Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Overview

Xray can scan Conan packages deployed to Artifactory. Xray can also scan C/C++ dependencies as part of a build. 

Requires Artifactory version 7.17.4 and above. 

Page Contents


Conan

Packages

Xray scans Conan packages the same way it scans other package types. Xray data will only be displayed for the conanmanifest.txt file. An optional vendor field can be added in the Conan recipe file to prevent false positives.

Builds

Conan artifacts and dependencies can be provided as part of the BuildInfo using the conan_build_info command. 


C/C++ Builds

In order for Xray to identify the build's C++ components manually create a BuildInfo and publish it to Artifactory. For more information, see the Build Upload REST API .

In the BuildInfo, do the following:

  1. Specify a cpp module, and set cpp as the modules type.
  2. In the dependencies section, list all of the cpp components of your build. Each cpp component must contain:
    • Sha1
    • ID: Consists of the component's vendor, name and version, in the form: "[vendor]:name:version". Please note that the 'vendor' field is optional.

Example:

{
   "version": "1.0.1",
   "name": "MyBuildName",
   "number": "42",
   "type": "GENERIC",
   "started": "2021-01-19T15:47:52.000Z",
   "buildAgent": {
       "name": "Private builder",
       "version": "1.0"
   },
   "modules": [
       {
           "id": "<MODULE-ID>",
           "type": "cpp",
           "dependencies": [
               {
                   "sha1": "<SHA1>",
                   "md5": "<MD5>",
                   "id": "<vendor1>:<name1>:<version1>",
                   "type": "cpp"
               },
               {
                   "sha1": "<SHA1>",
                   "md5": "<MD5>",
                   "id": "<vendor2>:<name2>:<version2>",
                   "type": "cpp"
               }
           ]
       }
   ]
}
  • No labels
Copyright © 2021 JFrog Ltd.