C/C++ Application Analysis

The Conan coordinate-based matching feature provides the ability to scan and evaluate C/C++ dependencies found in either a conanfile.txt, conanfile.py or conaninfo.txt file.

What is supported

Files named conanfile.txt, conanfile.py or conaninfo.txt will be analyzed.

What do we parse from the files?

In conanfile.txt

Only dependencies with an exact version under the "requires" and "build_requires" groups are evaluated, for example:

[requires]
      apache-apr/0.9.1@jgsogo/stable

[build_requires]
      libxml2/2.9.8@bincrafters/stable

In conanfile.py

Only dependencies with an exact version (directly as strings, not built using python code) in the attributes "requires", "build_requires" and the methods "self.requires" and "self.build_requires" are evaluated, for example:

from conans import ConanFile, CMake

class ExampleConan(ConanFile):
	build_requires = "libxml2/2.9.8@bincrafters/stable"
	requires = "opencv/2.2@drl/stable"

	def requirements(self):
		self.build_requires("apache-apr/0.9.1@jgsogo/stable")
		self.requires("zlib/1.2.0@conan/stable")

In conaninfo.txt

Dependencies under the "requires" and "full_requires" groups are evaluated, for example:

[requires]
    glm/0.9.7.6

[full_requires]
    zlib/1.2.11@conan/stable:ec336a8e46e06995be9ad34dc1a7477dff42a7df

Steps to analyze using the CLI

Invoke a CLI scan of a directory or subdirectories containing either a conanfile.txt, conanfile.py or conaninfo.txt file. Instructions on how to do this can be found here: Sonatype IQ CLI.

Examples for each Conan file can be found above in the document.

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the conanfile.txt, conanfile.py, and conaninfo.txt files. A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/conanfile.txt'], [scanPattern: '**/conanfile.py'], [scanPattern: '**/conaninfo.txt']], iqStage: 'build'

To find more information on how to configure Jenkins please go to the Sonatype Platform Plugin for Jenkins.

Steps to analyze using the Bamboo plugin

Bamboo Scan Targets control what files are examined.  To evaluate C/C++, add conanfile.txt, conanfile.py, and conaninfo.txt to the scan targets via a comma-separated list e.g.

**/conanfile.txt,**/conanfile.py,**/conaninfo.txt

To find more information on how to configure Bamboo please go to the Lifecycle for Bamboo.