C/C++

Introduction

JFrog Xray provides security and compliance analysis for C/C++ applications throughout the software development lifecycle. This page describes the supported scan contexts, capabilities, and dependency analysis available for C/C++.

Capabilities

Capability	Source Code Scanning	Binary Scanning
Vulnerability Matching (CVEs)	🔜	✅
License Detection	🔜	✅
Malicious Package Detection	❌	❌
Operational Risk	❌	❌
Smart Remediation	❌	❌

SCA capabilities for C/C++ are currently limited to the Conan package manager.

Supported Files

Package Manager	Supported Files
Conan	❌ Not supported

Additional Information

Binary scanning is the primary method for C/C++ SCA analysis. Frogbot V3 will add dependency extraction from Conan manifests for SBOM visibility.