profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/patspaeth/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

patspaeth/cyclonedx-dotnet 0

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

patspaeth/cyclonedx-dotnet-library 0

.NET library to consume and produce CycloneDX Software Bill of Materials (SBOM)

issue openedCycloneDX/cyclonedx-dotnet

Packages included by Directory.Build.props will not be excluded with --exclude-dev

I am using the Arcade Build SDK from microsoft by defining it in the Directory.Build.targets file:

<Import Project="Sdk.targets" Sdk="Microsoft.DotNet.Arcade.Sdk" />

And using analyzers in the Directory.Build.props file:

    <ItemGroup Condition="$(BUILD_REASON) == ''">
        <PackageReference Include="SonarAnalyzer.CSharp" Version="8.28.0.36354">
            <PrivateAssets>all</PrivateAssets>
            <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
        </PackageReference>
        <PackageReference Include="AsyncFixer" Version="1.5.1">
            <PrivateAssets>all</PrivateAssets>
            <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
        </PackageReference>
        <PackageReference Include="SerilogAnalyzer" Version="0.15.0.0" />
    </ItemGroup>
    <ItemGroup>
        <PackageReference Include="Nerdbank.GitVersioning" Version="3.4.231">
            <PrivateAssets>all</PrivateAssets>
            <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
        </PackageReference>
    </ItemGroup>

I would now assume that these dependencies will be excluded when I use following option:

dotnet-CycloneDX -o SBOM -biop ./artifacts --exclude-dev mySolution.sln

Actual: But I see all these dependencies in my BOM file: Retrieving AsyncFixer 1.5.1 Retrieving Microsoft.Build.Tasks.Git 1.1.0-beta-20206-02 Retrieving Microsoft.SourceLink.AzureRepos.Git 1.1.0-beta-20206-02 Retrieving Microsoft.SourceLink.Common 1.1.0-beta-20206-02 Retrieving Microsoft.SourceLink.GitHub 1.1.0-beta-20206-02 Retrieving Nerdbank.GitVersioning 3.4.231 Retrieving Newtonsoft.Json 13.0.1 Retrieving SerilogAnalyzer 0.15.0 Retrieving GitHub license for repository Suchiman/SerilogAnalyzer and ref master Retrieving SonarAnalyzer.CSharp 8.28.0.36354 Retrieving XliffTasks 1.0.0-beta.20502.2

Expected: Retrieving Newtonsoft.Json 13.0.1

I have made an example project and appended here MySolution.zip !

created time in 6 hours

push eventpatspaeth/cyclonedx-dotnet

dependabot[bot]

commit sha 385c8608ad6daac23a9ca5688d0bf72446e4f502

Bump Snapshooter.Xunit from 0.6.2 to 0.7.1 Bumps [Snapshooter.Xunit](https://github.com/SwissLife-OSS/Snapshooter) from 0.6.2 to 0.7.1. - [Release notes](https://github.com/SwissLife-OSS/Snapshooter/releases) - [Commits](https://github.com/SwissLife-OSS/Snapshooter/compare/0.6.2...0.7.1) --- updated-dependencies: - dependency-name: Snapshooter.Xunit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha b03710a8e29349e89e249d28d99b5f85355fd48e

Merge pull request #421 from CycloneDX/dependabot/nuget/Snapshooter.Xunit-0.7.1 Bump Snapshooter.Xunit from 0.6.2 to 0.7.1

view details

dependabot[bot]

commit sha ca459108659687750d8584bd965fca38ce09a8df

Bump System.IO.Abstractions.TestingHelpers from 13.2.43 to 13.2.47 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.43 to 13.2.47. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.43...v13.2.47) --- updated-dependencies: - dependency-name: System.IO.Abstractions.TestingHelpers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha ed9bb5d62f4cd87c621f58a07fa98106e6bd755c

Merge pull request #420 from CycloneDX/dependabot/nuget/System.IO.Abstractions.TestingHelpers-13.2.47 Bump System.IO.Abstractions.TestingHelpers from 13.2.43 to 13.2.47

view details

Patrick Dwyer

commit sha 5c28c3bed7759c4cc195008834943be49bcab15d

Merge pull request #417 from patspaeth/master

view details

dependabot[bot]

commit sha 858c52786825ea8442d714d8f95051d822387900

Bump System.IO.Abstractions from 13.2.43 to 13.2.47 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.43 to 13.2.47. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.43...v13.2.47) --- updated-dependencies: - dependency-name: System.IO.Abstractions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha e1137fe1d97f3144c3d87748bd554d84ece7c4c5

Merge pull request #419 from CycloneDX/dependabot/nuget/System.IO.Abstractions-13.2.47

view details

dependabot[bot]

commit sha 37dfaa6d93888cdc07153c6b9969c8ca166c9fd1

Bump nuget.projectmodel from 5.10.0 to 5.11.0 Bumps [nuget.projectmodel](https://github.com/NuGet/NuGet.Client) from 5.10.0 to 5.11.0. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) --- updated-dependencies: - dependency-name: nuget.projectmodel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha ccbb830cab99dec2e478a7d265dc71f815bf6db0

Merge pull request #412 from CycloneDX/dependabot/nuget/nuget.projectmodel-5.11.0 Bump nuget.projectmodel from 5.10.0 to 5.11.0

view details

Patrick Dwyer

commit sha ff013e81824057f3fcfd032d4ca0898335b98216

Bugfix release - test project dependencies now scope excluded

view details

Patrick Dwyer

commit sha d2f82cb63d3a63b94f0da00acb36a69bbd52ab04

Project restructure to upgrade to new CycloneDX.Core library Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org>

view details

Patrick Dwyer

commit sha a40ec671fc6a518b592ff10ff7725d4daed2ed5b

Merge pull request #424 from CycloneDX/library-update

view details

Patrick Dwyer

commit sha 92ce56e6f9249faccfe0873bdeb7434e52a28134

Produce v1.3 CycloneDX BOMs Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org>

view details

Patrick Dwyer

commit sha 0791eeadd74af8ee05adc70f6c42061ec3a32456

Merge pull request #425 from CycloneDX/library-update

view details

Patrick Dwyer

commit sha d2463dc53e366e0e0f47c78ecd68539196a5609d

Major release - produces v1.3 CycloneDX BOMs

view details

Patrick Dwyer

commit sha d360b4d44d1f74582b9072de983999973ba8db8f

Fix component null scope issue for packages.config files Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org>

view details

Patrick Dwyer

commit sha 4ef9fab9e253c60a80a75cce7a0134c23975d6ed

Merge pull request #429 from CycloneDX/component-null-scope-issue

view details

Patrick Dwyer

commit sha 863ce9c104cbe301fa95791937886b3c4717c937

Bugfix release - resolve null component scope issue for packages.config projects

view details

dependabot[bot]

commit sha 6905f335e836ed5786a1f3434a45b2050868c675

Bump actions/setup-dotnet from 1.8.1 to 1.8.2 Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: actions/setup-dotnet dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 607f640e1c0ddfbf7e59197e0d544777c0a09766

