C/C++ Application Analysis
The Conan coordinate-based matching feature provides the ability to scan and evaluate C/C++ dependencies found in either a conanfile.txt, conanfile.py or conaninfo.txt file.
What is supported
Files named conanfile.txt, conanfile.py or conaninfo.txt will be analyzed.
What do we parse from the files?
Only dependencies with an exact version under the "requires" and "build_requires" groups are evaluated, for example:
[requires] apache-apr/0.9.1@jgsogo/stable [build_requires] libxml2/2.9.8@bincrafters/stable
Only dependencies with an exact version (directly as strings, not built using python code) in the attributes "requires", "build_requires" and the methods "self.requires" and "self.build_requires" are evaluated, for example:
from conans import ConanFile, CMake class ExampleConan(ConanFile): build_requires = "libxml2/2.9.8@bincrafters/stable" requires = "opencv/2.2@drl/stable" def requirements(self): self.build_requires("apache-apr/0.9.1@jgsogo/stable") self.requires("zlib/1.2.0@conan/stable")
Dependencies under the "requires" and "full_requires" groups are evaluated, for example:
[requires] glm/0.9.7.6 [full_requires] zlib/1.2.11@conan/stable:ec336a8e46e06995be9ad34dc1a7477dff42a7df
Steps to analyze using the CLI
Invoke a CLI scan of a directory or subdirectories containing either a conanfile.txt, conanfile.py or conaninfo.txt file. Instructions on how to do this can be found here: Sonatype IQ CLI.
Examples for each Conan file can be found above in the document.
Steps to analyze using the Jenkins plugin
By default, the Jenkins plugin will not evaluate the conanfile.txt, conanfile.py, and conaninfo.txt files. A custom Scan Target is needed.
nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/conanfile.txt'], [scanPattern: '**/conanfile.py'], [scanPattern: '**/conaninfo.txt']], iqStage: 'build'
To find more information on how to configure Jenkins please go to the Sonatype Platform Plugin for Jenkins.
Steps to analyze using the Bamboo plugin
Bamboo Scan Targets control what files are examined. To evaluate C/C++, add conanfile.txt, conanfile.py, and conaninfo.txt to the scan targets via a comma-separated list e.g.
To find more information on how to configure Bamboo please go to the Lifecycle for Bamboo.