From a6c2903a42c8655cc8efe08dedd9aa12bb51e9fe Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 13:46:51 +0200
Subject: [PATCH 01/19] Add first revision

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 .../2025-04-21-Conan-Github-Action.markdown   | 99 +++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 _posts/2025-04-21-Conan-Github-Action.markdown

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
new file mode 100644
index 00000000..6768bcc7
--- /dev/null
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -0,0 +1,99 @@
+---
+layout: post
+comments: false
+title: "Speeding Up Your GitHub Builds with the Official Conan Action"
+meta_title: "A GitHub Action for Conan - Conan Blog"
+description: "Integrate Conan into your GitHub Actions workflow with the new Conan Action."
+keywords: "C++, C, GitHub, CI, CD, Workflow"
+permalink: /conan-github-action/
+---
+
+In modern software development, continuous integration and delivery (CI/CD) pipelines are essential for maintaining fast, reliable, and efficient workflows. However, managing and configuring the CI script in these pipelines can often be a bottleneck.
+
+Github Actions is a platform that helps automate software workflows, including installing dependencies, running tests, and deploying applications. However, the time it takes to setup tools dependencies can significantly increase the maintenance cost of the CI script.
+
+To accelerate the setup of a GitHub Action, the platform supports extensions, which are reusable components that can be shared across different workflows and are exposed via GitHub Marketplace. These extensions can be used to speed up the setup of tools dependencies, such as Conan.
+
+In this article, we will explore how to use Conan to speed up your GitHub Action and improve the efficiency of your CI/CD pipeline.
+
+## Conan client in GitHub Actions
+
+The GitHub Marketplace can have multiple non-official extensions for the same tool, creating a situation where users have to choose between them, checking the documentation, maintenance, security, community interaction, license, and other factors. In order to avoid this situation, Conan has its own official GitHub Action, which is maintained by the Conan team and is available in the GitHub Marketplace. This action is designed to be used in GitHub Actions workflows and provides a simple way to install and configure Conan in your CI/CD pipeline.
+
+This new GitHub Action is designed to be used in GitHub Actions workflows and provides a simple way to install and configure Conan in your CI/CD pipeline. It is available in the GitHub Marketplace and can be easily integrated into your existing workflows. It also have some initial features to improve its usage and speed up the setup of Conan in the CI pipeline when building multiple times, including:
+
+* Caching Conan packages: The action can cache Conan packages to speed up the installation process. This is particularly useful when building multiple times, as it reduces the time spent downloading and installing dependencies. The cache is restored automatically when the action is run, so you don't have to worry about managing it yourself. By default, the action will not cache the Conan packages.
+
+* Custom Conan home folder: The action allows you to specify a custom Conan home folder, which can be used to store the Conan cache and other configuration files. This is useful when you want to share the cache between different jobs or workflows, or when you want to use a specific location for the Conan home folder. By default, the action will use the default Conan home folder, which is located in the workstation home directory.
+
+* Conan version: Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest version of Conan available in the `pypi.org`.
+
+* Conan Audit token: The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
+By default, the action will not use a Conan Audit token.
+
+* Configuration installation: The action allows you to specify a list of URLs to install configuration files from. This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
+
+* Python version: The action allows you to specify the Python version to use in your workflow. This is useful when you want share the same Python version between Conan and your workflow. By default, the action will use the Python version 3.10.
+
+## Using the Conan GitHub Action in a workflow
+
+As real example, we will use the Conan GitHub Action in a nightly build workflow.
+This workflow will run every night and will build the latest version of the project using Conan.
+
+First, to use the Conan GitHub Action in a workflow, it's just needed to add it to the workflow file using this simple syntax:
+
+```yaml
+- name: Setup Conan Client
+  uses: conan-io/setup-conan@v1
+```
+
+This section will install the latest version of Conan available in the `pypi.org` and configure it in your workflow.
+
+The the full workflow file will look like this:
+
+```yaml
+name: Nightly Conan Audit Scan
+on:
+  schedule:
+    - cron: '0 1 * * *'
+  workflow_dispatch:
+
+jobs:
+  conan:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Setup Conan Client
+      uses: conan-io/setup-conan@v1
+      with:
+        conan_audit_token: ${{ secrets.CONAN_AUDIT_TOKEN }}
+
+    - name: Scan Conan packages
+      run: |
+        conan audit scan . --format=json --out-file=output/conan-audit-report.json
+
+    - name: Archive Conan Audit report
+      uses: actions/upload-artifact@v4
+      with:
+        name: conan-audit-report
+        path: output/conan-audit-report.json
+
+    - name: Check High severity vulnerabilities
+      run: |
+        if [ -n $(jq -r '.. | select(.severity? == "High") | .severity' output/conan-audit-report.json) ]
+        then
+          echo "ERROR: High severity vulnerabilities found. Please check the report file for details."
+          exit 1
+        fi
+```
+
+This workflow will run every night at 01:00 a.m. UTC and will install the latest version of the project using Conan.
+It will also scan the Conan packages listed in the `conanfile.py` expected for vulnerabilities and upload the report as an artifact.
+The `conanfile.py` is expected to be present in the same repository.
+Finally, it will check if there are any **high** severity vulnerabilities and fail the workflow if any are found.
+
+## Conclusion
+
+In this article, we have explored how to use the Conan GitHub Action to speed up your GitHub workflow and improve the efficiency of your CI/CD pipeline. The Conan GitHub Action is a powerful tool that can help you automate the installation and configuration of Conan in your workflows, making it easier to manage dependencies and build your projects. For further documentation reading, please check the [Conan GitHub Action documentation](https://docs.conan.io/2/integrations/github.html). In case of any questions, bugs and feature requests, please file a [issue](https://github.com/conan-io/setup-conan/issues).

