CybeDefend supports scanning C/C++ code for vulnerabilities in your source files and conan.lock for dependency management. By committing this lockfile to your repository, you enhance security scanning and ensure consistent builds.

  1. Adopt Conan (or Another Manager)
    If you rely on external libraries, use a package manager like Conan that can produce conan.lock.
  2. Generate & Commit conan.lock
    • Run conan install (or equivalent) to produce the lockfile.
    • Commit conan.lock so everyone uses the exact same library versions.
  3. Keep a Clean Codebase
    Add any .deps/ or build artifacts to .gitignore so that only the lockfile and source are tracked.

Why You Should Use Lockfiles

Using a lockfile is critical for secure and predictable builds. A lockfile contains a fixed version and a hash for each dependency and sub-dependency in your project.

  1. Supply Chain Protection
    Lockfiles prevent malicious package injections. This is crucial as supply chain attacks are rising.
  2. Predictable Builds
    Everyone uses the exact same package versions, avoiding “it works on my machine” inconsistencies.
  3. Performance Gains
    With dependency versions locked, build tools skip the usual resolution step, making builds faster.

Lockfiles are never edited manually. They’re generated and updated by your package manager and committed to your repository, ensuring consistent environments for all teammates.

Supported Files for C/C++

File Examples
conan.lock, CMakeLists.txt, .cpp, .h

CybeDefend can detect vulnerabilities in known C/C++ libraries if your lockfile references them. Without a lockfile, your scanning might be incomplete or prone to version ambiguity.

Always re-run conan install or conan lock create after updating library versions, and commit the new lockfile to keep CybeDefend scanning accurate.