Breadcrumbs

Configuring the Unified Agent for Python

The following article includes best practices and configuration recommendations for using the Unified Agent to scan Python projects.

Best Practices

Before scanning a Python project, ensure the following for the most accurate results:

  1. You are using a supported Python package manager. The Unified Agent provides support for the following package managers:

    • Pip

    • Pipenv

    • Poetry

    • Conda

  2. You have Python and the package manager you use installed

  3. The project can be built successfully on the machine where you are running the scan

  4. Your project includes one of the following supported file types:

    • requirements.txt

    • pipfile.toml

    • setup.py

    • setup.cfg (starting in Unified Agent v22.5.1)

    • pyproject.toml

    • environment.yml

Configuring Unified Agent Parameters - All Package Managers Except Conda

For all scans except those using Conda, set the following to ‘true’:

python.resolveDependencies=true

If source files should be included in the scan, set the following to ‘false’:

python.ignoreSourceFiles=false

Pip Specific Parameters

When using Pip, set the following:

python.installVirtualenv=true

python.resolveHierarchyTree=true

python.ignorePipInstallErrors=false

python.resolvePipEditablePackages=true

If multiple Python versions are installed on the machine, set the following:

python.path=<path to Python executable>

python.pipPath=<pip or pip3>

If the project includes dependencies from an Index other than Pypi, set the following:

python.indexUrl=<the URL of the index>

If the project uses a file other than requirements.txt and should use Pip to resolve the dependencies, set the following:

python.requirementsFileIncludes=<name of the file to scan>

If the project includes a setup.cfg (starting in Unified Agent v22.5.1) or setup.py file, set the following to ‘true’:

Before Unified Agent v22.5.1:
==============================
python.resolveSetupPyFiles=true

Starting in Unified Agent v22.5.1:
==============================
python.resolveSetupFiles=true

If the project includes local packages set the following:

python.localPackagePathsToInstall=<path to local packages>

If the project includes global packages set the following to ‘true’:

python.resolveGlobalPackages=true

Pipenv Specific Parameters

When using Pipenv, set the following:

python.runPipenvPreStep=true

python.IgnorePipenvInstallErrors=false

If dev dependencies should be included in the scan results, set the following to ‘true’:

python.pipenvDevDependencies=true

python.includePipenvDevDependencies=true

Poetry Specific Parameters

When using Poetry, set the following to ‘true’:

python.runPoetryPreStep=true

If dev dependencies should be included in the scan results, set the following to ‘true’:

python.includePoetryDevDependencies=true

Conda Specific Parameters

When using Conda, set the following to ‘true’:

conda.resolveDependencies=true