From 271a6c696d7cf4de76276d6f1702dd900f0c2ea0 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 13:58:24 +0200
Subject: [PATCH 02/19] Update post

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 .../2025-04-21-Conan-Github-Action.markdown   | 42 +++++++++----------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 6768bcc7..d8ba4e62 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -8,47 +8,44 @@ keywords: "C++, C, GitHub, CI, CD, Workflow"
 permalink: /conan-github-action/
 ---
 
-In modern software development, continuous integration and delivery (CI/CD) pipelines are essential for maintaining fast, reliable, and efficient workflows. However, managing and configuring the CI script in these pipelines can often be a bottleneck.
+In modern software development, fast and reliable CI/CD pipelines are essential. However, configuring and maintaining CI scripts—especially for dependency management can slow down your workflow and increase maintenance costs.
 
-Github Actions is a platform that helps automate software workflows, including installing dependencies, running tests, and deploying applications. However, the time it takes to setup tools dependencies can significantly increase the maintenance cost of the CI script.
+[GitHub Actions](https://github.com/features/actions) automates tasks like installing dependencies, running tests, and deploying applications. But setting up tool dependencies can be time-consuming. Fortunately, GitHub Actions supports reusable extensions from the [GitHub Marketplace](https://github.com/marketplace?type=actions), making it easier to manage tools like Conan.
 
-To accelerate the setup of a GitHub Action, the platform supports extensions, which are reusable components that can be shared across different workflows and are exposed via GitHub Marketplace. These extensions can be used to speed up the setup of tools dependencies, such as Conan.
+This article shows how to use the official [Conan GitHub Action](https://github.com/marketplace/actions/setup-conan-client) to speed up your builds and streamline your CI/CD pipeline.
 
-In this article, we will explore how to use Conan to speed up your GitHub Action and improve the efficiency of your CI/CD pipeline.
+## Why Use the Conan GitHub Action?
 
-## Conan client in GitHub Actions
+The official Conan GitHub Action, maintained by the Conan team, simplifies Conan setup in your workflows. It’s available on the GitHub Marketplace and is designed for easy integration and efficient dependency management. Using the official action ensures you benefit from ongoing maintenance, security, and community support.
 
-The GitHub Marketplace can have multiple non-official extensions for the same tool, creating a situation where users have to choose between them, checking the documentation, maintenance, security, community interaction, license, and other factors. In order to avoid this situation, Conan has its own official GitHub Action, which is maintained by the Conan team and is available in the GitHub Marketplace. This action is designed to be used in GitHub Actions workflows and provides a simple way to install and configure Conan in your CI/CD pipeline.
+### Features of the Conan GitHub Action
 
-This new GitHub Action is designed to be used in GitHub Actions workflows and provides a simple way to install and configure Conan in your CI/CD pipeline. It is available in the GitHub Marketplace and can be easily integrated into your existing workflows. It also have some initial features to improve its usage and speed up the setup of Conan in the CI pipeline when building multiple times, including:
+The Conan GitHub Action offers somre features to customize your workflow execution, including:
 
-* Caching Conan packages: The action can cache Conan packages to speed up the installation process. This is particularly useful when building multiple times, as it reduces the time spent downloading and installing dependencies. The cache is restored automatically when the action is run, so you don't have to worry about managing it yourself. By default, the action will not cache the Conan packages.
+- **Caching Conan packages:** The action can cache Conan packages to speed up the installation process. This is particularly useful when building multiple times, as it reduces the time spent downloading and installing dependencies. The cache is restored automatically when the action is run, so you don't have to worry about managing it yourself. By default, the action will not cache the Conan packages.
 
-* Custom Conan home folder: The action allows you to specify a custom Conan home folder, which can be used to store the Conan cache and other configuration files. This is useful when you want to share the cache between different jobs or workflows, or when you want to use a specific location for the Conan home folder. By default, the action will use the default Conan home folder, which is located in the workstation home directory.
+- **Custom Conan home folder:** The action allows you to specify a custom Conan home folder, which can be used to store the Conan cache and other configuration files. This is useful when you want to share the cache between different jobs or workflows, or when you want to use a specific location for the Conan home folder. By default, the action will use the default Conan home folder, which is located in the workstation home directory.
 
-* Conan version: Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest version of Conan available in the `pypi.org`.
+- **Conan version:** Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest version of Conan available in the `pypi.org`.
 
-* Conan Audit token: The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
+- **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
 By default, the action will not use a Conan Audit token.
 
-* Configuration installation: The action allows you to specify a list of URLs to install configuration files from. This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
+- **Configuration installation:** The action allows you to specify a list of URLs to install configuration files from. This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
 
-* Python version: The action allows you to specify the Python version to use in your workflow. This is useful when you want share the same Python version between Conan and your workflow. By default, the action will use the Python version 3.10.
+- **Python version:** The action allows you to specify the Python version to use in your workflow. This is useful when you want share the same Python version between Conan and your workflow. By default, the action will use the Python version 3.10.
 
-## Using the Conan GitHub Action in a workflow
+## How to Use the Conan Action in a Workflow
 
-As real example, we will use the Conan GitHub Action in a nightly build workflow.
-This workflow will run every night and will build the latest version of the project using Conan.
+Let’s look at a practical example: a nightly workflow that builds your project and scans for vulnerabilities using Conan.
 
-First, to use the Conan GitHub Action in a workflow, it's just needed to add it to the workflow file using this simple syntax:
+First, add the Conan Action to your workflow yaml file:
 
 ```yaml
 - name: Setup Conan Client
   uses: conan-io/setup-conan@v1
 ```
 
-This section will install the latest version of Conan available in the `pypi.org` and configure it in your workflow.
-
 The the full workflow file will look like this:
 
 ```yaml
@@ -89,11 +86,12 @@ jobs:
         fi
 ```
 
-This workflow will run every night at 01:00 a.m. UTC and will install the latest version of the project using Conan.
+This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan.
 It will also scan the Conan packages listed in the `conanfile.py` expected for vulnerabilities and upload the report as an artifact.
 The `conanfile.py` is expected to be present in the same repository.
-Finally, it will check if there are any **high** severity vulnerabilities and fail the workflow if any are found.
+Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found.
 
 ## Conclusion
 
-In this article, we have explored how to use the Conan GitHub Action to speed up your GitHub workflow and improve the efficiency of your CI/CD pipeline. The Conan GitHub Action is a powerful tool that can help you automate the installation and configuration of Conan in your workflows, making it easier to manage dependencies and build your projects. For further documentation reading, please check the [Conan GitHub Action documentation](https://docs.conan.io/2/integrations/github.html). In case of any questions, bugs and feature requests, please file a [issue](https://github.com/conan-io/setup-conan/issues).
+The Conan GitHub Action streamlines dependency management and security scanning in your CI/CD workflows. It helps you automate Conan installation and configuration, making your builds faster and more reliable.
+For further documentation reading, please check the [Conan GitHub Action documentation](https://docs.conan.io/2/integrations/github.html). In case of any questions, bugs and feature requests, please file a [issue](https://github.com/conan-io/setup-conan/issues) to its official repository.

From 8a391b794e13b120007e255d85618978a15bc34a Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 14:59:15 +0200
Subject: [PATCH 03/19] Remove permalink

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 1 -
 1 file changed, 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index d8ba4e62..678c3a9e 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -5,7 +5,6 @@ title: "Speeding Up Your GitHub Builds with the Official Conan Action"
 meta_title: "A GitHub Action for Conan - Conan Blog"
 description: "Integrate Conan into your GitHub Actions workflow with the new Conan Action."
 keywords: "C++, C, GitHub, CI, CD, Workflow"
-permalink: /conan-github-action/
 ---
 
 In modern software development, fast and reliable CI/CD pipelines are essential. However, configuring and maintaining CI scripts—especially for dependency management can slow down your workflow and increase maintenance costs.

From 29f2a0657ce85455671619f3df1b5c05df3d9ab0 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:01:51 +0200
Subject: [PATCH 04/19] Fix typo

Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 678c3a9e..25814208 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -19,7 +19,7 @@ The official Conan GitHub Action, maintained by the Conan team, simplifies Conan
 
 ### Features of the Conan GitHub Action
 
-The Conan GitHub Action offers somre features to customize your workflow execution, including:
+The Conan GitHub Action offers some features to customize your workflow execution, including:
 
 - **Caching Conan packages:** The action can cache Conan packages to speed up the installation process. This is particularly useful when building multiple times, as it reduces the time spent downloading and installing dependencies. The cache is restored automatically when the action is run, so you don't have to worry about managing it yourself. By default, the action will not cache the Conan packages.
 

From 953a13cdae08b722bfb23674646d7d3a6637066e Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:02:11 +0200
Subject: [PATCH 05/19] Improve grammar

Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 25814208..bac31d9c 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -86,7 +86,7 @@ jobs:
 ```
 
 This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan.
-It will also scan the Conan packages listed in the `conanfile.py` expected for vulnerabilities and upload the report as an artifact.
+It will also scan the Conan packages listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact.
 The `conanfile.py` is expected to be present in the same repository.
 Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found.
 

From 2be0cd6b536f63b68c60819722b8cc09a94f1658 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:04:39 +0200
Subject: [PATCH 06/19] Fix scan description

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index bac31d9c..e090a2d3 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -86,7 +86,7 @@ jobs:
 ```
 
 This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan.
-It will also scan the Conan packages listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact.
+It will also scan the requirements and all the transitive dependencies listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact.
 The `conanfile.py` is expected to be present in the same repository.
 Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found.
 

