[BUG] Conda scanner not recognizing known vulnerability

[vramirez333]

Describe the bug
I can't get Jake-conda scanner to recognize known vulnerabilities. Based on a screenshot from this Jake-Sonatype documentation (https://blog.sonatype.com/how-to-easily-identify-conda-vulnerabilities-using-sonatype-jake), I should get a vulnerability when I scan for this Conda dependency: [email protected]. However, when I run the scanner, there are zero vulnerabilities found.

Please help me reproduce this or any other conda dependency vulnerabilities.

To Reproduce
Steps to reproduce the behavior:

1. Convert this environment.yml file-code to conda list explicit:

name: jake-test
channels:

• conda-force
• defaults
  dependencies:
• openssl=1.1.1d

2. Once the conda explicit list is available (env.txt), run the Jake conda scanner against it using the following command:
   'jake -w ddt -t CONDA -f "env.txt"'

3. The Jake-conda scanner results will show 6 Audited Vulnerabilities and 0 Vulnerabilities Found.

Expected behavior
Based on the Sonatype documentation in the shared link, above, I expect the Jake-conda scanner to return at least 1 Vulnerability Found in the scan results.

Screenshots
Screenshot from Sonatype link, showing known vulnerability:

Here are my actual results showing no vulnerabilities. The results are from an Azure DevOps pipeline:

Here is what the env.txt file looks like:

Desktop (please complete the following information):
-conda version 23.11.0
-running code in Azure DevOps

Additional context
My goal is to reproduce any vulnerabilities using Jake's Conda scanner.