Michael Tsfoni

The big problem with the call via .sln, or in this case a folder/wildcard, is always that there is not a real root-project. Every single project is just considered to...

> Group the first segment of the package name This bases on the assumption that packages are named by a certain convention/best practice that is not enforced. I don't think...

Basically waiting for the outcome of this: [Feature: documenting external/extraneous dependencies ](https://github.com/CycloneDX/specification/issues/321)

There are two different problems as far as I captured it. One is a general problem with .NET standard being listed as dependency but never added to the list of...

Too bad, after reading your post from last week, I kinda hoped there was an easy, overlooked solution to the problem. I will get to look into it in about...

#### This gives an actual Error NU1107. ``` Solution -> ConsoleApp -> Rebus.RabbitMq (7.4.6) -> Rebus (>= 6.0.0 && < 7.0.0) -> SubProject (Project Reference) -> Rebus (7.0.0) ``` ####...

I could only reproduce this, calling CycloneDX directly on the .sln-file. That creates the situation that dependencies of each project are gathered separately and then aggregated. This way CycloneDX cannot...

Buildanalyzer is no. 1 on my list now. But i doubt this is not a problem it could solve. The Problem here is that Raphael has two separate programmes in...

> The result with 2 versions for a package in the solution SBOM is correct and something which should be expected. You are right, this is a case for being...

I have no answer for you offhand without reproducing some parts of the setup. As a workaround, you could try to first add the feed to nugget via ``dotnet nuget...