cyclonedx-dotnet icon indicating copy to clipboard operation
cyclonedx-dotnet copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Nuget package from private feed not found on nuget.org results in error ("Central Directory corrupt.")

Open dreammaster38 opened this issue 1 year ago • 2 comments

Hi,

I just stumbled about an error while trying to create SBOM from nuget packages not found on public nuget.org. The error message was "Central Directory corrupt." because the package couldn't be downloaded from nuget.org by default. Now i just check if the package really exists on nuget.org before trying to read any info.

Feel free to integrate this bugfix into your release if you like.

Kind regards Thomas

dreammaster38 avatar Aug 16 '23 18:08 dreammaster38

We run into this issue with the 2.8.1 version as well, but only with prerelease nugets. With release nugets this works fine, with prerelease nugets we get the same error. So I don't think the issue is with private feed or not, our release nugets are also on private feeds.

NextFreeUsername avatar Aug 31 '23 12:08 NextFreeUsername

Hello dreammaster38,

unfortunately, you didn't sign-off your commits, thus I cannot merge them. Please consider signing them off.

See here for some more information: https://github.com/CycloneDX/cyclonedx-dotnet/pull/748/checks?check_run_id=15953566656

mtsfoni avatar Sep 27 '23 19:09 mtsfoni