File Globbing ProjectReferences not supported

[mwwhited]

Since you don't support file globbing in ProjectReference is there way to exclude projects without creating a custom solution files? Especially since you don't support Microsoft.Build.Traversal projects.

I use the file globbing to create wrapper projects to compose library sets without having to explicitly add references to each individual project.

Project file "XXX\**\*.Abstractions.csproj" does not exist
Unhandled exception: System.IO.IOException: The filename, directory name, or volume label syntax is incorrect. : 'XXX\**\*.Abstractions.csproj'
   at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at System.IO.Abstractions.FileStreamFactory.New(String path, FileMode mode)
   at CycloneDX.Services.ProjectFileService.GetProjectNameAndVersion(String projectFilePath) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Services/ProjectFileService.cs:line 86
   at CycloneDX.Services.ProjectFileService.RecursivelyGetProjectReferencesAsync(String projectFilePath) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Services/ProjectFileService.cs:line 312
   at CycloneDX.Services.SolutionFileService.GetSolutionProjectReferencesAsync(String solutionFilePath) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Services/SolutionFileService.cs:line 73
   at CycloneDX.Services.SolutionFileService.GetSolutionDotnetDependencys(String solutionFilePath, String baseIntermediateOutputPath, Boolean excludeTestProjects, String framework, String runtime) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Services/SolutionFileService.cs:line 99
   at CycloneDX.Runner.HandleCommandAsync(RunOptions options) in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Runner.cs:line 167
   at CycloneDX.Program.<>c__DisplayClass0_0.<<Main>b__2>d.MoveNext() in /home/runner/work/cyclonedx-dotnet/cyclonedx-dotnet/CycloneDX/Program.cs:line 137
--- End of stack trace from previous location ---
   at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.AnonymousCommandHandler.SyncUsingAsync(InvocationContext context)
   at System.CommandLine.Invocation.AnonymousCommandHandler.Invoke(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()
"SBOM Failed 1"

[mwwhited]

Never mind, you fixed in this in 3.0.5

[mtsfoni]

Currently working on using the library buildalyzer to read the project and solution file. I expect it to be able to properly handle those glob statements.

In 3.0.5 I fixed the exception, however it just accepts that it cannot find a project file and adds it with the given filename. So I assume the glob statement should be the component name in your SBOM.

I see calling the cyclonedx dotnet tool on a solution as kind of shortcut that only work correctly for certain small solution. You might see better results when you call it on your root project. In that case, the tool generates the SBOM from the assets-file generated by dotnet restore which usually contains a complete building plan for the project and the cyclonedx tool doesn't even have to read any .csproj file.

[mwwhited]

I am calling the tool against the solution file. For my scenario skipping the problem project doesn't really matter as the project that caused the errors was just a composite library intended to provide a reduced number of references for applications when you want to use the entire framework.

My project is an extension of .Net in general. Unfortunately this is an internal framework I cannot share at this time. I can see about creating a simplified example to demonstrate the technique and what I'm trying to accomplish.