cyclonedx-dotnet
cyclonedx-dotnet copied to clipboard
CycloneDX
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
At first glance, MS Component Detection appears to use the same mechanism to resolve what packages have been used. This issue is being raised to garner feedback from the community....
Hi, We are using [cyclonedx-dotnet](https://github.com/CycloneDX/cyclonedx-dotnet) and facing incorrect dependencies issue. Sample solution with two projects look like below and attached to the thread. Please note **ClassLibrary1** is **netstandard 2.0** project....
After generating an SBOM we see that the graph has duplicated entries, this seems like a bug because they are the same, so it does not make sense to have...
When generating a bom the metadata component does not have a purl, if we have the information ( coordinates), it should be able to create the purl, and even better...
Fixes #432 and #489. Added `--enable-github-licenses-non-default-branch` switch to opt-in to fetch license information for branches other than `master` or `main`. This ensures that current behavior doesn't change. Added fallback to...
When generating SBOM from .csproj files it seems that when the license can be parsed correctly ( its ID), `NOASSERTION` value is added instead, this causes an error when trying...
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1 to 2. Release notes Sourced from actions/setup-dotnet's releases. v2.0.0 In scope of this release we changed version of the runtime Node.js for the setup-dotnet action and...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 3.0.2. Release notes Sourced from actions/checkout's releases. v3.0.2 What's Changed Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770 Prepare changelog...
Please tell me if this is actually a problem importing into DependencyTrack, but it feels like an issue generating the BOM. I've got several dependencies (for example, Microsoft.Azure.Cosmos and System.Buffers)...
There is no mention in [README.md](https://github.com/CycloneDX/cyclonedx-dotnet/blob/master/README.md) or [CONTRIBUTING.md](https://github.com/CycloneDX/.github/blob/master/CONTRIBUTING.md) that commits must be signed off, yet there is a check that prevent pull requests being merged without sign-off. The documentation should...
