Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(conan): Trivy doesn't parse the .conan2/p directory to detect the license for the v2 lock file. #6931

Closed
2 tasks done
DmitriyLewen opened this issue Jun 14, 2024 Discussed in #6926 · 0 comments · Fixed by #6949
Closed
2 tasks done

bug(conan): Trivy doesn't parse the .conan2/p directory to detect the license for the v2 lock file. #6931

DmitriyLewen opened this issue Jun 14, 2024 Discussed in #6926 · 0 comments · Fixed by #6949
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #6926

Originally posted by manifestori June 14, 2024

Description

I have used Trivy to generate SBOMs for Conan projects using lockfiles v2.

Unfortuantly, even though its supported in V1, license parsing using cache dir doesn't work.
The root cause is:

	// cf. https://docs.conan.io/1/mastering/custom_cache.html
	cacheDir := os.Getenv("CONAN_USER_HOME")
	if cacheDir == "" {
		cacheDir, _ = os.UserHomeDir()
	}
	cacheDir = path.Join(cacheDir, ".conan", "data")

	if !fsutils.DirExists(cacheDir) {
		return nil, xerrors.Errorf("the Conan cache directory (%s) was not found.", cacheDir)
	}

It's an easy fix, but cacheDir = path.Join(cacheDir, ".conan", "data") is not the path for v2.
v2 uses ~/.conan2/p/ , so using CONAN_USER_HOME still won't work. even if you set it to ~/.conan2/p/ it will append data. thus, unable to parse license data from cache.

I have copied my files to v1 location and parsing went perfectly.

Desired Behavior

Licenses should be parse on lockfile v2

Actual Behavior

No license data was found in the non-existent cache.

Reproduction Steps

1.
2.
3.
...

Target

Filesystem

Scanner

None

Output Format

JSON

Mode

None

Debug Output

---

Operating System

OSX

Version

Version: 0.48.0

Checklist
@DmitriyLewen DmitriyLewen added kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning labels Jun 14, 2024
@DmitriyLewen DmitriyLewen self-assigned this Jun 17, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Jun 17, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir DmitriyLewen/trivy
1 participant
@DmitriyLewen