Closed mwwhited closed 5 months ago
Never mind, you fixed in this in 3.0.5
Currently working on using the library buildalyzer to read the project and solution file. I expect it to be able to properly handle those glob statements.
In 3.0.5 I fixed the exception, however it just accepts that it cannot find a project file and adds it with the given filename. So I assume the glob statement should be the component name in your SBOM.
I see calling the cyclonedx dotnet tool on a solution as kind of shortcut that only work correctly for certain small solution.
You might see better results when you call it on your root project.
In that case, the tool generates the SBOM from the assets-file generated by dotnet restore
which usually contains a complete building plan for the project and the cyclonedx tool doesn't even have to read any .csproj file.
I am calling the tool against the solution file. For my scenario skipping the problem project doesn't really matter as the project that caused the errors was just a composite library intended to provide a reduced number of references for applications when you want to use the entire framework.
My project is an extension of .Net in general. Unfortunately this is an internal framework I cannot share at this time. I can see about creating a simplified example to demonstrate the technique and what I'm trying to accomplish.
Since you don't support file globbing in
ProjectReference
is there way to exclude projects without creating a custom solution files? Especially since you don't support Microsoft.Build.Traversal projects.I use the file globbing to create wrapper projects to compose library sets without having to explicitly add references to each individual project.