CybeDefend supports scanning C/C++ code for vulnerabilities in your source files and conan.lock for dependency management. By committing this lockfile to your repository, you enhance security scanning and ensure consistent builds.
  1. Adopt Conan (or Another Manager)
    If you rely on external libraries, use a package manager like Conan that can produce conan.lock.
  2. Generate & Commit conan.lock
    • Ensure you have a Conan profile set up: conan profile detect (if needed)
    • Run conan lock create . --lockfile-out=conan.lock to produce the lockfile.
    • Run conan install to install dependencies using your lockfile.
    • Commit conan.lock so everyone uses the exact same library versions.
  3. Keep a Clean Codebase
    Add any .deps/ or build artifacts to .gitignore so that only the lockfile and source are tracked.

Why You Should Use Lockfiles

Using a lockfile is critical for secure and predictable builds. A lockfile contains a fixed version and a hash for each dependency and sub-dependency in your project.
  1. Supply Chain Protection
    Lockfiles prevent malicious package injections. This is crucial as supply chain attacks are rising.
  2. Predictable Builds
    Everyone uses the exact same package versions, avoiding “it works on my machine” inconsistencies.
  3. Performance Gains
    With dependency versions locked, build tools skip the usual resolution step, making builds faster.
Lockfiles are never edited manually. They’re generated and updated by your package manager and committed to your repository, ensuring consistent environments for all teammates.

Generating a Conan Lockfile

For Conan 2.x projects, use the following command in your project directory: 
conan lock create . --lockfile-out=conan.lock
For older Conan 1.x projects, use: 
conan lock create conanfile.py --lockfile=conan.lock

Supported Files for C/C++

File Examples
conan.lock, CMakeLists.txt, .cpp, .h, conanfile.py, conanfile.txt
CybeDefend can detect vulnerabilities in known C/C++ libraries if your lockfile references them. Without a lockfile, your scanning might be incomplete or prone to version ambiguity.
Always re-run conan lock create after updating library versions, and commit the new lockfile to keep CybeDefend scanning accurate.