How to scan C/C++ language with conan.lock? #884
Labels
question
Further information is requested
Comments
|
Thanks for the question! While OSV-Scanner has Conan.lock support, there's actually no available vulnerability database for ConanCenter packages. We have some questions for Conan that I've asked in conan-io/conan#15918 (comment) regarding this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi everyone,
I would like to use this great tool for scanning C/C++ language.
I already know how to scan C/C++ lanuage from github commit hash.
From osv-scanner document, I found conan.lock can be used to scan also.
And from API document, the ConanCenter echo system is included.
Therefore, I tried to install openssl package from ConanCenter.
After installing, I tried to use following 2 ways to do OSV scan but both got "No issues found" result.
a. Scan by option "--sbom".
Because conan CLI can create the SBOM with CycloneDX format, so I created the SBOM file.
b. Scan by option "--lockfile".
The conan CLI can create conan.lock form conanfile.txt.
Could anyone share information for reference?
Thank you very much.
The text was updated successfully, but these errors were encountered: