Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

bug(conan): Trivy doesn't parse the .conan2/p directory to detect the license for the v2 lock file. #6931

Closed
2 tasks done
DmitriyLewen opened this issue Jun 14, 2024 Discussed in #6926 · 0 comments · Fixed by #6949
Closed
2 tasks done

bug(conan): Trivy doesn't parse the .conan2/p directory to detect the license for the v2 lock file. #6931

DmitriyLewen opened this issue Jun 14, 2024 Discussed in #6926 · 0 comments · Fixed by #6949
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #6926

Originally posted by manifestori June 14, 2024

Description

I have used Trivy to generate SBOMs for Conan projects using lockfiles v2.

Unfortuantly, even though its supported in V1, license parsing using cache dir doesn't work.
The root cause is:

	// cf. https://docs.conan.io/1/mastering/custom_cache.html
	cacheDir := os.Getenv("CONAN_USER_HOME")
	if cacheDir == "" {
		cacheDir, _ = os.UserHomeDir()
	}
	cacheDir = path.Join(cacheDir, ".conan", "data")

	if !fsutils.DirExists(cacheDir) {
		return nil, xerrors.Errorf("the Conan cache directory (%s) was not found.", cacheDir)
	}

It's an easy fix, but cacheDir = path.Join(cacheDir, ".conan", "data") is not the path for v2.
v2 uses ~/.conan2/p/ , so using CONAN_USER_HOME still won't work. even if you set it to ~/.conan2/p/ it will append data. thus, unable to parse license data from cache.

I have copied my files to v1 location and parsing went perfectly.

Desired Behavior

Licenses should be parse on lockfile v2

Actual Behavior

No license data was found in the non-existent cache.

Reproduction Steps

1.
2.
3.
...

Target

Filesystem

Scanner

None

Output Format

JSON

Mode

None

Debug Output

---

Operating System

OSX

Version

Version: 0.48.0

Checklist
@DmitriyLewen DmitriyLewen added kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning labels Jun 14, 2024
@DmitriyLewen DmitriyLewen self-assigned this Jun 17, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Jun 17, 2024
Merged
8 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(c): don't skip conan files from file-patterns and scan .conan2 cache dir DmitriyLewen/trivy
1 participant
@DmitriyLewen