Scanning Conan (C++) projects

Learn how to scan Conan (C++) projects with OpenText Core SCA.

OpenText Core SCA supports scanning of CycloneDX SBOMs. To scan a Conan project, you can use the following GitHub Action that generates an SBOM and scans it with the OpenText Core SCA tool:

https://github.com/Debricked-Community/conan-example/blob/master/.github/workflows/debricked.yml

name: Debricked scan

on: [push, pull_request]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v5
    - name: Install Conan SBOM generator # https://github.com/CycloneDX/cyclonedx-conan
      run: |
          python -m pip install cyclonedx-conan 
          python -m pip install markupsafe==2.0.1
          python -m pip install -U conan
    - name: Generate Conan SBOM
      run: cyclonedx-conan conanfile.txt > sbom.json # cyclonedx-conan PATH_TO_conanfile.txt > SBOM_NAME_FILE
    - uses: debricked/actions@v4
      env:
        DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

It uses the official CycloneDX Conan generator from the CycloneDX project.

Last updated 6 months ago

Was this helpful?