Merge pull request #423 from CycloneDX/dependabot/github_actions/actions/setup-dotnet-1.8.2

view details

push time in 2 days

issue commentCycloneDX/cyclonedx-dotnet

Unable to run the tool in the 2.1.2 version (1 of 12 pipelines failed)

Yes, this is possible, thanks!

patspaeth

comment created time in 2 days

issue commentCycloneDX/cyclonedx-dotnet

Unable to run the tool in the 2.1.2 version (1 of 12 pipelines failed)

I need to obfuscate the names. Please PR if more info is needed

patspaeth

comment created time in 2 days

issue closedCycloneDX/cyclonedx-dotnet

Support dependency graph

It would be good if the bom include the implementation for the dependency graph: https://cyclonedx.org/specification/overview/#dependencies

to identify direct and transitive dependencies with their relations.

closed time in 2 days

patspaeth

issue commentCycloneDX/cyclonedx-dotnet

Support dependency graph

Just saw it in the last release, sorry for that...

patspaeth

comment created time in 2 days

issue openedCycloneDX/cyclonedx-dotnet

Support dependency graph

It would be good if the bom include the implementation for the dependency graph: https://cyclonedx.org/specification/overview/#dependencies

to identify direct and transitive dependencies with their relations.

created time in 3 days

issue openedCycloneDX/cyclonedx-dotnet

Unable to run the tool in the 2.1.2 version (1 of 12 pipelines failed)

After updating the cyclonedx-dotnet tool to V2.1.2 (from v1.6.4) in 1 of 12 pipeline it failed because of:

Unhandled exception. System.Collections.Generic.KeyNotFoundException: The given key 'syngo.cloud.pm.sharedpullmodels' was not present in the dictionary.
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at CycloneDX.Program.OnExecuteAsync()
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at CycloneDX.Program.Main(String[] args) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Program.cs:line 110
   at CycloneDX.Program.<Main>(String[] args)

I have executed cyclonedx with following parameters:

dotnet dotnet-CycloneDX --exclude-test-projects --exclude-dev -o SBOM -biop D:\a\1\s/artifacts -imp cycloneDX-metadata.xml PM.BE.sln

Maybe it has something similar to #437

<details> <summary>Complete Log (click here...)</summary> <p>

VERBOSE: run CycloneDX: 'dotnet dotnet-CycloneDX --exclude-test-projects --exclude-dev -o SBOM -biop D:\a\1\s/artifacts -imp cycloneDX-metadata.xml PM.BE.sln'

Found the following local nuget package cache locations:
    C:\Users\VssAdministrator\.nuget\packages\

» Solution: D:\a\1\s\PM.BE.sln
  Getting projects

.... a lot of projects ....

