Scanning Conan (C++) projects

Learn how to scan Conan (C++) projects with Debricked.

Debricked supports scanning of CycloneDX SBOMs. To scan a Conan project, you can use the following GitHub Action that generates an SBOM and scans it with the Debricked tool:

https://github.com/emil-debricked/examples/blob/master/.github/workflows/debricked.yml

name: Debricked scan

on: [push, pull_request]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-python@v4
    - name: Install Conan SBOM generator # https://github.com/CycloneDX/cyclonedx-conan
      run: |
          python -m pip install cyclonedx-conan 
          python -m pip install markupsafe==2.0.1
          python -m pip install -U conan
    - name: Generate Conan SBOM
      run: cyclonedx-conan libraries/folly/basic/conanfile.txt | sed -n -e '/^{/,$p' > sbom.json # cyclonedx-conan PATH_TO_conanfile.txt > SBOM_NAME_FILE
    - uses: debricked/actions/scan@v1
      env:
        DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

It uses the official CycloneDX Conan generator from the CycloneDX project.

Last updated 1 month ago