[feature request] Conan security audit #3263
Comments
|
This will relate mostly to Bintray and a warning message could be included in the client based on properties tagged by XRay. Would be an interesting feature for the future. |
|
In cargo-audit case there is no scanning service over the package, but I think XRay could be an excellent tool for the future. The audit data base could receive both results from XRay and alerts from the user. |
|
Currently there is no conan support in Xray. We are waiting for it too. My last information from JFrog is H1-2019. @danimtb there is already conan-io/conan-extensions#5 for package properties. Would be nice to get it which could also be used for this feature here. |
|
Hi @Aalmann, Since version 3.21.2 Xray supports Conan packages. We have just released a blogpost on how the basics of the integration works. I hope this is still useful for you. |
|
I'm closing this one as this seems already addressed by the Xray integration. |
To help us debug your issue please explain:
Hi!
I have followed Rust lang, including Cargo to filter some good features that could absorbed by Conan. Few days ago I read about cargo-audit on Twitter.
The idea is alert about packages with security vulnerabilities e.g OpenSSL/[<1.0.1g]@conan/stable heartbleed. They keep a database with known security flaws in Advisories.toml
Conan could provide some similar feature to alert about security flaws related to packages on Conan center, for example. The database could be open where anyone is able to create a PR and include a new advisory.
Conan version: 1.6.0
The text was updated successfully, but these errors were encountered: