Execute them in the following order to achieve the complete License clearing process.

1. Package Identifier - This executable takes Package file or a cycloneDX BOM as input and provides a SBOM file as output. For each of the component the dependency classification (development,internal) and the availability in jfrog artifactory is identified and added in the SBOM file.

docker run --rm -it -v /path/to/InputDirectory:/mnt/Input -v /path/to/OutputDirectory:/mnt/Output -v /path/to/LogDirectory:/var/log -v /path/to/configDirectory:/etc/CATool ghcr.io/siemens/continuous-clearing dotnet PackageIdentifier.dll --settingsfilepath /etc/CATool/appSetting.json

• Input (i.e., /path/to/InputDirectory -> place to keep input files)
• Output (i.e.,/path/to/OutputDirectory -> resulted files will be stored here)
• Log (i.e., /path/to/logDirectory -> logs will be stored here)
• Configuration (i.e., /path/to/ConfigDirectory -> place to keep the Config files i.e appSetting.json)

2. SW360 Package Creator - This executable expects the CycloneDX BOM as the input, creates the missing components/releases in SW360 and links all the components to the respective project in SW360 portal and triggers the fossology upload.

Note: By default the SBOM contains both dev and non dev dependent components. Hence while creating the components in Sw360 make sure to set the RemoveDevDependency flag as true to skip creating the development dependent components.

docker run --rm -it -v /path/to/OutputDirectory:/mnt/Output -v /path/to/LogDirectory:/var/log -v /path/to/configDirectory:/etc/CATool ghcr.io/siemens/continuous-clearing dotnet SW360PackageCreator.dll --settingsfilepath /etc/CATool/appSetting.json

3. Artifactory Uploader - This executable takes CycloneDX BOM which is updated by the SW360PackageCreator.dll as input and uploads the components that are already cleared (clearing state - "Report approved") to the SIPARTY release repo in Jfrog Artifactory.

 docker run --rm -it -v /path/to/OutputDirectory:/mnt/Output -v /path/to/LogDirectory:/var/log -v /path/to/configDirectory:/etc/CATool ghcr.io/siemens/continuous-clearing dotnet ArtifactoryUploader.dll --settingsfilepath /etc/CATool/appSetting.json

Extract the downloaded .nupkg package , execute the following commands inside the tools folder.

1. Package Identifier - This executable takes Package file as input and provides a CycloneDX BOM file as output. For each of the component the dependency classification (development,internal) and the availability in jfrog artifactory is identified and added in the BOM file.

  PackageIdentifier.exe --settingsfilepath /<Config_Path>/appSetting.json

2. SW360 Package Creator - This executable expects the CycloneDX BOM as the input, creates the missing components/releases in SW360 and links all the components to the respective project in SW360 portal and triggers the fossology upload.

Note: By default the SBOM contains both dev and non dev dependent components. Hence while creating the components in Sw360 make sure to set the RemoveDevDependency flag as true to skip creating the development dependent components.

 SW360PackageCreator.exe --settingsfilepath /<Config_Path>/appSetting.json

3. Artifactory Uploader - This executable takes CycloneDX BOM which is updated by the SW360PackageCreator.dll as input and uploads the components that are already cleared (clearing state - "Report approved") to the SIPARTY release repo in Jfrog Artifactory.

  ArtifactoryUploader.exe --settingsfilepath /<Config_Path>/appSetting.json