Open thomashauser opened 1 year ago
mtsfoni
commented
1 year ago I have no answer for you offhand without reproducing some parts of the setup.
As a workaround, you could try to first add the feed to nugget via dotnet nuget add, and then call cycloneDX without us/usp.
This might help further diagnosing where the issue stems from.
mtsfoni
commented
1 year ago docker run --rm -v c:\source\repos\symbio-base:/home/docker/data/ cyclonedx/cyclonedx-dotnet /home/docker/data/Symbio.Base.sln -o /home/docker/data/src/bom/dotnet/ -dgl -us test -usp MY_AUTH_TOKEN
I realize there is no -u parameter. The username and password are only used if there is a value for -u set
Something like this should work (not sure about the exact path -u needs):
docker run --rm -v c:\source\repos\symbio-base:/home/docker/data/ cyclonedx/cyclonedx-dotnet /home/docker/data/Symbio.Base.sln -o /home/docker/data/src/bom/dotnet/ -dgl -u https://pkgs.dev.azure.com/COMPANY/_packaging/FEEDNAME/nuget/v3/ -us test -usp MY_AUTH_TOKEN
A short feedback if your issue is solved is welcome.
thomashauser
commented
1 year ago We also tried using the "-u" parameter, but without success. The following fix solves our problem for the time being, even if it is not necessarily the best solution:
Write-Host "Run cyclonedx-dotnet"
dotnet nuget add source https://pkgs.dev.azure.com/COMPANY/_packaging/FEEDNAME/nuget/v3/index.json -n XX --configfile .${{ parameters.solutionRoot }}/nuget.config -p $env:PAT -u test --store-password-in-clear-text --valid-authentication-types basic,negotiate
dotnet nuget update source XX -s https://pkgs.dev.azure.com/COMPANY/_packaging/FEEDNAME/nuget/v3/index.json --configfile .${{ parameters.solutionRoot }}/nuget.config -p $env:PAT -u test --store-password-in-clear-text --valid-authentication-types basic,negotiate
New-Item -Path ./src/bom -ItemType Directory -Force
$process = Start-Process `
-FilePath docker `
-ArgumentList "run --rm -v $(Get-Location | select -ExpandProperty Path)${{ parameters.solutionRoot }}:/home/docker/data${{ parameters.solutionRoot }} cyclonedx/cyclonedx-dotnet /home/docker/data${{ parameters.solutionRoot }}/${{ parameters.solutionName }} -o /home/docker/data/src/bom/dotnet/ -dgl" `
-NoNewWindow `
-Wait
Write-Host "DONE with return code $($process.ExitCode)"I tried to generate a NuGet-Apikey in Nexus Repository and connect with it. I also got a status 401 then.
I found this issue at NuGet, explaining they don't use the apikeys for authentication when reading data: https://github.com/NuGet/Home/issues/4049#issuecomment-354946552
That could be the issue here. We just use those NuGet packages.
We use create the BOM file of our .NET projects by using cyclonedx-dotnet. Because of we publish now private nuget packages to our own feed, we changed the nuget.config to use the custom feed
MY_AUTH_TOKEN is a token from me (project collection admin) and has full access. Only to be sure, that is not an authentication problem. In the Azure DevOps pipeline by using $(System.AccessToken) its not running, too. But we use this connection already for the build stage, there the nuget restore is working.