Retrieving Azure.Core 1.15.0
Retrieving Azure.Storage.Common 12.8.0
Retrieving Azure.Storage.Files.Shares 12.7.0
Retrieving Common.Logging 3.4.1
Retrieving Common.Logging.Core 3.4.1
Retrieving CsvHelper 15.0.8
Retrieving LaunchDarkly.Cache 1.0.2
Retrieving GitHub license for repository launchdarkly/dotnet-cache and ref master
Retrieving LaunchDarkly.Client 5.6.3
Retrieving GitHub license for repository launchdarkly/dotnet-server-sdk and ref master
Retrieving LaunchDarkly.Common.StrongName 2.0.0
Retrieving GitHub license for repository launchdarkly/dotnet-client-common and ref master
Retrieving LaunchDarkly.EventSource 3.3.0
Retrieving Microsoft.ApplicationInsights 2.18.0
Retrieving Microsoft.ApplicationInsights.AspNetCore 2.16.0
Retrieving Microsoft.ApplicationInsights.DependencyCollector 2.16.0
Retrieving Microsoft.ApplicationInsights.EventCounterCollector 2.16.0
Retrieving Microsoft.ApplicationInsights.PerfCounterCollector 2.16.0
Retrieving Microsoft.ApplicationInsights.SnapshotCollector 1.3.7.3
Retrieving Microsoft.ApplicationInsights.WindowsServer 2.16.0
Retrieving Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel 2.16.0
Retrieving Microsoft.AspNetCore.Hosting 2.1.1
Retrieving Microsoft.AspNetCore.Hosting.Abstractions 2.1.1
Retrieving Microsoft.AspNetCore.Hosting.Server.Abstractions 2.1.1
Retrieving Microsoft.AspNetCore.Http 2.1.1
Retrieving Microsoft.AspNetCore.Http.Abstractions 2.1.1
Retrieving Microsoft.AspNetCore.Http.Extensions 2.1.1
Retrieving Microsoft.AspNetCore.Http.Features 2.1.1
Retrieving Microsoft.AspNetCore.WebUtilities 2.1.1
Retrieving Microsoft.Azure.Amqp 2.4.11
Retrieving GitHub license for repository Azure/azure-amqp and ref master
Retrieving Microsoft.Azure.Cosmos.Table 1.0.7
Retrieving Microsoft.Azure.DocumentDB.Core 2.10.0
Retrieving Microsoft.Azure.KeyVault 3.0.5
Retrieving Microsoft.Azure.KeyVault.Core 2.0.4
Retrieving GitHub license for repository Microsoft/dotnet and ref master
Retrieving Microsoft.Azure.KeyVault.WebKey 3.0.5
Retrieving Microsoft.Azure.ServiceBus 5.1.3
Retrieving Microsoft.Azure.Services.AppAuthentication 1.0.3
Retrieving GitHub license for repository Microsoft/dotnet and ref master
Retrieving Microsoft.Azure.Storage.Blob 11.2.3
Retrieving Microsoft.Azure.Storage.Common 11.2.3
Retrieving Microsoft.Azure.Storage.Queue 11.1.7
Retrieving Microsoft.Azure.WebJobs 3.0.27
Retrieving Microsoft.Azure.WebJobs.Core 3.0.27
Retrieving Microsoft.Azure.WebJobs.Extensions 4.0.1
Retrieving Microsoft.Azure.WebJobs.Extensions.ServiceBus 4.3.0
Retrieving Microsoft.Azure.WebJobs.Extensions.Storage 4.0.4
Retrieving Microsoft.Azure.WebJobs.Host.Storage 4.0.1
Retrieving Microsoft.Azure.WebJobs.Logging.ApplicationInsights 3.0.27
Retrieving Microsoft.Azure.WebJobs.Sources 3.0.19
Retrieving Microsoft.Bcl.AsyncInterfaces 1.0.0
Retrieving Microsoft.Build.Tasks.Git 1.1.0-beta-20206-02
Retrieving Microsoft.CSharp 4.5.0
Retrieving Microsoft.Data.SqlClient 2.0.1
Retrieving Microsoft.Data.SqlClient.SNI.runtime 2.0.1
Retrieving Microsoft.DotNet.PlatformAbstractions 2.0.4
Retrieving Microsoft.EntityFrameworkCore 5.0.9
Retrieving Microsoft.EntityFrameworkCore.Abstractions 5.0.9
Retrieving Microsoft.EntityFrameworkCore.Analyzers 5.0.9
Retrieving Microsoft.EntityFrameworkCore.Relational 5.0.9
Retrieving Microsoft.EntityFrameworkCore.SqlServer 5.0.9
Retrieving Microsoft.Extensions.Caching.Abstractions 5.0.0
Retrieving Microsoft.Extensions.Caching.Memory 5.0.0
Retrieving Microsoft.Extensions.Caching.StackExchangeRedis 5.0.1
Retrieving Microsoft.Extensions.Configuration 3.1.18
Retrieving Microsoft.Extensions.Configuration.Abstractions 5.0.0
Retrieving Microsoft.Extensions.Configuration.AzureKeyVault 3.1.18
Retrieving Microsoft.Extensions.Configuration.Binder 2.1.0
Retrieving Microsoft.Extensions.Configuration.EnvironmentVariables 2.1.1
Retrieving Microsoft.Extensions.Configuration.FileExtensions 3.1.18
Retrieving Microsoft.Extensions.Configuration.Json 2.1.0
Retrieving Microsoft.Extensions.DependencyInjection 5.0.2
Retrieving Microsoft.Extensions.DependencyInjection.Abstractions 5.0.0
Retrieving Microsoft.Extensions.DependencyModel 2.0.4
Retrieving Microsoft.Extensions.FileProviders.Abstractions 3.1.18
Retrieving Microsoft.Extensions.FileProviders.Physical 3.1.18
Retrieving Microsoft.Extensions.FileSystemGlobbing 3.1.18
Retrieving Microsoft.Extensions.Hosting 2.1.0
Retrieving Microsoft.Extensions.Hosting.Abstractions 3.1.8
Retrieving Microsoft.Extensions.Http 5.0.0
Retrieving Microsoft.Extensions.Logging 5.0.0
Retrieving Microsoft.Extensions.Logging.Abstractions 5.0.0
Retrieving Microsoft.Extensions.Logging.ApplicationInsights 2.16.0
Retrieving Microsoft.Extensions.Logging.Configuration 2.1.0
Retrieving Microsoft.Extensions.ObjectPool 2.1.1
Retrieving Microsoft.Extensions.Options 5.0.0
Retrieving Microsoft.Extensions.Options.ConfigurationExtensions 2.1.0
Retrieving Microsoft.Extensions.Primitives 5.0.0
Retrieving Microsoft.Identity.Client 4.14.0
Retrieving Microsoft.IdentityModel.Clients.ActiveDirectory 3.14.2
Retrieving Microsoft.IdentityModel.JsonWebTokens 6.12.2
Retrieving Microsoft.IdentityModel.Logging 6.12.2
Retrieving Microsoft.IdentityModel.Protocols 5.6.0
Retrieving Microsoft.IdentityModel.Protocols.OpenIdConnect 5.6.0
Retrieving Microsoft.IdentityModel.Tokens 6.12.2
Retrieving Microsoft.Net.Http.Headers 2.1.1
Retrieving Microsoft.NETCore.Platforms 5.0.0
Retrieving Microsoft.NETCore.Targets 1.1.3
Retrieving Microsoft.OData.Core 7.5.0
Retrieving Microsoft.OData.Edm 7.5.0
Retrieving Microsoft.Rest.ClientRuntime 2.3.20
Retrieving GitHub license for repository Microsoft/dotnet and ref master
Retrieving Microsoft.Rest.ClientRuntime.Azure 3.3.18
Retrieving GitHub license for repository Microsoft/dotnet and ref master
Retrieving Microsoft.SourceLink.AzureRepos.Git 1.1.0-beta-20206-02
Retrieving Microsoft.SourceLink.Common 1.1.0-beta-20206-02
Retrieving Microsoft.SourceLink.GitHub 1.1.0-beta-20206-02
Retrieving Microsoft.Spatial 7.5.0
Retrieving Microsoft.Win32.Primitives 4.3.0
Retrieving Microsoft.Win32.Registry 4.7.0
Retrieving Microsoft.Win32.SystemEvents 5.0.0
Retrieving ncrontab.signed 3.3.0
Retrieving Nerdbank.GitVersioning 3.4.231
Retrieving NETStandard.Library 2.0.1
Retrieving Newtonsoft.Json 13.0.1
Retrieving Pipelines.Sockets.Unofficial 2.0.17
