- add conan.lock to the list

README.md

@@ -109,6 +109,7 @@ osv-scanner --sbom=/path/to/your/sbom.json
 
 A wide range of lockfiles are supported by utilizing this [lockfile package](https://github.com/google/osv-scanner/tree/main/pkg/lockfile). This is the current list of supported lockfiles:
 
+- `conan.lock`
 - `Cargo.lock`
 - `package-lock.json`
 - `packages.lock.json`

pkg/lockfile/ecosystems.go

@@ -12,5 +12,6 @@ func KnownEcosystems() []Ecosystem {
 		MavenEcosystem,
 		PipEcosystem,
 		PubEcosystem,
+		ConanEcosystem,
 	}
 }

pkg/lockfile/fixtures/conan/empty.v1.json

@@ -0,0 +1,15 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "path": "conanfile.py",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/empty.v1.revisions.json

@@ -0,0 +1,15 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "path": "conanfile.py",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/empty.v2.json

@@ -0,0 +1,6 @@
+{
+    "version": "0.5",
+    "requires": [],
+    "build_requires": [],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/nested-dependencies.v1.json

@@ -0,0 +1,62 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nfreetype:fPIC=True\nfreetype:shared=False\nfreetype:subpixel=False\nfreetype:with_brotli=True\nfreetype:with_bzip2=True\nfreetype:with_png=True\nfreetype:with_zlib=True\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "freetype/2.12.1",
+       "options": "fPIC=True\nshared=False\nsubpixel=False\nwith_brotli=True\nwith_bzip2=True\nwith_png=True\nwith_zlib=True\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "bca7b8880d98719d556dd526ce612be20a815922",
+       "prev": "0",
+       "requires": [
+        "2",
+        "3",
+        "4",
+        "5"
+       ],
+       "context": "host"
+      },
+      "2": {
+       "ref": "libpng/1.6.39",
+       "options": "api_prefix=\nfPIC=True\nshared=False\nsse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "d5b3dc27faecfb4eb94086722000dd65bb9e6bff",
+       "prev": "0",
+       "requires": [
+        "3"
+       ],
+       "context": "host"
+      },
+      "3": {
+       "ref": "zlib/1.2.13",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "0",
+       "context": "host"
+      },
+      "4": {
+       "ref": "bzip2/1.0.8",
+       "options": "build_executable=True\nfPIC=True\nshared=False",
+       "package_id": "91a8b22c2c5a149bc617cfc06cdd21bf23b12567",
+       "prev": "0",
+       "context": "host"
+      },
+      "5": {
+       "ref": "brotli/1.0.9",
+       "options": "enable_debug=False\nenable_log=False\nenable_portable=False\nenable_rbit=True\nendianness=None\nfPIC=True\nshared=False\ntarget_bits=None",
+       "package_id": "bfdbb855937046dc347fec082c59cb7f733e8855",
+       "prev": "0",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/nested-dependencies.v1.revisions.json

@@ -0,0 +1,62 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nfreetype:fPIC=True\nfreetype:shared=False\nfreetype:subpixel=False\nfreetype:with_brotli=True\nfreetype:with_bzip2=True\nfreetype:with_png=True\nfreetype:with_zlib=True\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "freetype/2.12.1#7e1b67634f54f38a979bbad44fd09a2c",
+       "options": "fPIC=True\nshared=False\nsubpixel=False\nwith_brotli=True\nwith_bzip2=True\nwith_png=True\nwith_zlib=True\nbrotli:enable_debug=False\nbrotli:enable_log=False\nbrotli:enable_portable=False\nbrotli:enable_rbit=True\nbrotli:endianness=None\nbrotli:fPIC=True\nbrotli:shared=False\nbrotli:target_bits=None\nbzip2:build_executable=True\nbzip2:fPIC=True\nbzip2:shared=False\nlibpng:api_prefix=\nlibpng:fPIC=True\nlibpng:shared=False\nlibpng:sse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "bca7b8880d98719d556dd526ce612be20a815922",
+       "prev": "400c9a65b20f791ea05c47eb6817e80a",
+       "requires": [
+        "2",
+        "3",
+        "4",
+        "5"
+       ],
+       "context": "host"
+      },
+      "2": {
+       "ref": "libpng/1.6.39#7927e8ce5b2576a6ea497c6ca70e9751",
+       "options": "api_prefix=\nfPIC=True\nshared=False\nsse=True\nzlib:fPIC=True\nzlib:shared=False",
+       "package_id": "d5b3dc27faecfb4eb94086722000dd65bb9e6bff",
+       "prev": "3e3b7f79b03c52ab932089560ea2eb56",
+       "requires": [
+        "3"
+       ],
+       "context": "host"
+      },
+      "3": {
+       "ref": "zlib/1.2.13#13c96f538b52e1600c40b88994de240f",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "562e6cc3d7987119418780e5c5697342",
+       "context": "host"
+      },
+      "4": {
+       "ref": "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008",
+       "options": "build_executable=True\nfPIC=True\nshared=False",
+       "package_id": "91a8b22c2c5a149bc617cfc06cdd21bf23b12567",
+       "prev": "94d2f51be78e63879215a3b2ba014fda",
+       "context": "host"
+      },
+      "5": {
+       "ref": "brotli/1.0.9#4bfbb302b87df342ccd6a2b5fdad307a",
+       "options": "enable_debug=False\nenable_log=False\nenable_portable=False\nenable_rbit=True\nendianness=None\nfPIC=True\nshared=False\ntarget_bits=None",
+       "package_id": "bfdbb855937046dc347fec082c59cb7f733e8855",
+       "prev": "c2eaa7784f2988c35d8b8925a783e73b",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/nested-dependencies.v2.json

