Conan: [feature request] Conan security audit
To help us debug your issue please explain:
Hi!
I have followed Rust lang, including Cargo to filter some good features that could absorbed by Conan. Few days ago I read about cargo-audit on Twitter.
The idea is alert about packages with security vulnerabilities e.g OpenSSL/[<1.0.1g]@conan/stable heartbleed. They keep a database with known security flaws in Advisories.toml
Conan could provide some similar feature to alert about security flaws related to packages on Conan center, for example. The database could be open where anyone is able to create a PR and include a new advisory.
Conan version: 1.6.0
- [X] I've read the CONTRIBUTING guide.
- [X] I've specified the Conan version, operating system version and any tool that can be relevant.
- [X] I've explained the steps to reproduce the error or the motivation/use case of the question/suggestion.
uilianries
All 3 comments
This will relate mostly to Bintray and a warning message could be included in the client based on properties tagged by XRay. Would be an interesting feature for the future.
danimtb
on 13 Aug 2018
In cargo-audit case there is no scanning service over the package, but I think XRay could be an excellent tool for the future. The audit data base could receive both results from XRay and alerts from the user.
uilianries
on 13 Aug 2018
Currently there is no conan support in Xray. We are waiting for it too. My last information from JFrog is H1-2019.
@danimtb there is already #3061 for package properties. Would be nice to get it which could also be used for this feature here.
Aalmann
on 13 Oct 2018
Related issues
Adnn
路
3Comments
niosHD
路
3Comments
Polibif
路
3Comments
niosHD
路
3Comments
liberforce
路
3Comments
Most helpful comment
Currently there is no conan support in Xray. We are waiting for it too. My last information from JFrog is H1-2019.
@danimtb there is already #3061 for package properties. Would be nice to get it which could also be used for this feature here.