Retrieving GitHub license for repository mgravell/Pipelines.Sockets.Unofficial and ref master
Retrieving Polly 7.2.2
Retrieving runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.native.System 4.3.0
Retrieving runtime.native.System.Net.Http 4.3.0
Retrieving runtime.native.System.Net.Security 4.3.0
Retrieving runtime.native.System.Security.Cryptography.Apple 4.3.0
Retrieving runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple 4.3.0
Retrieving runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2
Retrieving Serilog 2.10.0
Retrieving Serilog.AspNetCore 4.1.0
Retrieving Serilog.Enrichers.Thread 3.1.0
Retrieving Serilog.Exceptions 7.0.0
Retrieving Serilog.Extensions.Hosting 4.1.2
Retrieving Serilog.Extensions.Logging 3.0.1
Retrieving Serilog.Formatting.Compact 1.1.0
Retrieving Serilog.Settings.AppSettings 2.2.2
Retrieving Serilog.Settings.Configuration 3.1.0
Retrieving Serilog.Sinks.ApplicationInsights 3.1.0
Retrieving Serilog.Sinks.AzureAnalytics 4.7.0
Retrieving Serilog.Sinks.Console 3.1.1
Retrieving Serilog.Sinks.Debug 2.0.0
Retrieving Serilog.Sinks.File 4.1.0
Retrieving StackExchange.Redis 2.0.593
Retrieving syngo.CT.teamplay.PullPlugin.Packaging 5.2.17
Retrieving syngo.CT.teamplay.PushPlugin.Packaging 5.2.4
Retrieving syngo.MI.teamplay.PullPlugin.Packaging 5.2.3
Retrieving syngo.MI.teamplay.PushPlugin.Packaging 5.2.6
Retrieving syngo.MR.teamplay.PullPlugin.Packaging 5.2.1
Retrieving System.AppContext 4.1.0
Retrieving System.Buffers 4.5.1
Retrieving System.Collections 4.3.0
Retrieving System.Collections.Concurrent 4.3.0
Retrieving System.Collections.Immutable 5.0.0
Retrieving System.Collections.NonGeneric 4.3.0
Retrieving System.Collections.Specialized 4.3.0
Retrieving System.ComponentModel 4.3.0
Retrieving System.ComponentModel.Annotations 5.0.0
Retrieving System.ComponentModel.Primitives 4.3.0
Retrieving System.ComponentModel.TypeConverter 4.3.0
Retrieving System.Configuration.ConfigurationManager 5.0.0
Retrieving System.Console 4.3.0
Retrieving System.Diagnostics.Debug 4.3.0
Retrieving System.Diagnostics.DiagnosticSource 5.0.1
Retrieving System.Diagnostics.PerformanceCounter 4.7.0
Retrieving System.Diagnostics.Process 4.3.0
Retrieving System.Diagnostics.StackTrace 4.3.0
Retrieving System.Diagnostics.Tools 4.3.0
Retrieving System.Diagnostics.TraceSource 4.3.0
Retrieving System.Diagnostics.Tracing 4.3.0
Retrieving System.Drawing.Common 5.0.0
Retrieving System.Dynamic.Runtime 4.0.11
Retrieving System.Globalization 4.3.0
Retrieving System.Globalization.Calendars 4.3.0
Retrieving System.Globalization.Extensions 4.3.0
Retrieving System.IdentityModel.Tokens.Jwt 6.12.2
Retrieving System.IO 4.3.0
Retrieving System.IO.FileSystem 4.3.0
Retrieving System.IO.FileSystem.AccessControl 4.7.0
Retrieving System.IO.FileSystem.Primitives 4.3.0
Retrieving System.IO.Pipelines 4.5.2
Retrieving System.Linq 4.3.0
Retrieving System.Linq.Expressions 4.1.0
Retrieving System.Linq.Queryable 4.0.1
Retrieving System.Memory 4.5.4
Retrieving System.Memory.Data 1.0.2
Retrieving System.Net.Http 4.3.4
Retrieving System.Net.NameResolution 4.3.0
Retrieving System.Net.NetworkInformation 4.1.0
Retrieving System.Net.Primitives 4.3.0
Retrieving System.Net.Requests 4.0.11
Retrieving System.Net.Security 4.3.2
Retrieving System.Net.Sockets 4.1.0
Retrieving System.Net.WebHeaderCollection 4.0.1
Retrieving System.Net.WebSockets 4.0.0
Retrieving System.Net.WebSockets.Client 4.0.2
Retrieving System.Numerics.Vectors 4.5.0
Retrieving System.ObjectModel 4.0.12
Retrieving System.Private.DataContractSerialization 4.3.0
Retrieving System.Private.Uri 4.3.2
Retrieving System.Reflection 4.3.0
Retrieving System.Reflection.Emit 4.3.0
Retrieving System.Reflection.Emit.ILGeneration 4.3.0
Retrieving System.Reflection.Emit.Lightweight 4.3.0
Retrieving System.Reflection.Extensions 4.3.0
Retrieving System.Reflection.Metadata 1.6.0
Retrieving System.Reflection.Primitives 4.3.0
Retrieving System.Reflection.TypeExtensions 4.7.0
Retrieving System.Resources.ResourceManager 4.3.0
Retrieving System.Runtime 4.3.0
Retrieving System.Runtime.Caching 4.7.0
Retrieving System.Runtime.CompilerServices.Unsafe 4.5.2
Retrieving System.Runtime.Extensions 4.3.0
Retrieving System.Runtime.Handles 4.3.0
Retrieving System.Runtime.InteropServices 4.3.0
Retrieving System.Runtime.InteropServices.RuntimeInformation 4.3.0
Retrieving System.Runtime.Numerics 4.3.0
Retrieving System.Runtime.Serialization.Formatters 4.3.0
Retrieving System.Runtime.Serialization.Json 4.3.0
Retrieving System.Runtime.Serialization.Primitives 4.3.0
Retrieving System.Security.AccessControl 5.0.0
Retrieving System.Security.Claims 4.3.0
Retrieving System.Security.Cryptography.Algorithms 4.3.0
Retrieving System.Security.Cryptography.Cng 4.5.0
Retrieving System.Security.Cryptography.Csp 4.3.0
Retrieving System.Security.Cryptography.Encoding 4.3.0
Retrieving System.Security.Cryptography.OpenSsl 4.3.0
Retrieving System.Security.Cryptography.Primitives 4.3.0
Retrieving System.Security.Cryptography.ProtectedData 5.0.0
Retrieving System.Security.Cryptography.X509Certificates 4.3.0
Retrieving System.Security.Permissions 5.0.0
Retrieving System.Security.Principal 4.3.0
Retrieving System.Security.Principal.Windows 5.0.0
Retrieving System.Security.SecureString 4.3.0
Retrieving System.Text.Encoding 4.3.0
Retrieving System.Text.Encoding.CodePages 4.7.0
Retrieving System.Text.Encoding.Extensions 4.3.0
Retrieving System.Text.Encodings.Web 4.7.2
Retrieving System.Text.Json 5.0.2
Retrieving System.Text.RegularExpressions 4.3.0
Retrieving System.Threading 4.3.0
Retrieving System.Threading.Channels 4.5.0
Retrieving System.Threading.Overlapped 4.0.1
Retrieving System.Threading.Tasks 4.3.0
Retrieving System.Threading.Tasks.Dataflow 4.8.0
Retrieving System.Threading.Tasks.Extensions 4.5.2
Retrieving System.Threading.Thread 4.3.0
Retrieving System.Threading.ThreadPool 4.3.0
Retrieving System.Threading.Timer 4.0.1
Retrieving System.Windows.Extensions 5.0.0
Retrieving System.Xml.ReaderWriter 4.3.0
Retrieving System.Xml.XDocument 4.3.0
Retrieving System.Xml.XmlDocument 4.3.0
Retrieving System.Xml.XmlSerializer 4.3.0
Retrieving XliffTasks 1.0.0-beta.20502.2
Retrieving Microsoft.IdentityModel.JsonWebTokens 5.6.0
Retrieving Microsoft.IdentityModel.Logging 5.6.0
Retrieving Microsoft.IdentityModel.Tokens 5.6.0
Retrieving Microsoft.NETCore.Platforms 3.1.0
Retrieving Microsoft.Win32.SystemEvents 4.7.0
Retrieving System.Configuration.ConfigurationManager 4.7.0
Retrieving System.Drawing.Common 4.7.0
Retrieving System.IdentityModel.Tokens.Jwt 5.6.0
Retrieving System.Reflection.TypeExtensions 4.3.0
Retrieving System.Security.AccessControl 4.7.0
Retrieving System.Security.Cryptography.ProtectedData 4.7.0
Retrieving System.Security.Permissions 4.7.0
Retrieving System.Security.Principal.Windows 4.7.0
Retrieving System.Threading.Tasks.Extensions 4.3.0
Retrieving System.Windows.Extensions 4.7.0
Retrieving LibLog 5.0.8
Retrieving Microsoft.CodeCoverage 16.6.1
Retrieving Microsoft.Extensions.CommandLineUtils 1.1.1
Retrieving Microsoft.Extensions.Configuration 5.0.0
Retrieving Microsoft.Extensions.Configuration.FileExtensions 5.0.0
Retrieving Microsoft.Extensions.Configuration.Json 5.0.0
Retrieving Microsoft.Extensions.FileProviders.Abstractions 5.0.0
Retrieving Microsoft.Extensions.FileProviders.Physical 5.0.0
Retrieving Microsoft.Extensions.FileSystemGlobbing 5.0.0
Retrieving Microsoft.NET.Test.Sdk 16.6.1
Retrieving Microsoft.TestPlatform.ObjectModel 16.6.1
Retrieving Microsoft.TestPlatform.TestHost 16.6.1
Retrieving Microsoft.Win32.Registry 5.0.0
Retrieving NuGet.Frameworks 5.0.0
Retrieving System.CodeDom 5.0.0
Retrieving System.Diagnostics.EventLog 5.0.0
Retrieving System.DirectoryServices 5.0.0
Retrieving System.IO.FileSystem.AccessControl 5.0.0
Retrieving System.Management 5.0.0
Retrieving System.ServiceProcess.ServiceController 5.0.0
Retrieving Microsoft.NETCore.Platforms 1.1.0
Retrieving Microsoft.NETCore.Targets 1.1.0
Retrieving NETStandard.Library 1.6.1
Retrieving runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.native.System.IO.Compression 4.3.0
Retrieving runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0
Retrieving System.AppContext 4.3.0
Retrieving System.Buffers 4.3.0
Retrieving System.Diagnostics.DiagnosticSource 4.3.0
Retrieving System.IO.Compression 4.3.0
Retrieving System.IO.Compression.ZipFile 4.3.0
Retrieving System.Linq.Expressions 4.3.0
Retrieving System.Net.Http 4.3.0
Retrieving System.Net.Sockets 4.3.0
Retrieving System.ObjectModel 4.3.0
Retrieving System.Security.Cryptography.Cng 4.3.0
Retrieving System.Threading.Timer 4.3.0
Retrieving AutoMapper 10.1.1
Retrieving AutoMapper.Extensions.Microsoft.DependencyInjection 8.1.1
Retrieving Microsoft.ApplicationInsights.AspNetCore 2.18.0
Retrieving Microsoft.ApplicationInsights.DependencyCollector 2.18.0
Retrieving Microsoft.ApplicationInsights.EventCounterCollector 2.18.0
Retrieving Microsoft.ApplicationInsights.PerfCounterCollector 2.18.0
Retrieving Microsoft.ApplicationInsights.WindowsServer 2.18.0
Retrieving Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel 2.18.0
Retrieving Microsoft.AspNet.WebApi.Client 5.2.6
Retrieving Microsoft.AspNetCore.Authentication.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Authentication.Core 2.2.0
Retrieving Microsoft.AspNetCore.Authentication.JwtBearer 5.0.9
Retrieving Microsoft.AspNetCore.Authorization 2.2.0
Retrieving Microsoft.AspNetCore.Authorization.Policy 2.2.0
Retrieving Microsoft.AspNetCore.Hosting.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Hosting.Server.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Http 2.2.0
Retrieving Microsoft.AspNetCore.Http.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Http.Extensions 2.2.0
Retrieving Microsoft.AspNetCore.Http.Features 2.2.0
Retrieving Microsoft.AspNetCore.JsonPatch 5.0.9
Retrieving Microsoft.AspNetCore.Mvc.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Mvc.Core 2.2.0
Retrieving Microsoft.AspNetCore.Mvc.Formatters.Json 2.2.0
Retrieving Microsoft.AspNetCore.Mvc.NewtonsoftJson 5.0.9
Retrieving Microsoft.AspNetCore.Mvc.WebApiCompatShim 2.2.0
Retrieving Microsoft.AspNetCore.ResponseCaching.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.Routing 2.2.0
Retrieving Microsoft.AspNetCore.Routing.Abstractions 2.2.0
Retrieving Microsoft.AspNetCore.WebUtilities 2.2.0
Retrieving Microsoft.CSharp 4.7.0
Retrieving Microsoft.DotNet.PlatformAbstractions 2.1.0
Retrieving Microsoft.Extensions.ApiDescription.Server 3.0.0
Retrieving Microsoft.Extensions.Configuration.Binder 2.0.0
Retrieving Microsoft.Extensions.DependencyModel 2.1.0
Retrieving Microsoft.Extensions.Logging.ApplicationInsights 2.18.0
Retrieving Microsoft.Extensions.ObjectPool 2.2.0
Retrieving Microsoft.Extensions.Options.ConfigurationExtensions 2.0.0
Retrieving Microsoft.IdentityModel.Protocols 6.7.1
Retrieving Microsoft.IdentityModel.Protocols.OpenIdConnect 6.7.1
Retrieving Microsoft.Net.Http.Headers 2.2.0
Retrieving Microsoft.OpenApi 1.2.3
Retrieving GitHub license for repository Microsoft/OpenAPI.NET and ref master
Retrieving Newtonsoft.Json.Bson 1.0.2
Retrieving Pipelines.Sockets.Unofficial 2.2.0
Retrieving Serilog.Extensions.Logging.File 2.0.0
Retrieving Serilog.Sinks.Async 1.1.0
Retrieving Serilog.Sinks.RollingFile 3.3.0
Retrieving StackExchange.Redis 2.2.50
Retrieving Swashbuckle.AspNetCore 6.1.4
Retrieving Swashbuckle.AspNetCore.Annotations 6.1.5
Retrieving Swashbuckle.AspNetCore.Swagger 6.1.5
Retrieving Swashbuckle.AspNetCore.SwaggerGen 6.1.5
Retrieving Swashbuckle.AspNetCore.SwaggerUI 6.1.4
Retrieving syngo.Cloud.PM.ProtocolsComparer 5.1.24
Retrieving syngo.MR.teamplay.PushPlugin.Packaging 1.0.0
Retrieving System.Diagnostics.PerformanceCounter 5.0.0
Retrieving System.IO.Pipelines 5.0.0
Retrieving System.Reflection.Emit 4.7.0
Retrieving System.Private.ServiceModel 4.8.1
Retrieving System.Reflection.DispatchProxy 4.7.1
Retrieving System.Security.Cryptography.Cng 4.7.0
Retrieving System.Security.Cryptography.Pkcs 4.7.0
Retrieving System.Security.Cryptography.Xml 4.7.0
Retrieving System.ServiceModel.Primitives 4.8.1
Unhandled exception. System.Collections.Generic.KeyNotFoundException: The given key 'syngo.cloud.pm.sharedpullmodels' was not present in the dictionary.
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at CycloneDX.Program.OnExecuteAsync()
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at CycloneDX.Program.Main(String[] args) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Program.cs:line 110
   at CycloneDX.Program.<Main>(String[] args)

</p> </details>

created time in 3 days

issue openedhey24sheep/azure-flutter-tasks

Warnings in flutter build task: Use Cipheriv for counter mode of aes-256-ctr

Flutter Build Task Warnings: (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr (node:1654) Warning: Use Cipheriv for counter mode of aes-256-ctr

Please refer to https://github.com/microsoft/azure-pipelines-tasks/issues/12147 It seems that this will be fixed with the version of the task-lib ^2.9.0

created time in 8 days

issue openedNuGet/Home

[Bug]: Sporadically get NU3005 for package 'Microsoft.NETCore.Platforms 1.0.1' and 1.1.0

NuGet Product Used

dotnet.exe

Product Version

dotnet sdk 5.0.401

Worked before?

sporadic error

Impact

It's more difficult to complete my work

Repro Steps & Context

I am running dotnet restore but sporadically it fails because of: error NU3005: Package 'Microsoft.NETCore.Platforms 1.0.1' from source 'https://pkgs.dev.azure.com/XXXX/_packaging/XXXX/nuget/v3/index.json': The package signature file entry is invalid. The central directory header field 'compression method' has an invalid value (8).

The mentioned feed is our private Azure artifacts feed where we upload our used 3rdParty components from nuget.org. The AzureDevops agents are cloud hosted Azure Pipelines using the VMimage "windows-latest" No lock file is used!

I'm really upset because it doesn't always fail and don't understand why it fails! Would be great to understand it!

Verbose Logs

Determining projects to restore...
D:\a\1\s\Source\MYPROJECT.csproj : error NU3005: Package 'Microsoft.NETCore.Platforms 1.0.1' from source 'https://pkgs.dev.azure.com/XXXX/_packaging/XXXX/nuget/v3/index.json': The package signature file entry is invalid. The central directory header field 'compression method' has an invalid value (8).
  Failed to restore D:\a\1\s\Source\MYPROJECT.csproj (in 3.34 sec).

created time in 17 days

issue closedStackExchange/StackExchange.Redis

Newest release 2.2.62 is not shown in nuget.org

I saw in the release notes that there is a new version 2.2.62 available: https://stackexchange.github.io/StackExchange.Redis/ReleaseNotes.html

But I do not find it on nuget.org https://www.nuget.org/packages/StackExchange.Redis/

Did I miss something?

Thanks Patrick

closed time in 20 days

patspaeth

issue commentStackExchange/StackExchange.Redis

Newest release 2.2.62 is not shown in nuget.org

Thanks for clarification!

patspaeth

comment created time in 20 days

issue openedStackExchange/StackExchange.Redis

Newest release 2.2.62 is not shown in nuget.org

I saw in the release notes that there is a new version 2.2.62 available: https://stackexchange.github.io/StackExchange.Redis/ReleaseNotes.html

But I do not find it on nuget.org https://www.nuget.org/packages/StackExchange.Redis/

Did I miss something?

Thanks Patrick

created time in 20 days

pull request commentCycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

It seems very deterministic - macOS and my newly added tests. Unfortunately I cannot retest it here (no mac-os) Can we provide some github credentials for the runners?

patspaeth

comment created time in 2 months

pull request commentCycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

@coderpatros I am getting an error in the pipeline for the test: GitHubApiRateLimitExceeded (exitcode = 6) On my local PC it is working, do you have an idea?

patspaeth

comment created time in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Spaeth

commit sha 25f14752f25882b3a66d78a4d50639857269dc08

Packages from Testprojects will marked as scope="excluded" Signed-off-by: Patrick Spaeth <patrick.spaeth@t-online.de>

view details

push time in 2 months

fork patspaeth/cyclonedx-dotnet

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

https://cyclonedx.org/

fork in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Dwyer

commit sha 18fc51be5db9312af91d3604080a1a1f606f1827

Update NOTICE and copyright snippets Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org>

view details

Steve Springett

commit sha f532cba2309b1b9cbe4e5acee1876f1d56e788f7

Merge pull request #409 from CycloneDX/copyright Update NOTICE and copyright snippets

view details

dependabot[bot]

commit sha 59143b202a6b6c1ad90dc6790852fa360fe6b4d0

Bump System.IO.Abstractions from 13.2.42 to 13.2.43 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.42 to 13.2.43. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.42...v13.2.43) --- updated-dependencies: - dependency-name: System.IO.Abstractions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha a2f52279992bac5338775871d68f0e9156c019c7

Merge pull request #411 from CycloneDX/dependabot/nuget/System.IO.Abstractions-13.2.43 Bump System.IO.Abstractions from 13.2.42 to 13.2.43

view details

dependabot[bot]

commit sha 56e8266e08f906ea70ccdfa2010624bcb2629acf

Bump Microsoft.NET.Test.Sdk from 16.10.0 to 16.11.0 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.10.0 to 16.11.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](https://github.com/microsoft/vstest/compare/v16.10.0...v16.11.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 155e3a239a8b33dd779fcdc789b4b6cdf3431e50

Merge pull request #413 from CycloneDX/dependabot/nuget/Microsoft.NET.Test.Sdk-16.11.0

view details

dependabot[bot]

commit sha 475b14232ecaa70f06a0fa8f64ffb4e8344f612a

Bump System.IO.Abstractions.TestingHelpers from 13.2.42 to 13.2.43 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.42 to 13.2.43. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.42...v13.2.43) --- updated-dependencies: - dependency-name: System.IO.Abstractions.TestingHelpers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 68786664bf75f3029e4f27a6bc9980c289a76aef

Merge pull request #410 from CycloneDX/dependabot/nuget/System.IO.Abstractions.TestingHelpers-13.2.43 Bump System.IO.Abstractions.TestingHelpers from 13.2.42 to 13.2.43

view details

patspaeth

commit sha 5c4de5b54225661f2a781c6b77bdcf4c6389bedd

Merge branch 'CycloneDX:master' into master

view details

push time in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Dwyer

commit sha 8437d645da4d9981420eadcc98d6bdbe050c0194

Update NOTICE and copyright snippets Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 47bdc92d9c24357c2726aabd0b925bb7b32240f2

