From ac8de708ed6f1740030e0999054fd2de3846579e Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Tue, 13 Aug 2024 13:51:31 +1000 Subject: [PATCH] docs: emphasize Python 3.11 requirement for Python dep analysis (#825) Signed-off-by: behnazh-w --- docs/source/pages/tutorials/detect_malicious_package.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/source/pages/tutorials/detect_malicious_package.rst b/docs/source/pages/tutorials/detect_malicious_package.rst index a5d1781de..1673a73f6 100644 --- a/docs/source/pages/tutorials/detect_malicious_package.rst +++ b/docs/source/pages/tutorials/detect_malicious_package.rst @@ -168,7 +168,11 @@ Analyzing django with dependencies Macaron supports analyzing a package's dependencies and performs the same set of checks on them as it does on the main target package. To analyze the dependencies of ``django@5.0.6`` Python package, you can either :ref:`generate an SBOM ` yourself or :ref:`point Macaron to a virtual environment ` where ``django`` is installed. -Let's assume ``/tmp/.django_venv`` is the virtual environment where ``django@5.0.6`` is installed. Run Macaron as follows to analyze ``django`` and its dependencies. +Let's assume ``/tmp/.django_venv`` is the virtual environment where ``django@5.0.6`` is installed. + +.. note:: If you want Macaron to analyze the virtual environment directly to identify the dependencies, we require Python 3.11 to be used to install the package. Alternatively, you can generate the SBOM as instructed :ref:`here ` and pass it to Macaron as input. + +Run Macaron as follows to analyze ``django`` and its dependencies. .. code-block:: shell