Xray supports scanning C/C++ packages as build-dependencies only. The following steps are required:
Create a build-info listing all the C/C++ packages you want to scan. Refer to the Build-info Creation example.
Upload the build to Artifactory, and perform an Xray scan.
For more information, see the Build Upload REST API .
Note
This process requires creating and uploading C/C++ build-info manually in accordance with the build-info schema. It also requires the listing of all the C/C++ libraries to be scanned. For each component you need to provide name and version; vendor is optional.
In the BuildInfo, do the following:
Specify a cpp module, and set
cpp
as the modules type.In the dependencies section, list all of the cpp components of your build. Each cpp component must contain:
Sha1
ID: Consists of the component's vendor, name and version, in the form: "
[vendor]:name:version
". Please note that the 'vendor' field is optional.
C/C++ Info Example:
{ "version": "1.0.1", "name": "MyBuildName", "number": "42", "type": "GENERIC", "started": "2021-01-19T15:47:52.000Z", "buildAgent": { "name": "Private builder", "version": "1.0" }, "modules": [ { "id": "<MODULE-ID>", "type": "cpp", "dependencies": [ { "sha1": "<SHA1>", "md5": "<MD5>", "id": "<vendor1>:<name1>:<version1>", "type": "cpp" }, { "sha1": "<SHA1>", "md5": "<MD5>", "id": "<vendor2>:<name2>:<version2>", "type": "cpp" } ] } ] }
Build-info Creation Example :
# Choose between A or B or C (depending where your dependencies are located) : # # A. add Build info dependencies located on the local disk # ##### jfrog rt bad myLibs/ cpp_build 1 # # B. add Build info dependencies located in Artifactory # ##### jfrog rt bad mcy-cpp-deps/ --from-rt=true cpp_build 1 # # C. add Build info dependencies by downloading them from Artifactory # #### jfrog rt dl mcy-cpp-deps/ cpp_build 1 # generate Build info and save it as JSON file jfrog rt bp --dry-run=true cpp_build 1 > build_info.json # the following command will : # 1. add type=cpp to the module # 2. add type=cpp for each dependency # 3. update the component id for each dependency jq '.modules[] += {"type":"cpp"}' build_info.json |\ jq '.modules[].dependencies[] += {"type":"cpp"}' |\ jq '(.modules[].dependencies[] | select(.id == "Poco.dll" ) | .id) |= "poco:1.8.0"' |\ jq '(.modules[].dependencies[] | select(.id == "libcurl.dll" ) | .id) |= "haxx:libcurl:7.70.0"' |\ jq '(.modules[].dependencies[] | select(.id == "sqlite.dll" ) | .id) |= "sqlite:3.15.1"' |\ jq '(.modules[].dependencies[] | select(.id == "zlib.dll" ) | .id) |= "zlib:1.2.0"' > build_info_xray.json # upload build info jfrog rt curl -XPUT /api/build -H "Content-Type: application/json" -T build_info_xray.json