C/C++
Trivy supports Conan C/C++ Package Manager (v1 and v2 with limitations).
The following scanners are supported.
Package manager | SBOM | Vulnerability | License |
---|---|---|---|
Conan | ✓ | ✓ | ✓1 |
The following table provides an outline of the features Trivy offers.
Package manager | File | Transitive dependencies | Dev dependencies | Dependency graph | Position |
---|---|---|---|---|---|
Conan (lockfile v1) | conan.lock2 | ✓ | Excluded | ✓ | ✓ |
Conan (lockfile v2) | conan.lock2 | ✓ 3 | Excluded | - | ✓ |
Conan
In order to detect dependencies, Trivy searches for conan.lock
1.
Licenses
The Conan lock file doesn't contain any license information.
To obtain licenses we parse the conanfile.py
files from the conan cache directory.
To correctly detection licenses, ensure that the cache directory contains all dependencies used.