> Integration > Conan Xray

JFrog +

Conan Package Manager
Xray scans Conan packages, as well as C and C++ builds, deployed to JFrog Artifactory. It provides an analysis of all of the open source components and dependencies. The package scan results are integrated into your software component graph along with detailed metadata information.

WHAT XRAY AND CONAN INTEGRATION MEANS TO YOU

Self-Hosted or Cloud Versions

Identify Security Vulnerabilities and License Compliance Issues

JFROG
ARTIFACTORY

Conan Package Manager

Impact Analysis

Enterprise Ready

Fully Integrated with Your CI/CD Pipeline

Continuous Monitoring

Self-Hosted or Cloud Versions


Self-Hosted - Self-managed. Install, manage, and maintain on your own hardware or host in the cloud yourself.

Cloud - Software as a Service (SaaS). JFrog manages, maintains and scales with guaranteed uptime. Xray Cloud uses Kubernetes technology. We support AWS, Azure and GCP platforms.

Identify Security Vulnerabilities and License Compliance Issues

Xray scans Conan packages, as well as C and C++ builds, deployed to JFrog Artifactory. It provides an analysis of all of the open source components and dependencies. The package scan results are integrated into your software component graph along with detailed metadata information.

Impact Analysis

When a vulnerability is detected, Xray shows you all of the Conan packages that contain the infected artifact so you can instantly understand the impact that any vulnerable layer has on all packages in your system.

Enterprise Ready

As scaling complexity grows, the need for software composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire component graph and identify the real impact of every violation found. This can help you reduce the time, risk and cost of delivering changes by allowing for more incremental updates to applications in production. Xray's highly available active-active cluster architecture ensures continuous security and governance to your software packages. Scale your environment to as many nodes as you need and enhance Xray's performance by delegating all shared workload across available cluster nodes. Seamlessly and instantly synchronize all data, configuration, cached objects and scheduled job changes across all cluster nodes.

Fully Integrated with Your CI/CD Pipeline

Through Xray’s integration with common CI servers, you can stop infected builds from ever getting to your repositories. During the build process, Xray will notify your CI server if an infected Conan build (built with the Conan build tool) is being included in your Conan packages, so the build can be halted before completion.

Continuous Monitoring

Even when packages uploaded to your Conan repositories in Artifactory are given a clean bill of health, Xray continues to scan them to make sure they are not infected with any new vulnerabilities that are registered with Xray’s global vulnerability database.