Sebastian Schuberth

As discussed internally the first "stop-gap" should be measure to implement in SW360 directly that no component with an existing external ID can be created.

> Filter by folder, to only deploy jobs for a specific folder. Can't this already be done by `--filter "foldername/.*"` (as job names may not contain `/`)?

> Unfortunately this directory is hard coded in the jenkins-test-harness You could still temporarily override the `java.io.tmpdir` system property, or? > But I wonder why a running Jenkins instance would...

> Any objections from anybody against merging this? There's a [unit test failure](https://github.com/oss-review-toolkit/ort/actions/runs/9078200843/job/24944835693?pr=8616#step:4:7559) now. Please first have a look at this.

> @sschuberth, are you fine with merging? I haven't looked at the latest iterations code-wise, and I'm not deep enough into the topic to do so in reasonable time. So...

> Since [c2c6926](https://github.com/oss-review-toolkit/ort/commit/c2c6926), the underlying dependencies of a nuget package are not listed in the report. It's very unlikely that the mentioned change in the scanner has an impact on...

> No, i took a snapshot of the program at this commit and ran the analyzer with it and got this problem. So, can you please try to narrow down...

> The bug is added somewhere between [c4a7a74](https://github.com/oss-review-toolkit/ort/commit/c4a7a74) and [c2c6926](https://github.com/oss-review-toolkit/ort/commit/c2c6926) Ok, that's a wide range of commits, and it also includes the complete rewrite of NuGet analyzer via the [nuget-inspector](https://github.com/nexB/nuget-inspector)...

> * Same problem occurs i.e. no dependencies are listed other than NuGet::Microsoft.EntityFrameworkCore:7.0.5. Interestingly, this sounds like more or less the opposite of what @fb33 reported in Slack over [here](https://oss-review-toolkit.slack.com/archives/C9NNJ54B1/p1714631213293309).

@hoang-son-nguyen-grassfish-com can you please share the exact project files you were using?