From 0bd7c2624aca8b00c348825a7f6efb626e9e3302 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:15:55 +0200
Subject: [PATCH 07/19] Use redirection instead of out-file

Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index e090a2d3..4901d973 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -68,7 +68,7 @@ jobs:
 
     - name: Scan Conan packages
       run: |
-        conan audit scan . --format=json --out-file=output/conan-audit-report.json
+        conan audit scan . --format=json > output/conan-audit-report.json
 
     - name: Archive Conan Audit report
       uses: actions/upload-artifact@v4

From 8434ba15a7ef358ed4e0c20ef11a4a90bb0b3ebc Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:22:51 +0200
Subject: [PATCH 08/19] Simplify description

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 4901d973..69163f6f 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -15,7 +15,7 @@ This article shows how to use the official [Conan GitHub Action](https://github.
 
 ## Why Use the Conan GitHub Action?
 
-The official Conan GitHub Action, maintained by the Conan team, simplifies Conan setup in your workflows. It’s available on the GitHub Marketplace and is designed for easy integration and efficient dependency management. Using the official action ensures you benefit from ongoing maintenance, security, and community support.
+The official Conan GitHub Action, maintained by the Conan team, setting up the Conan client. It’s available on the GitHub Marketplace and is designed for easy integration and efficient dependency management. Using the official action ensures you benefit from ongoing maintenance, security, and community support.
 
 ### Features of the Conan GitHub Action
 

From 90571c302761a3c4e61fd8ae49bd242fa42b73db Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:26:24 +0200
Subject: [PATCH 09/19] Move conanfile.py

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 69163f6f..3ba0c68d 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -37,6 +37,7 @@ By default, the action will not use a Conan Audit token.
 ## How to Use the Conan Action in a Workflow
 
 Let’s look at a practical example: a nightly workflow that builds your project and scans for vulnerabilities using Conan.
+Besides the GitHub workflow yaml file, a `conanfile.py` is expected to be present in the same repository.
 
 First, add the Conan Action to your workflow yaml file:
 
@@ -48,6 +49,7 @@ First, add the Conan Action to your workflow yaml file:
 The the full workflow file will look like this:
 
 ```yaml
+# .github/workflows/nightly-conan-audit-scan.yml
 name: Nightly Conan Audit Scan
 on:
   schedule:
@@ -87,7 +89,6 @@ jobs:
 
 This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan.
 It will also scan the requirements and all the transitive dependencies listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact.
-The `conanfile.py` is expected to be present in the same repository.
 Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found.
 
 ## Conclusion

From b2775387272410cf51291f82b24cabb367f2872d Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:42:12 +0200
Subject: [PATCH 10/19] Add Conan config command

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 3ba0c68d..5c29067f 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -30,7 +30,7 @@ The Conan GitHub Action offers some features to customize your workflow executio
 - **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
 By default, the action will not use a Conan Audit token.
 
-- **Configuration installation:** The action allows you to specify a list of URLs to install configuration files from. This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
+- **Configuration installation:** The action allows you to specify a list of URLs to be consumed by the command [conan config install/install-pkg](https://docs.conan.io/2/reference/commands/config.html). This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
 
 - **Python version:** The action allows you to specify the Python version to use in your workflow. This is useful when you want share the same Python version between Conan and your workflow. By default, the action will use the Python version 3.10.
 

From 8b09bce78c366503ce4acc4fed050caab5f96b0a Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 15:55:34 +0200
Subject: [PATCH 11/19] Add JSON for example

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 .../2025-04-21-Conan-Github-Action.markdown   | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 5c29067f..4133a720 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -89,7 +89,34 @@ jobs:
 
 This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan.
 It will also scan the requirements and all the transitive dependencies listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact.
-Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found.
+Finally, the file `output/conan-audit-report.json` will be checked for any **high** severity vulnerabilities using the `jq` command. If any are found, the workflow will fail with an error message.
+
+For reference, the Conan package `openssl/3.4.1` should contain the [CVE-2019-0190](https://www.cve.org/CVERecord?id=CVE-2019-0190). In that case, the produced output by `conan audit scan` should contain the following JSON:
+
+```json
+{
+  "name": "CVE-2019-0190",
+  "description": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.",
+  "severity": "High",
+  "cvss": {
+    "preferredBaseScore": 7.5
+  },
+  "aliases": [
+    "CVE-2019-0190",
+    "JFSA-2023-000317713"
+  ],
+  "advisories": [
+    {
+      "name": "CVE-2019-0190"
+    }
+  ],
+  "references": [
+    "https://httpd.apache.org/security/vulnerabilities_24.html"
+  ]
+}
+```
+
+Here, the `severity` field is set to **High**. The workflow will fail and print the error message.
 
 ## Conclusion
 

From b7c78db1fbc11e5c1119f9ebb8aefd8863a56824 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 16:14:06 +0200
Subject: [PATCH 12/19] Use javascript for json parser

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 _posts/2025-04-21-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-21-Conan-Github-Action.markdown
index 4133a720..7869e39f 100644
--- a/_posts/2025-04-21-Conan-Github-Action.markdown
+++ b/_posts/2025-04-21-Conan-Github-Action.markdown
@@ -93,7 +93,7 @@ Finally, the file `output/conan-audit-report.json` will be checked for any **hig
 
 For reference, the Conan package `openssl/3.4.1` should contain the [CVE-2019-0190](https://www.cve.org/CVERecord?id=CVE-2019-0190). In that case, the produced output by `conan audit scan` should contain the following JSON:
 
-```json
+```javascript
 {
   "name": "CVE-2019-0190",
   "description": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.",

From 4e6746b5e90056f685a5a8dad8d80e554925d372 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 16:59:58 +0200
Subject: [PATCH 13/19] Move post date to April 22

Signed-off-by: Uilian Ries <uilianries@gmail.com>
---
 ...ub-Action.markdown => 2025-04-22-Conan-Github-Action.markdown} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename _posts/{2025-04-21-Conan-Github-Action.markdown => 2025-04-22-Conan-Github-Action.markdown} (100%)

diff --git a/_posts/2025-04-21-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
similarity index 100%
rename from _posts/2025-04-21-Conan-Github-Action.markdown
rename to _posts/2025-04-22-Conan-Github-Action.markdown

From a7af6c66ce8af9983c49c56640138b4724cf0fa9 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:41:29 +0200
Subject: [PATCH 14/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index 7869e39f..a1fb61ae 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -7,7 +7,7 @@ description: "Integrate Conan into your GitHub Actions workflow with the new Con
 keywords: "C++, C, GitHub, CI, CD, Workflow"
 ---
 
-In modern software development, fast and reliable CI/CD pipelines are essential. However, configuring and maintaining CI scripts—especially for dependency management can slow down your workflow and increase maintenance costs.
+In modern software development, fast and reliable CI/CD pipelines are essential. However, configuring and maintaining CI scripts (especially for dependency management) can slow down your workflow and increase maintenance costs.
 
 [GitHub Actions](https://github.com/features/actions) automates tasks like installing dependencies, running tests, and deploying applications. But setting up tool dependencies can be time-consuming. Fortunately, GitHub Actions supports reusable extensions from the [GitHub Marketplace](https://github.com/marketplace?type=actions), making it easier to manage tools like Conan.
 

From 26032cdccf29a7ab8bdc7d21decc10a357dcc174 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:41:39 +0200
Subject: [PATCH 15/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index a1fb61ae..50a852f2 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -25,7 +25,7 @@ The Conan GitHub Action offers some features to customize your workflow executio
 
 - **Custom Conan home folder:** The action allows you to specify a custom Conan home folder, which can be used to store the Conan cache and other configuration files. This is useful when you want to share the cache between different jobs or workflows, or when you want to use a specific location for the Conan home folder. By default, the action will use the default Conan home folder, which is located in the workstation home directory.
 
-- **Conan version:** Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest version of Conan available in the `pypi.org`.
+- **Conan version:** Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest stable version of Conan available in the `pypi.org` repository.
 
 - **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
 By default, the action will not use a Conan Audit token.

From 2b520e378e36fa0d566536051168d265f908a859 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:41:47 +0200
Subject: [PATCH 16/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index 50a852f2..7b440e2f 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -46,7 +46,7 @@ First, add the Conan Action to your workflow yaml file:
   uses: conan-io/setup-conan@v1
 ```
 