Bump System.IO.Abstractions from 13.2.42 to 13.2.43 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.42 to 13.2.43. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.42...v13.2.43) --- updated-dependencies: - dependency-name: System.IO.Abstractions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 51056c6b76433b237d6fb0b51824e5e14a6c0eb0

Bump Microsoft.NET.Test.Sdk from 16.10.0 to 16.11.0 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.10.0 to 16.11.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](https://github.com/microsoft/vstest/compare/v16.10.0...v16.11.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 7dab2f78a8dd86b141a676e9c67577d99fdb0906

Bump System.IO.Abstractions.TestingHelpers from 13.2.42 to 13.2.43 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.42 to 13.2.43. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.42...v13.2.43) --- updated-dependencies: - dependency-name: System.IO.Abstractions.TestingHelpers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Patrick Spaeth

commit sha e3a983f855956ed23b5fced4399e169a8cc9e650

Packages from Testprojects will marked as scope="excluded" Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

push time in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Spaeth

commit sha a489bd3139a398be2f3877273173a11183590155

Packages from Testprojects will marked as scope="excluded"

view details

push time in 2 months

fork patspaeth/cyclonedx-dotnet

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

https://cyclonedx.org/

fork in 2 months

push eventpatspaeth/cyclonedx-dotnet

Jan Kowalleck

commit sha 023ce7ac724d8ac4c4539dc8dbf6e7fa6b694d2b

Update CODEOWNERS fixed team name and added some comments

view details

Patrick Spaeth

commit sha 1cde1cfb4fb32e5c112c4b5d9416f1df8e4c980d

Add support for external reference "Models.v1_2.ExternalReference.ExternalReferenceType.Vcs" #360

view details

Patrick Spaeth

commit sha 387a6db015e3beca769c4750c06d6c8ed7b67ef9

Undo update of FXCopAnalyzers

view details

Patrick Dwyer

commit sha 60eed010ff5f175b0ab48cbbacab0cdb3650003a

Merge pull request #361 from patspaeth/support_reference_vcs Add support for external reference "Models.v1_2.ExternalReference.Ext…

view details

Patrick Dwyer

commit sha 3faff5ce22a3a7404594182eb7127fb63cc84099

Merge pull request #355 from jkowalleck/patch-1 Update CODEOWNERS

view details

Patrick Dwyer

commit sha 1f34db95435c08bc1d8a711e77459902715d923d

Feature release

view details

dependabot[bot]

commit sha 9551cfcef26155051ed1a2dd2ff410e2ac9956e2

Bump System.IO.Abstractions.TestingHelpers from 13.2.25 to 13.2.28 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.25 to 13.2.28. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.25...v13.2.28) Signed-off-by: dependabot[bot] <support@github.com>

view details

dependabot[bot]

commit sha 27ea38e433aedceb0357332357c967346fe6dc2d

Bump System.IO.Abstractions from 13.2.25 to 13.2.28 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.25 to 13.2.28. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.25...v13.2.28) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 7806320effd731d06a720c61fa83d2792acdfc21

Merge pull request #366 from CycloneDX/dependabot/nuget/System.IO.Abstractions-13.2.28 Bump System.IO.Abstractions from 13.2.25 to 13.2.28

view details

Patrick Dwyer

commit sha f20635b9d161737b6e612a879b8f5065539a63d4

Merge pull request #365 from CycloneDX/dependabot/nuget/System.IO.Abstractions.TestingHelpers-13.2.28 Bump System.IO.Abstractions.TestingHelpers from 13.2.25 to 13.2.28

view details

dependabot[bot]

commit sha 3a9b72eaf1b05c9896f96b53ca8d113113d9ed2f

Bump Microsoft.NET.Test.Sdk from 16.9.1 to 16.9.4 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.9.1 to 16.9.4. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](https://github.com/microsoft/vstest/compare/v16.9.1...v16.9.4) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha e5ebdf96197bc1418de9260eecb10f153b740181

Merge pull request #367 from CycloneDX/dependabot/nuget/Microsoft.NET.Test.Sdk-16.9.4 Bump Microsoft.NET.Test.Sdk from 16.9.1 to 16.9.4

view details

dependabot[bot]

commit sha 0020e1c2c65bc3b3e61ecfe8a63fd2115dd39165

Bump Snapshooter.Xunit from 0.6.1 to 0.6.2 Bumps [Snapshooter.Xunit](https://github.com/SwissLife-OSS/Snapshooter) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/SwissLife-OSS/Snapshooter/releases) - [Commits](https://github.com/SwissLife-OSS/Snapshooter/compare/0.6.1...0.6.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 17b6cb589a33a3131293d3349794fdc63a63d730

Merge pull request #370 from CycloneDX/dependabot/nuget/Snapshooter.Xunit-0.6.2 Bump Snapshooter.Xunit from 0.6.1 to 0.6.2

view details

dependabot[bot]

commit sha f1d2665a69f977a4b5758f835344324656562f06

Bump System.IO.Abstractions from 13.2.28 to 13.2.29 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.28 to 13.2.29. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.28...v13.2.29) Signed-off-by: dependabot[bot] <support@github.com>

view details

dependabot[bot]

commit sha 14df13785f004be4d5ec813d8003cdeabbbd1f58

Bump System.IO.Abstractions.TestingHelpers from 13.2.28 to 13.2.29 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.28 to 13.2.29. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.28...v13.2.29) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha db9979cd486409e19d8182520bc724602e01aee5

Merge pull request #371 from CycloneDX/dependabot/nuget/System.IO.Abstractions-13.2.29 Bump System.IO.Abstractions from 13.2.28 to 13.2.29

view details

Patrick Dwyer

commit sha c6bad17f0e04c24b94a298ca8010a7e8e1218603

Merge pull request #372 from CycloneDX/dependabot/nuget/System.IO.Abstractions.TestingHelpers-13.2.29 Bump System.IO.Abstractions.TestingHelpers from 13.2.28 to 13.2.29

view details

dependabot[bot]

commit sha 3c3f1cb29ecd1c019326b525405c473bbde9c4e2

Bump nuget.projectmodel from 5.9.0 to 5.9.1 Bumps [nuget.projectmodel](https://github.com/NuGet/NuGet.Client) from 5.9.0 to 5.9.1. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha f6d3d1c65b9b9e85de4afee173cc9ae57ad37101

Merge pull request #373 from CycloneDX/dependabot/nuget/nuget.projectmodel-5.9.1 Bump nuget.projectmodel from 5.9.0 to 5.9.1

view details

push time in 2 months

PR closed CycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

related to issue #415

Additionally implemented that the order of scope is required before excluded.

