{"id":13407670,"url":"https://github.com/conan-io/conan","last_synced_at":"2026-02-04T11:22:17.089Z","repository":{"id":36967266,"uuid":"47190624","full_name":"conan-io/conan","owner":"conan-io","description":"Conan - The open-source C and C++ package manager","archived":false,"fork":false,"pushed_at":"2025-09-04T06:09:09.000Z","size":32945,"stargazers_count":8929,"open_issues_count":856,"forks_count":1057,"subscribers_count":131,"default_branch":"develop2","last_synced_at":"2025-09-04T06:32:12.922Z","etag":null,"topics":["c","cmake","conan","cplusplus","cpp","multi-platform","package-manager"],"latest_commit_sha":null,"homepage":"https://conan.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/conan-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-12-01T13:17:02.000Z","updated_at":"2025-09-04T05:41:07.000Z","dependencies_parsed_at":"2023-10-20T19:01:00.661Z","dependency_job_id":"62b2b329-7de7-4178-83c7-63e1c0c6a935","html_url":"https://github.com/conan-io/conan","commit_stats":{"total_commits":7068,"total_committers":435,"mean_commits":"16.248275862068965","dds":0.5888511601584607,"last_synced_commit":"2c694ac58f1d6e28ca17dfaef1313daaeb7ab128"},"previous_names":[],"tags_count":350,"template":false,"template_full_name":null,"purl":"pkg:github/conan-io/conan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conan-io%2Fconan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conan-io%2Fconan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conan-io%2Fconan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conan-io%2Fconan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/conan-io","download_url":"https://codeload.github.com/conan-io/conan/tar.gz/refs/heads/develop2","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/conan-io%2Fconan/sbom","scorecard":{"id":301995,"data":{"date":"2025-08-11","repo":{"name":"github.com/conan-io/conan","commit":"81ff8275d3962b278c11e4700432429deb77da16"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":8,"reason":"Found 25/30 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/linux-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/osx-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/win-tests.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: 2.19.1-SHA-256.txt.asc: https://github.com/conan-io/conan/releases/tag/2.19.1","Info: signed release artifact: 2.19.0-SHA-256.txt.asc: https://github.com/conan-io/conan/releases/tag/2.19.0","Info: signed release artifact: 2.18.1-SHA-256.txt.asc: https://github.com/conan-io/conan/releases/tag/2.18.1","Info: signed release artifact: 2.18.0-SHA-256.txt.asc: https://github.com/conan-io/conan/releases/tag/2.18.0","Info: signed release artifact: 2.17.1-SHA-256.txt.asc: https://github.com/conan-io/conan/releases/tag/2.17.1","Warn: release artifact 2.19.1 does not have provenance: https://api.github.com/repos/conan-io/conan/releases/236168301","Warn: release artifact 2.19.0 does not have provenance: https://api.github.com/repos/conan-io/conan/releases/234627732","Warn: release artifact 2.18.1 does not have provenance: https://api.github.com/repos/conan-io/conan/releases/229951709","Warn: release artifact 2.18.0 does not have provenance: https://api.github.com/repos/conan-io/conan/releases/228801532","Warn: release artifact 2.17.1 does not have provenance: https://api.github.com/repos/conan-io/conan/releases/227008536"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-tests.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/linux-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/main.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/osx-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/win-tests.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/win-tests.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/conan-io/conan/win-tests.yml/develop2?enable=pin","Warn: containerImage not pinned by hash: test/functional/command/dockerfiles/Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: test/functional/command/dockerfiles/Dockerfile_args:2","Warn: containerImage not pinned by hash: test/functional/command/dockerfiles/Dockerfile_ninja:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: test/functional/command/dockerfiles/Dockerfile_profile_detect:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: test/functional/command/dockerfiles/Dockerfile_test:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: pipCommand not pinned by hash: test/functional/command/dockerfiles/Dockerfile:11","Warn: pipCommand not pinned by hash: test/functional/command/dockerfiles/Dockerfile_args:12","Warn: pipCommand not pinned by hash: test/functional/command/dockerfiles/Dockerfile_ninja:12","Warn: pipCommand not pinned by hash: test/functional/command/dockerfiles/Dockerfile_profile_detect:11","Warn: pipCommand not pinned by hash: test/functional/command/dockerfiles/Dockerfile_test:11","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:83","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:84","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:85","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:86","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:87","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:122","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:123","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:124","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:125","Warn: pipCommand not pinned by hash: .github/workflows/linux-tests.yml:126","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:74","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:105","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:106","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:36","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:163","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:164","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:165","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:166","Warn: pipCommand not pinned by hash: .github/workflows/osx-tests.yml:167","Info:   0 out of  27 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of  28 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/linux-tests.yml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":0,"reason":"41 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2019-217 / GHSA-462w-v97r-4m45","Warn: Project is vulnerable to: PYSEC-2014-8 / GHSA-8r7q-cvjq-x353","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: PYSEC-2014-82 / GHSA-fqh9-2qgg-h84h","Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: PYSEC-2019-220 / GHSA-hj2j-77xm-mc5v","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: PYSEC-2015-17","Warn: Project is vulnerable to: PYSEC-2023-74","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: PYSEC-2023-207 / GHSA-gwvm-45gx-3cf8","Warn: Project is vulnerable to: PYSEC-2019-133 / GHSA-mh33-7rrq-662w","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2019-132 / GHSA-r64q-w8jr-g9qp","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: PYSEC-2020-148 / GHSA-wqvq-5m8c-6g24","Warn: Project is vulnerable to: PYSEC-2018-32 / GHSA-www2-v7xj-xrc6","Warn: Project is vulnerable to: PYSEC-2021-108","Warn: Project is vulnerable to: PYSEC-2021-59","Warn: Project is vulnerable to: PYSEC-2021-129 / GHSA-qhx9-7hx7-cp4r","Warn: Project is vulnerable to: PYSEC-2022-227 / GHSA-xhp9-4947-rq78","Warn: Project is vulnerable to: PYSEC-2017-24 / GHSA-r9jw-mwhq-wp62","Warn: Project is vulnerable to: PYSEC-2013-22 / GHSA-27x4-j476-jp5f","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: PYSEC-2018-19 / GHSA-232r-66cg-79px","Warn: Project is vulnerable to: PYSEC-2008-8 / GHSA-wqmm-q65g-2hqr","Warn: Project is vulnerable to: PYSEC-2022-166","Warn: Project is vulnerable to: PYSEC-2016-24","Warn: Project is vulnerable to: PYSEC-2022-202"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T20:53:39.909Z","repository_id":36967266,"created_at":"2025-08-17T20:53:39.910Z","updated_at":"2025-08-17T20:53:39.910Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274339126,"owners_count":25267283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cmake","conan","cplusplus","cpp","multi-platform","package-manager"],"created_at":"2024-07-30T20:00:46.611Z","updated_at":"2026-02-04T11:22:17.076Z","avatar_url":"https://github.com/conan-io.png","language":"Python","funding_links":[],"categories":["HarmonyOS","Python","\u003ca id=\"tag-dev\" href=\"#tag-dev\"\u003eDev\u003c/a\u003e","Package Manager","Package Management / Build Systems","c","Tools","Resources","Package Managers","package manager"],"sub_categories":["Windows Manager","\u003ca id=\"tag-dev.pkg_mgr\" href=\"#tag-dev.pkg_mgr\"\u003ePackage Managers\u003c/a\u003e","UI Test Automation Scripting","Official links","RPC (_Remote Procedure Call_)"],"readme":"\u003cpicture\u003e\n  \u003c!-- These are also used for https://github.com/conan-io/.github/blob/main/profile/README.md --\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/conan-io/conan/develop2/.github/conan2-logo-for-dark.svg\"\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/conan-io/conan/develop2/.github/conan2-logo-for-light.svg\"\u003e\n  \u003cimg alt=\"JFrog | Conan 2.0 Logo\" src=\"https://raw.githubusercontent.com/conan-io/conan/develop2/.github/conan2-logo-with-bg.svg\"\u003e\n\u003c/picture\u003e\n\n# Conan\n\nDecentralized, open-source (MIT), C/C++ package manager.\n\n- Homepage: https://conan.io/\n- Github: https://github.com/conan-io/conan\n- Docs: https://docs.conan.io\n- Slack: https://cpplang.slack.com (#conan channel. Please, click [here](https://cppalliance.org/slack/#cpp-slack) to get an invitation)\n- Twitter: https://twitter.com/conan_io\n- Blog: https://blog.conan.io\n- Security reports: https://jfrog.com/trust/report-vulnerability\n\n\nConan is a package manager for C and C++ developers:\n\n- It is fully decentralized. Users can host their packages on their servers, privately. Integrates with Artifactory and Bintray.\n- Portable. Works across all platforms, including Linux, OSX, Windows (with native and first-class support, WSL, MinGW),\n  Solaris, FreeBSD, embedded and cross-compiling, docker, WSL\n- Manage binaries. It can create, upload and download binaries for any configuration and platform,\n  even cross-compiling, saving lots of time in development and continuous integration. The binary compatibility can be configured\n  and customized. Manage all your artifacts in the same way on all platforms.\n- Integrates with any build system, including any proprietary and custom one. Provides tested support for major build systems\n  (CMake, MSBuild, Makefiles, Meson, etc).\n- Extensible: Its Python-based recipes, together with extension points allow for great power and flexibility.\n- Large and active community, especially in GitHub (https://github.com/conan-io/conan) and Slack (https://cppalliance.org/slack/ #conan channel).\n  This community also creates and maintains packages in ConanCenter and Bincrafters repositories in Bintray.\n- Stable. Used in production by many companies, since 1.0 there is a commitment not to break package recipes and documented behavior.\n\n\nThis is the **developer/maintainer** documentation. For user documentation, go to https://docs.conan.io\n\n\n## Setup\n\nYou can run Conan from source in Windows, MacOS, and Linux:\n\n- **Install pip following** [pip docs](https://pip.pypa.io/en/stable/installation/).\n\n- **Clone Conan repository:**\n\n  ```bash\n  $ git clone https://github.com/conan-io/conan.git conan-io\n  ```\n\n  \u003e **Note**: repository directory name matters, some directories are known to be problematic to run tests (e.g. `conan`). `conan-io` directory name was tested and guaranteed to be working.\n\n- **Install in editable mode**\n\n  ```bash\n  $ cd conan-io \u0026\u0026 sudo pip install -e .\n  ```\n\n  If you are in Windows, using ``sudo`` is not required. Some Linux distros won't allow you to put Python packages in editable mode in the root Python installation, and creating a virtual environment ``venv`` first, is mandatory.\n\n- **You are ready, try to run Conan:**\n\n  ```bash\n  $ conan --help\n\n  Consumer commands\n    install    Installs the requirements specified in a recipe (conanfile.py or conanfile.txt).\n    ...\n\n    Conan commands. Type \"conan \u003ccommand\u003e -h\" for help\n  ```\n\n## Contributing to the project\n\n\nFeedback and contribution are always welcome in this project.\nPlease read our [contributing guide](https://github.com/conan-io/conan/blob/develop2/.github/CONTRIBUTING.md).\nAlso, if you plan to contribute, please add some testing for your changes. You can read the [Conan\ntests guidelines section](https://github.com/conan-io/conan/blob/develop2/test/README.md) for\nsome advice on how to write tests for Conan.\n\n### Running the tests\n\n\n**Install Python requirements**\n\n```bash\n$ python -m pip install -r conans/requirements.txt\n$ python -m pip install -r conans/requirements_server.txt\n$ python -m pip install -r conans/requirements_dev.txt\n```\n\nIf you are not on Windows and you are not using a Python virtual environment, you will need to run these\ncommands using `sudo`.\n\nBefore you can run the tests, you need to set a few environment variables first.\n\n```bash\n$ export PYTHONPATH=$PYTHONPATH:$(pwd)\n```\n\nOn Windows it would be (while being in the Conan root directory):\n\n```bash\n$ set PYTHONPATH=.\n```\n\nConan test suite defines and configures some required tools (CMake, Ninja, etc) in the\n``conftest.py`` and allows to define a custom ``conftest_user.py``.\nSome specific versions, like cmake\u003e=3.15 are necessary.\n\n\nYou can run the tests like this:\n\n```bash\n$ python -m pytest .\n```\n\nA few minutes later it should print ``OK``:\n\n```bash\n............................................................................................\n----------------------------------------------------------------------\nRan 146 tests in 50.993s\n\nOK\n```\n\nTo run specific tests, you can specify the test name too, something like:\n\n```bash\n$ python -m pytest test/functional/command/export_test.py::TestRevisionModeSCM::test_revision_mode_scm -s\n```\n\nThe `-s` argument can be useful to see some output that otherwise is captured by *pytest*.\n\nAlso, you can run tests against an instance of Artifactory. Those tests should add the attribute\n`artifactory_ready`.\n\n```bash\n$ python -m pytest . -m artifactory_ready\n```\n\nSome environment variables have to be defined to run them. For example, for an\nArtifactory instance that is running on the localhost with default user and password configured, the\nvariables could take the values:\n\n```bash\n$ export CONAN_TEST_WITH_ARTIFACTORY=1\n$ export ARTIFACTORY_DEFAULT_URL=http://localhost:8081/artifactory\n$ export ARTIFACTORY_DEFAULT_USER=admin\n$ export ARTIFACTORY_DEFAULT_PASSWORD=password\n```\n\n`ARTIFACTORY_DEFAULT_URL` is the base URL for the Artifactory repo, not one for a specific\nrepository. Running the tests with a real Artifactory instance will create repos on the fly so please\nuse a separate server for testing purposes.\n\n## License\n\n[MIT LICENSE](LICENSE.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconan-io%2Fconan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fconan-io%2Fconan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconan-io%2Fconan/lists"}