cyclonedx-dotnet icon indicating copy to clipboard operation
cyclonedx-dotnet copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Metadata

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Results 99 cyclonedx-dotnet issues
Sort by recently updated
recently updated
newest added

Add support for "dotnet-retire"

7 comment

I've just found [RetireNet](https://github.com/RetireNet/dotnet-retire). This tools produces massive more information and also finds some vulnerabilities. * It scans all transitive dependencies, * It includes .NET Framework / .NET Core version...

cmenzi avatar cmenzi

System.IO.InvalidDataException: Central Directory corrupt with 2.4.1

33 comment

Hi, using version 2.4.1 some of our builds are failing due to a `System.IO.InvalidDataException` exception. Those builds were working using version 2.3.0 and are still working if we fix the...

philipp-ranft avatar philipp-ranft

question

.NET6 Client-Side Libraries Missing from BOM

10 comment

I noticed today that a .NET6 project in Dependency Track was missing Bootstrap and jQuery components. Project is a basic .NET6 webapp generated from CLI with default folder structure. wwwroot...

curnsey avatar curnsey

stale

Support Multiple Nuget Feeds

7 comment

You can set an alternative feed, but this only supports changing the feed. It would be nice to be able to specify multiple nuget feeds. Or, even better use the...

BlythMeister avatar BlythMeister

stale

Null reference exception when project file has a project reference to an unsupported project

I have a .csproj project file that has a project reference to a .vcxproj project. Trying to generate a bom for this solution causes a null reference exception: ``` »...

LapNik avatar LapNik

Dependency version ranges are incorrectly resolved

1 comment

I have a project which has top level NuGet dependencies Package1 1.0.0 and Package2 2.0.0. Package1 has a transitive dependency to Package2 [1.0.0]. The project is built just fine using...

LapNik avatar LapNik

stale

CI: `set-output` command is deprecated

1 comment

Release The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

mtsfoni avatar mtsfoni

github_actions
stale

Possible Bug: Metadata CycloneDX-version is taken over as SBOM version

1 comment

When the Metadata File has a lower CycloneDX version, the same version will be written into the SBOM, making it possibly invalid as there might be elements that don't exist...

mtsfoni avatar mtsfoni

triage
stale

build(deps): bump dotnet/sdk from 8.0.101 to 8.0.203

Bumps dotnet/sdk from 8.0.101 to 8.0.203. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dotnet/sdk&package-manager=docker&previous-version=8.0.101&new-version=8.0.203)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies
docker

#842 Add additional properties to SBOM

2 comment

This request now sets: - the publisher in the sbom based on the owner and if it is null it will use the author Closes #842

thompson-tomo avatar thompson-tomo

Metadata

164
Stars
78
Forks
Watchers

Owner

verified publisher icon CycloneDX

Metadata

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Back