sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard

Published 20 hours ago verified publisher icon microsoft

SBOM Task Outputs Directly to Console Instead of Using MSBuild Logging APIs

Open JonDouglas opened this issue 1 year ago • 6 comments

When using the SBOM task in an MSBuild project, the task outputs messages directly to the console rather than utilizing MSBuild's Logging APIs. This behavior results in cluttered and unstructured console output, which is not consistent with standard MSBuild practices. Proper logging through MSBuild's APIs would allow for better categorization and filtering of messages.

Steps to Reproduce:

  1. Create a .NET project and include the SBOM task.
  2. Run the command dotnet pack -bl to build the project with a binary log.
  3. Observe the console output during the build process.

Expected behavior:

Sbom task should output messages through MSBuild logging APIs & categorized appropriately.

We can utilize TaskLoggingHelper:

public class SbomTask : Microsoft.Build.Utilities.Task
{
    public override bool Execute()
    {
        // Example of logging an informational message
        Log.LogMessage(MessageImportance.High, "Finding components...");
        // Example of logging a warning
        Log.LogWarning("No instructions received to scan docker images.");
        // Example of logging an error
        Log.LogError("An error occurred during SBOM generation.");

        // Rest of the task implementation

        return !Log.HasLoggedErrors;
    }
}

JonDouglas avatar Sep 19 '24 16:09 JonDouglas