Xray scans Conan packages the same way it scans other package types. Xray data will only be displayed for the
conanmanifest.txt file. An optional vendor field can be added in the Conan recipe file to prevent false positives.
Conan artifacts and dependencies can be provided as part of the BuildInfo using the conan_build_info command.
Xray supports scanning C/C++ packages as build-dependencies only. The following steps are required:
- Create a build-info listing all the C/C++ packages you want to scan. Refer to the build-info creation example.
- Upload the build to Artifactory, and perform an Xray scan.
For more information, see the Build Upload REST API .
This process requires creating and uploading C/C++ build-info manually in accordance with the build-info schema. It also requires the listing of all the C/C++ libraries to be scanned. For each component you need to provide name and version; vendor is optional.
In the BuildInfo, do the following:
- Specify a cpp module, and set
cppas the modules type.
- In the dependencies section, list all of the cpp components of your build. Each cpp component must contain:
- ID: Consists of the component's vendor, name and version, in the form: "
[vendor]:name:version". Please note that the 'vendor' field is optional.
C/C++ Info Example:
Build-info Creation Example: