Conan lockfile V2 license parsing uses incorrect folder structure

[manifestori]

Description

I have used Trivy to generate SBOMs for Conan projects using lockfiles v2.

Unfortuantly, even though its supported in V1, license parsing using cache dir doesn't work.
The root cause is:

	// cf. https://docs.conan.io/1/mastering/custom_cache.html
	cacheDir := os.Getenv("CONAN_USER_HOME")
	if cacheDir == "" {
		cacheDir, _ = os.UserHomeDir()
	}
	cacheDir = path.Join(cacheDir, ".conan", "data")

	if !fsutils.DirExists(cacheDir) {
		return nil, xerrors.Errorf("the Conan cache directory (%s) was not found.", cacheDir)
	}

It's an easy fix, but cacheDir = path.Join(cacheDir, ".conan", "data") is not the path for v2.
v2 uses ~/.conan2/p/ , so using CONAN_USER_HOME still won't work. even if you set it to ~/.conan2/p/ it will append data. thus, unable to parse license data from cache.

I have copied my files to v1 location and parsing went perfectly.

Desired Behavior

Licenses should be parse on lockfile v2

Actual Behavior

No license data was found in the non-existent cache.

Reproduction Steps

1.
2.
3.
...

Target

Filesystem

Scanner

None

Output Format

JSON

Mode

None

Debug Output

---

Operating System

OSX

Version

Version: 0.48.0

Checklist

• Run trivy image --reset
• Read the troubleshooting

[DmitriyLewen]

Hello @manifestori
Thanks for your report!

Created #6931 for this task.

Regards, Dmitriy