cyclonedx-dotnet
cyclonedx-dotnet copied to clipboard
CycloneDX
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
I scanned some of our projects with cyclonedx-dotnet for further use with vulnerability identification tool dependency-track. After importing into dependency-track, many licenses of packages are not visible. In one project...
## Summary When running `cyclonedx-dotnet` on a .NET Framework 4.6.1 project, `cyclonedx-dotnet` does not report any dependencies and returns an error. ## Context `testproject.csproj` includes the following section: ``` ```...
The file CHANGELOG.md is not accessible from nuget.org. Suggestion: add information in nuget package and do not use a URL (see also [Add a README to Your NuGet Package](https://devblogs.microsoft.com/nuget/add-a-readme-to-your-nuget-package/)) 
Hi, My current project has import PackageReference from one of the custom in house library. Is it possible to ignore and continue to run dotnet cyclonedx when it can't able...
- [x] dependency graph support - [x] drop support for .NET Core 2.1 runtime - [ ] migrate to `System.CommandLine` from `McMaster.Extensions.CommandLineUtils` - [ ] refactor Program.cs - [ ]...
I am using the Arcade Build SDK from microsoft by defining it in the Directory.Build.targets file: ``` ``` And using analyzers in the Directory.Build.props file: ``` all runtime; build; native;...
Is it possible to generate a bom file from a project that has multiple .sln files?
Having looked into this issue https://github.com/CycloneDX/cyclonedx-dotnet/issues/399, I've come to the conclusion that the _only_ way to achieve real accuracy is to generate the BOM from within the msbuild process. This...