Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Dependencies
  • Setup
  • Usage
  • Errors and Runtime Issues
  • Timeouts During Executing

Was this helpful?

  1. Integrations
  2. Dependency Managers

RENV

This is the documentation for the RENV dependency manager for R language

Dependencies

Threatrix RENV support requires RENV to be installed on the machine on which the Threat Agent is running. If not already installed, you may install RENV with the following command:

R -e "install.packages(\"renv\")"

Setup

Threatrix RENV support requires an renv.lock file to be present in order to create the bill of materials. If one is not present, it may be created using the following instructions. Once created, it should be committed and managed with your other repository code. Create a file named create-renv-lock in the same directory as the DESCRIPTION file and add the following contents:

# R script for RENV dependency manager that creates package lock file

dependency.errors <- getOption("renv.config.dependency.errors")
install.transactional <- getOption("renv.config.install.transactional")
snapshot.validate <- getOption("renv.config.snapshot.validate")

options(renv.config.dependency.errors = "ignore")
options(renv.config.install.transactional = FALSE)
options(renv.config.snapshot.validate = FALSE)

renv::init(
    settings = list(snapshot.type = "explicit")
)
renv::snapshot(force=TRUE, type="explicit")


options(renv.config.dependency.errors = dependency.errors)
options(renv.config.install.transactional = install.transactional)
options(renv.config.snapshot.validate = snapshot.validate)

From the same directory with the create-renv-lock, run: R --vanilla -s -q -f ./create-renv-lock

An renv.lock file should be created and present in the same directory as your DESCRIPTION file. The renv.lock should be updated whenever your DESCRIPTION file is updated and committed to your source repo so that it's available with each scan.

Usage

No additional steps are necessary. Simply run Threatrix Threat Agent and it will create the associated bill of materials using RENV.

Errors and Runtime Issues

Timeouts During Executing

If you're seeing timeouts while running the Threat Agent in an environment with RENV, but without the required renv.lock file, we will attempt to create the renv.lock, which may lead to timeouts after 15 minutes.

Best practice is to ensure that your team creates the necessary renv.lock and commits it to your repo so that our agent does not have to recreate with every scan.

PreviousDependency ManagersNextBuild Integrations

Last updated 1 year ago

Was this helpful?