment CVEs

The CVEs panel shows all of the CVEs associated with the environment by name and severity.
  1. Navigate to your Organizations page.
  2. Select your organization.
  3. Under Org Management, select Environments.
  4. Select the CVE count displayed under the CVES column. Use the filters at the top of the panel to locate critical CVEs efficiently.
The active filter is automatically applied to the CVE panel’s displayed results.
For additional information about a CVE, search for it in a channel that has no policy applied.

Scanning environments

Scanning an environment checks the most recently saved conda environment log for CVEs associated with the packages it contains.
Environments are automatically scanned when created, but not when they are logged or when the log updates. To ensure an accurate assessment of an environment’s current CVE state, perform a scan before you explore it in Anaconda.com. You can also scan environments locally to identify potential issues immediately.
Use anaconda-audit to scan a local environment.To scan an environment, open Anaconda Prompt (Terminal on macOS/Linux) and run the following command:
# Replace <ENV_NAME> with the name of the environment you want to scan
anaconda audit scan --name <ENV_NAME>
This command uses the default conda environment path prefix — opt/anaconda3/envs/.If you have environments in non-default locations, you can use the --prefix flag to specify the path to the environment. For example:
# Replace <ENV_NAME> with the name of your environment
anaconda audit scan --prefix /path/to/env/<ENV_NAME>
To scan an environment for a specific CVE:
Open Anaconda Prompt and run the following command:
# Replace <ENV_NAME> with the name of your environment
# Replace <CVE_NAME> with the name of the CVE you want to check for
anaconda audit scan --prefix /path/to/env/<ENV_NAME> | findstr "<CVE_NAME>"
The audit scan returns a list of environment packages, and displays the following information for each package:
  • Version number
  • Build number
  • Source channel
  • CVE curation status
  • CVSS score
  • CVE status
A summary of the scan results is displayed at the end of the scan that shows a matrix of the number of CVEs and their statuses by severity level.
Scan results are color coded to help you identify the CVE severity, and a checkmark is displayed beside a CVE name to indicate that it has undergone Anaconda curation. CVEs that are stricken through have a status of cleared and are safe to use in your environment.

Blocking environments

Administrators can take action on environments that don’t meet security standards by utilizing organizational environment security status controls, which allow them to place a warning on an environment or block access to it completely. In both cases, administrators can enter a personalized message with guidance on what actions must be taken to restore access. Organization members who have had their environment blocked will receive the administrator’s message next time they try to activate the environment.
  1. Navigate to your Organizations page.
  2. Select your organization.
  3. Under Org Management, select Environments.
  4. Select the environment you want to take action on.
  5. Click Update Status.
  6. Select a status to apply to the environment and enter a custom message, if necessary.
  7. Click Save.

Archiving environments

Archiving environments allows administrators to maintain an organized workspace by moving inactive or obsolete environments to a dedicated tab. This separation reduces clutter in the active environment list, making it easier to manage.
  1. Navigate to your Organizations page.
  2. Select your organization.
  3. Under Org Management, select Environments.
  4. Select the environment you want to take action on.
  5. Click Archive.
Archived environments are still available for use. If you would like to prevent the environment from being used, block the environment.