Write conan manifest collector
ken-duck opened this issue · comments
Conan has 3 different styles of manifest and a lock file. We want to identify those files if they exist in the 'workdir' or associated directories and add the information to the BOM.
Acceptance Criteria:
- Identify any conan manifests which are related to the binary being built. This may involve looking in multiple directories based on the "workdir" or other related directories.
- Parse the conan manifest files to pull out package and version information
- Return the conan package PURLs. Ensure that the
pkg:cpp/...
style is used since we don't know where the vulnerability information will be stored.