-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use a folder path as entry point instead of Project/Solution files #728
Comments
Or use a glob statement that can match e.g. **/*.csproj oder others like some build tools support |
@rkg-mm The json file approach is a bit better because I could split my build pipeline into Build Job and SBOM Job. |
Please note: CycloneDX tool is using solution and C# project files to gather meta data e.g. Unfortunately, it does not support an array of C# project files. Maybe this would be helpful for you. |
I need some more detailed information here. I don't understand how or why you need to add components at compile time that are not yet known at design time. |
Suggestion: Use a folder path as entry point instead of Project/Solution files
recursively search in the folder for the following files
or
Background: Our MSBuild based build scripts are not in the solution and are not taken into account in the dependency scan. Although they also use NuGet Packages which would be relevant for the SBOM
I'm sure the JSON files approach can simplify the whole process pretty much. Because there is no need for a time-consuming search for the dependencies via the project/solution files or the build for the scan of the dependencies could be omitted entirely. A single requirement of the scan can be the existence of the mentioned json files. It doesn't matter how they come about
The text was updated successfully, but these errors were encountered: