C++ and C Based Languages
C and C++ are among the most popular programming languages globally, used extensively in embedded systems, automotive applications, IoT devices, and performance-critical software. However, generating accurate SBOMs for C/C++ projects can be nuanced due to the absence of standardized package management.
The Challenge
Unlike modern languages that come with built-in package managers, C/C++ evolved before package management concepts existed. This creates several difficulties:
- No single source of truth for dependencies
- Various build systems (CMake, Make, Bazel)
- Multiple linking approaches (static vs dynamic)
- Legacy projects without package managers
Open-Source SBOM Generator Support
- Syft: Supports conan.lock files
- Trivy: Supports conan.lock files, with better license detection
- CDXGen: Attempts CMake parsing but with poor results
Manifest C++ Support
Manifest has multiple generators to reliably handle C++ applications not using a package manager. To test this, please ask your Manifest representative about C++ analysis. We are happy to help show you that C++ Generation can be accurate and reliable through the Manifest Scanner.
Updated about 22 hours ago