## Summary In some cases our users have C and C++ projects that do not use a standard package manager to manage their dependencies. The DS Analyzer relies on manifest files to generate SBOMs, which are ultimately scanned for vulnerabilities and licenses. To increase the depth of our SCA scanning we should provide the ability to scan unmanaged C and C++ projects. This will increase our scanner language coverage and reduce the need for third-party tools to scan users entire project base. ### Proposal TBD