-The the full workflow file will look like this:
+The full workflow file will look like this:
 
 ```yaml
 # .github/workflows/nightly-conan-audit-scan.yml

From fca235c1de74a58ec2f8ec5edae02e3017ae0692 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:42:06 +0200
Subject: [PATCH 17/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index 7b440e2f..68c037f0 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -30,7 +30,7 @@ The Conan GitHub Action offers some features to customize your workflow executio
 - **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
 By default, the action will not use a Conan Audit token.
 
-- **Configuration installation:** The action allows you to specify a list of URLs to be consumed by the command [conan config install/install-pkg](https://docs.conan.io/2/reference/commands/config.html). This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
+- **Configuration installation:** The action allows you to specify a list of URLs to be consumed by the command [conan config install/install-pkg](https://docs.conan.io/2/reference/commands/config.html). This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the specified Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.
 
 - **Python version:** The action allows you to specify the Python version to use in your workflow. This is useful when you want share the same Python version between Conan and your workflow. By default, the action will use the Python version 3.10.
 

From e606bf0fa348bddf22f67f170d26ec315155d720 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:42:15 +0200
Subject: [PATCH 18/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index 68c037f0..71e128d3 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -27,7 +27,7 @@ The Conan GitHub Action offers some features to customize your workflow executio
 
 - **Conan version:** Define what Conan version you want to use in your workflow. This is useful when you want to use a specific version of Conan or when you want to test a new version before upgrading your workflow. Only Conan 2.x is supported by this action, so if you are using Conan 1.x, you will need to upgrade your workflow to use Conan 2.x. By default, the action will use the latest stable version of Conan available in the `pypi.org` repository.
 
-- **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
+- **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with an Audit server and scan your packages for vulnerabilities. Remember to always use GitHub secrets to store your tokens and avoid exposing them in your workflow.
 By default, the action will not use a Conan Audit token.
 
 - **Configuration installation:** The action allows you to specify a list of URLs to be consumed by the command [conan config install/install-pkg](https://docs.conan.io/2/reference/commands/config.html). This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the specified Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files.

From bb4437ca7dde4bb88c2dfbdd84563ef5e6f4aaa3 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Mon, 21 Apr 2025 19:42:23 +0200
Subject: [PATCH 19/19] Update _posts/2025-04-22-Conan-Github-Action.markdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
---
 _posts/2025-04-22-Conan-Github-Action.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2025-04-22-Conan-Github-Action.markdown b/_posts/2025-04-22-Conan-Github-Action.markdown
index 71e128d3..c22ad769 100644
--- a/_posts/2025-04-22-Conan-Github-Action.markdown
+++ b/_posts/2025-04-22-Conan-Github-Action.markdown
@@ -15,7 +15,7 @@ This article shows how to use the official [Conan GitHub Action](https://github.
 
 ## Why Use the Conan GitHub Action?
 
-The official Conan GitHub Action, maintained by the Conan team, setting up the Conan client. It’s available on the GitHub Marketplace and is designed for easy integration and efficient dependency management. Using the official action ensures you benefit from ongoing maintenance, security, and community support.
+The official Conan GitHub Action, maintained by the Conan team, takes care of setting up the Conan client for you. It’s available on the GitHub Marketplace and is designed for easy integration and efficient dependency management. Using the official action ensures you benefit from ongoing maintenance, security, and community support.
 
 ### Features of the Conan GitHub Action