RENV
This is the documentation for the RENV dependency manager for R language
Dependencies
Threatrix RENV support requires RENV to be installed on the machine on which the Threat Agent is running. If not already installed, you may install RENV with the following command:
R -e "install.packages(\"renv\")"
Setup
Threatrix RENV support requires an renv.lock file to be present in order to create the bill of materials. If one is not present, it may be created using the following instructions. Once created, it should be committed and managed with your other repository code.
Create a file named create-renv-lock in the same directory as the DESCRIPTION file and add the following contents:
From the same directory with the create-renv-lock, run:
R --vanilla -s -q -f ./create-renv-lock
An renv.lock file should be created and present in the same directory as your DESCRIPTION file. The renv.lock should be updated whenever your DESCRIPTION file is updated and committed to your source repo so that it's available with each scan.
Usage
No additional steps are necessary. Simply run Threatrix Threat Agent and it will create the associated bill of materials using RENV.
Errors and Runtime Issues
Timeouts During Executing
If you're seeing timeouts while running the Threat Agent in an environment with RENV, but without the required renv.lock file, we will attempt to create the renv.lock, which may lead to timeouts after 15 minutes.
Best practice is to ensure that your team creates the necessary renv.lock and commits it to your repo so that our agent does not have to recreate with every scan.
Last updated
Was this helpful?