gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 15:16:33 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9da33b5aed1269f5fdcfc5b34ba3df59ca86e51b
trivy/docs/guide/coverage/language/c.md
Owen Rumney 9da33b5aed docs: restructure docs for new hosting (#9799)
2025-11-18 15:45:49 +00:00

36 lines
2.0 KiB
Markdown
Raw Blame History

# C/C++
Trivy supports Conan C/C++ Package Manager ([v1][conanV1] and [v2][conanV2] with limitations).
The following scanners are supported.
| Package manager | SBOM | Vulnerability | License |
|-----------------|:----:|:-------------:|:-------:|
| Conan | ✓ | ✓ | ✓[^1] |
The following table provides an outline of the features Trivy offers.
| Package manager | File | Transitive dependencies | Dev dependencies | [Dependency graph][dependency-graph] | Position |
|-----------------------|----------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|
| Conan (lockfile v1) | conan.lock[^2] | ✓ | Excluded | ✓ | ✓ |
| Conan (lockfile v2) | conan.lock[^2] | ✓ [^3] | Excluded | - | ✓ |
## Conan
In order to detect dependencies, Trivy searches for `conan.lock`[^1].
[conanV1]: https://docs.conan.io/1/index.html
[conanV2]: https://docs.conan.io/2/
### Licenses
The Conan lock file doesn't contain any license information.
To obtain licenses we parse the `conanfile.py` files from the [conan v1 cache directory][conan-v1-cache-dir] and [conan v2 cache directory][conan-v2-cache-dir].
To correctly detection licenses, ensure that the cache directory contains all dependencies used.
[conan-v1-cache-dir]: https://docs.conan.io/1/mastering/custom_cache.html
[conan-v2-cache-dir]: https://docs.conan.io/2/reference/environment.html#conan-home
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
[^1]: The local cache should contain the dependencies used. See [licenses](#licenses).
[^2]: `conan.lock` is default name. To scan a custom filename use [file-patterns](../../configuration/skipping.md#customizing-file-handling).
[^3]: For `conan.lock` in version 2, indirect dependencies are included in analysis but not flagged explicitly in dependency tree
Reference in New Issue View Git Blame Copy Permalink