Skip to main content

C/C++ Application Analysis

The Conan coordinate-based matching feature provides the ability to scan and evaluate C/C++ dependencies found in either a conanfile.txt, conanfile.py, or conaninfo.txt file.

What is supported

Files named conanfile.txt, conanfile.py or conaninfo.txt will be analyzed.

What do we parse from the files?

In conanfile.txt

Only dependencies with an exact version under the "requires" and "build_requires" groups are evaluated, for example:

[requires]
      apache-apr/0.9.1@jgsogo/stable

[build_requires]
      libxml2/2.9.8@bincrafters/stable

In conanfile.py

Only dependencies with an exact version (directly as strings, not built using python code) in the attributes "requires", "build_requires" and the methods "self.requires" and "self.build_requires" are evaluated, for example:

from conans import ConanFile, CMake

class ExampleConan(ConanFile):
        build_requires = "libxml2/2.9.8@bincrafters/stable"
        requires = "opencv/2.2@drl/stable"

        def requirements(self):
                self.build_requires("apache-apr/0.9.1@jgsogo/stable")
                self.requires("zlib/1.2.0@conan/stable")

In conaninfo.txt

Dependencies under the "requires" and "full_requires" groups are evaluated, for example:

[requires]
    glm/0.9.7.6

[full_requires]
    zlib/1.2.11@conan/stable:ec336a8e46e06995be9ad34dc1a7477dff42a7df

Steps to analyze using the CLI

Invoke a CLI scan of a directory or subdirectories containing either a conanfile.txt, conanfile.py or conaninfo.txt file. Instructions on how to do this can be found here: Sonatype IQ CLI.

Examples for each Conan file can be found above in the document.

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the conanfile.txt, conanfile.py, and conaninfo.txt files. A custom Scan Target is needed.

Example Pipeline Script with Scan Patterns

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/conanfile.txt'], [scanPattern: '**/conanfile.py'], [scanPattern: '**/conaninfo.txt']], iqStage: 'build'

To find more information on how to configure Jenkins please go to Sonatype Platform Plugin for Jenkins.

Steps to analyze using the Bamboo plugin

Bamboo Scan Targets control what files are examined. To evaluate C/C++, add conanfile.txt, conanfile.py, and conaninfo.txt to the scan targets via a comma-separated list e.g.

Example Bamboo Scan Patterns

**/conanfile.txt,**/conanfile.py,**/conaninfo.txt

To find more information on how to configure Bamboo please go to the Lifecycle For Bamboo.