cyclonedx-dotnet icon indicating copy to clipboard operation
cyclonedx-dotnet copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Metadata

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Results 99 cyclonedx-dotnet issues
Sort by recently updated
recently updated
newest added

Accept NuGet lockfiles (packages.lock.json) for generating BOMs

1 comment

NuGet restores are not necessarily repeatable due to configuration differences or updated package versions with floating versions (there is an excellent blog post [here](https://devblogs.microsoft.com/nuget/enable-repeatable-package-restores-using-a-lock-file/)). It would be great if this...

tmilnthorp avatar tmilnthorp

stale

Passing environment variables to dotnet-cyclonedx

3 comment

In some of my .csproj files I use variables to support different deployments. example: dotnet-cylonedx cannot resolve $(SourceDir) and will log an error that the project file does not exist....

cwa-dr avatar cwa-dr

stale

Did anyone figure out solution for using version 2.7.0 ? I am facing this issue if I run it in Linux VM in azure pipelines as well as local machine but it is working without any issues in my local windows machine, not sure what causing the issue. I also tried to run in windows VMs in azure pipelines, still causing same issue, not sure how it is working locally with windows machine. Did anyone face the similar issue ?

2 comment

Did anyone figure out solution for using version 2.7.0 ? I am facing this issue if I run it in Linux VM in azure pipelines as well as local machine...

gkrishna240988 avatar gkrishna240988

stale

Test projects are not excluded with option "exclude-test-projects"

6 comment

Opening a new issue because the previous one was closed, but didnt fixed all the cases as I explained in my comment: https://github.com/CycloneDX/cyclonedx-dotnet/issues/363#issuecomment-1489385428

AlbertoMonteiro avatar AlbertoMonteiro

stale

Add Protobuf output support

1 comment

mtsfoni avatar mtsfoni

enhancement
help wanted
good first issue
ready for development

After updating to CycloneDX.Core 6.0: Add CycloneDX as Component instead of as Tool(deprecated) to the Metadata.

1 comment

In function AddMetadataTool CycloneDX is added as a tool inside the metadata-section, the tool node is flagged as deprecated in CycloneDX 1.5 though. The Core-library 6.0 is not yet being...

mtsfoni avatar mtsfoni

Tools/tool is deprecated in cdx standard. Using tools/components instead.

1 comment

mtsfoni avatar mtsfoni

Add results of Nuget Vulnerabilities scan to bom?

See here: https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/

mtsfoni avatar mtsfoni

Read GitHub credentials from environment variables

Potentially related to #659

mtsfoni avatar mtsfoni

Read metadata automatically from base BOM .cdx/base.[xml|json|bin]

mtsfoni avatar mtsfoni

Metadata

164
Stars
78
Forks
Watchers

Owner

verified publisher icon CycloneDX

Metadata

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Back