+14441 -277

4 comments

93 changed files

patspaeth

pr closed time in 2 months

pull request commentCycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

I will refork and re-do the changes. Hopefully it is working then

patspaeth

comment created time in 2 months

pull request commentCycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

Having looked at this some more, are you doing something like manually bringing in commits to an internal fork?

I really do not know, I was just executing this DCO step https://github.com/CycloneDX/cyclonedx-dotnet/pull/416/checks?check_run_id=3359182914 and then the whole history is now in this PR.

I created my fork when I have done my last changes, then made a sync with the origin (merge commits) and made on top of this my changes

patspaeth

comment created time in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Spaeth

commit sha 93c4a3342764134a6c8bae3086849c7b039a486b

Add support for external reference "Models.v1_2.ExternalReference.ExternalReferenceType.Vcs" #360 Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Patrick Spaeth

commit sha a1ae94f0736ded0d8bc18da43330cafb4b4d7f89

Undo update of FXCopAnalyzers Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Kowalleck

commit sha 3f84cbc34e376b682767defb2f1894e0bebd6825

Update CODEOWNERS fixed team name and added some comments Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Patrick Dwyer

commit sha d8b2689100e6ccc5509d73e8b1bb153581beeeb4

Feature release Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 0ea0a0dd9e73c7564f2c51ae4904f034e897afda

Bump System.IO.Abstractions from 13.2.25 to 13.2.28 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.25 to 13.2.28. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.25...v13.2.28) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 46d9a539833401a774c080d7ad3e3c533fb49ced

Bump System.IO.Abstractions.TestingHelpers from 13.2.25 to 13.2.28 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.25 to 13.2.28. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.25...v13.2.28) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 234cc5b04d31495501eca4350b081d1facdee87a

Bump Microsoft.NET.Test.Sdk from 16.9.1 to 16.9.4 Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 16.9.1 to 16.9.4. - [Release notes](https://github.com/microsoft/vstest/releases) - [Commits](https://github.com/microsoft/vstest/compare/v16.9.1...v16.9.4) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 667ddcccd43a864f07efd416b67380d6b6ff0724

Bump Snapshooter.Xunit from 0.6.1 to 0.6.2 Bumps [Snapshooter.Xunit](https://github.com/SwissLife-OSS/Snapshooter) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/SwissLife-OSS/Snapshooter/releases) - [Commits](https://github.com/SwissLife-OSS/Snapshooter/compare/0.6.1...0.6.2) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 83a72d2ea23cd3182782f08e62cd5356ebdb61d8

Bump System.IO.Abstractions from 13.2.28 to 13.2.29 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.28 to 13.2.29. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.28...v13.2.29) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha cb63c88c02562146c303658b5c86310b5d8a761e

Bump System.IO.Abstractions.TestingHelpers from 13.2.28 to 13.2.29 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.28 to 13.2.29. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.28...v13.2.29) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 0b8f22a7409423e730b3d4c3175cbc2ec45d0f30

Bump nuget.projectmodel from 5.9.0 to 5.9.1 Bumps [nuget.projectmodel](https://github.com/NuGet/NuGet.Client) from 5.9.0 to 5.9.1. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha 427a7070bca8b09e41366b5c3ef338c11a6b8c07

Bump System.IO.Abstractions from 13.2.29 to 13.2.31 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.29 to 13.2.31. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.29...v13.2.31) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

dependabot[bot]

commit sha b15b1f2eb85bba3642586e4b9e99dd0f79e0a260

Bump System.IO.Abstractions.TestingHelpers from 13.2.29 to 13.2.31 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.29 to 13.2.31. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.29...v13.2.31) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha f57b8730e1d1cbd4eef3987e5eddfadef307623b

Add support for component hashes Component hashes populated from .nupkg.sha512 or calculated from .nupkg content Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha 23cba08eb2d7e5a94e09fcf7038a06baf3934a57

Amend hashes in snapshots for integration tests Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha 5db2b04ce4734892db4be01619f603583fa7c00d

Fix hashes in integration test snapshots Previous snapshot were created on env. connected to private nuget repository that was adding company signatures - hence hashes differed from those from nuget.org Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha a59b65161df70b7ade716da059dda1b896d3013e

Force disabling implicit nuget fallback folder Implicit fallback is installed together with SDK, so can have different hashes then nugets from nuget.org (as repository signature is being added) Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha 84d51aef909ea1b6b9932b5fe2a08b54ceb3d01a

Disable nuget fallback folder usage during evidence creation To be properly crossplatform we should not use nugets from SDKs as those have differenet hashes then nugets from nuget.org (due to missing nuget.org signature) Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha 99377934d8d145eac798c9422736700936611b23

Revert "Force disabling implicit nuget fallback folder" This reverts commit 1f3a6ad9fb86b790df60e28eb11b04791cd40d26. Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

Jan Krivanek

commit sha 4fb897fe9844f76fc3d6ff9992572950bd9311a8

Revert "Disable nuget fallback folder usage during evidence creation" This reverts commit d224f08bd7aa95c91e3a8829faa4a413c5b91f00. Signed-off-by: Patrick Spaeth <patrick.spaeth@siemens-healthineers.com>

view details

push time in 2 months

PR opened CycloneDX/cyclonedx-dotnet

Packages from Testprojects will marked as scope="excluded"

related to issue #415

Additionally implemented that the order of scope is required before excluded.

+5364 -21

0 comment

17 changed files

pr created time in 2 months

push eventpatspaeth/cyclonedx-dotnet

dependabot[bot]

commit sha 475b14232ecaa70f06a0fa8f64ffb4e8344f612a

Bump System.IO.Abstractions.TestingHelpers from 13.2.42 to 13.2.43 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 13.2.42 to 13.2.43. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v13.2.42...v13.2.43) --- updated-dependencies: - dependency-name: System.IO.Abstractions.TestingHelpers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 68786664bf75f3029e4f27a6bc9980c289a76aef

Merge pull request #410 from CycloneDX/dependabot/nuget/System.IO.Abstractions.TestingHelpers-13.2.43 Bump System.IO.Abstractions.TestingHelpers from 13.2.42 to 13.2.43

view details

patspaeth

commit sha 9334c3dd739652773f67a6b39044e6efda337cf6

Merge branch 'CycloneDX:master' into master

view details

push time in 2 months

push eventpatspaeth/cyclonedx-dotnet

Patrick Spaeth

commit sha a2cd988bfa57f0492b6d56bde82d9ce3d558f1bd

Add tests for TestProjects and fix issue with scope when testprojects are in first order

view details

push time in 2 months