Add support for version 2 of conan.lock file in SCA

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

The dependency scan for C++ with conan package manager works by parsing the lock file “conan.lock”. The supported file format version of conan.lock file is “0.4” which gets generated with conan package manager version “1.x”. However, the latest conan package manager (version “2.0”) , generates conan.lock file with version “0.5” & this lock file does not seem to be parsed by gemnasium analyzer yet. Below is the error:

Implementation plan

Conan v2 lockfile specification: https://docs.conan.io/2.0/tutorial/versioning/lockfiles.html

Conan parser should be updated to support lockfile v2

• Update parser: https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/scanner/parser/conan/conan.go?ref_type=heads
• Split fixtures into v1 and v2: https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/tree/master/scanner/parser/conan/fixtures?ref_type=heads
  • Create similar structure for v2.