@@ -0,0 +1,12 @@
+{
+    "version": "0.5",
+    "requires": [
+        "zlib/1.2.13#13c96f538b52e1600c40b88994de240f%1667396813.733",
+        "libpng/1.6.39#7927e8ce5b2576a6ea497c6ca70e9751%1669038072.946",
+        "freetype/2.12.1#7e1b67634f54f38a979bbad44fd09a2c%1669913185.923",
+        "bzip2/1.0.8#464be69744fa6d48ed01928cfe470008%1666580345.213",
+        "brotli/1.0.9#4bfbb302b87df342ccd6a2b5fdad307a%1661519995.45"
+    ],
+    "build_requires": [],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/not-json.txt

@@ -0,0 +1 @@
+this is not json!

pkg/lockfile/fixtures/conan/old-format-0.0.json

@@ -0,0 +1,18 @@
+{
+    "profile": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "05b715be-7ec7-11ed-8a66-b537134a228d": {
+       "pref": null,
+       "options": "zlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11@bincrafters/testing#5f4917ce0a630b102f472afd00102d40": "05b715bd-7ec7-11ed-8a66-b537134a228d"
+       }
+      },
+      "05b715bd-7ec7-11ed-8a66-b537134a228d": {
+       "pref": "zlib/1.2.11@bincrafters/testing#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    }
+   }

pkg/lockfile/fixtures/conan/old-format-0.1.json

@@ -0,0 +1,20 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "1058d05a-7ec6-11ed-8a66-b537134a228d": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40": "1058d059-7ec6-11ed-8a66-b537134a228d"
+       },
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1058d059-7ec6-11ed-8a66-b537134a228d": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    },
+    "version": "0.1"
+   }

pkg/lockfile/fixtures/conan/old-format-0.2.json

@@ -0,0 +1,20 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": {
+        "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40": "1"
+       },
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False"
+      }
+     }
+    },
+    "version": "0.2"
+   }

pkg/lockfile/fixtures/conan/old-format-0.3.json

@@ -0,0 +1,21 @@
+{
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n",
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "pref": "test/1.0:2ce08bf790c58b729dda567426e810ed5e35e513",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:minizip=False\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "/home/sse4/projects/conan_test/v1/conanfile.py"
+      },
+      "1": {
+       "pref": "zlib/1.2.11#5f4917ce0a630b102f472afd00102d40:19729b9559f3ae196cad45cb2b97468ccb75dcd1#58846c4ed127f63e9c88c5be5190a6d9",
+       "options": "fPIC=True\nminizip=False\nshared=False",
+       "modified": "built"
+      }
+     }
+    },
+    "version": "0.3"
+   }

pkg/lockfile/fixtures/conan/one-package-dev.v1.json

@@ -0,0 +1,25 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "build_requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "ninja/1.11.1",
+       "options": "",
+       "package_id": "24647d9fe8ec489125dfbae4b3ebefaf7581674c",
+       "prev": "0",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/one-package-dev.v1.revisions.json

@@ -0,0 +1,25 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False",
+       "build_requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "ninja/1.11.1#a2f0b832705907016f336839f96963f8",
+       "options": "",
+       "package_id": "24647d9fe8ec489125dfbae4b3ebefaf7581674c",
+       "prev": "d894345ae9996c9b97f1cb4150051c25",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": true
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }

pkg/lockfile/fixtures/conan/one-package-dev.v2.json

@@ -0,0 +1,8 @@
+{
+    "version": "0.5",
+    "requires": [],
+    "build_requires": [
+        "ninja/1.11.1#a2f0b832705907016f336839f96963f8%1667050636.338"
+    ],
+    "python_requires": []
+}

pkg/lockfile/fixtures/conan/one-package.v1.json

@@ -0,0 +1,25 @@
+{
+    "graph_lock": {
+     "nodes": {
+      "0": {
+       "ref": "test/1.0",
+       "options": "fPIC=True\nshared=False\nzlib:fPIC=True\nzlib:shared=False",
+       "requires": [
+        "1"
+       ],
+       "path": "conanfile.py",
+       "context": "host"
+      },
+      "1": {
+       "ref": "zlib/1.2.11",
+       "options": "fPIC=True\nshared=False",
+       "package_id": "19729b9559f3ae196cad45cb2b97468ccb75dcd1",
+       "prev": "0",
+       "context": "host"
+      }
+     },
+     "revisions_enabled": false
+    },
+    "version": "0.4",
+    "profile_host": "[settings]\narch=x86_64\narch_build=x86_64\nbuild_type=Release\ncompiler=gcc\ncompiler.libcxx=libstdc++\ncompiler.version=10\nos=Linux\nos_build=Linux\n[options]\n[build_requires]\n[env]\n"
+   }