cyclonedx-dotnet
cyclonedx-dotnet copied to clipboard
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
NuGet restores are not necessarily repeatable due to configuration differences or updated package versions with floating versions (there is an excellent blog post [here](https://devblogs.microsoft.com/nuget/enable-repeatable-package-restores-using-a-lock-file/)). It would be great if this...
In some of my .csproj files I use variables to support different deployments. example: dotnet-cylonedx cannot resolve $(SourceDir) and will log an error that the project file does not exist....
Did anyone figure out solution for using version 2.7.0 ? I am facing this issue if I run it in Linux VM in azure pipelines as well as local machine...
Opening a new issue because the previous one was closed, but didnt fixed all the cases as I explained in my comment: https://github.com/CycloneDX/cyclonedx-dotnet/issues/363#issuecomment-1489385428
In function AddMetadataTool CycloneDX is added as a tool inside the metadata-section, the tool node is flagged as deprecated in CycloneDX 1.5 though. The Core-library 6.0 is not yet being...
See here: https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/
Potentially related to #659