SBOM list of repos left for signoff

[epananth]

• [ ] This issue is blocking
• [ ] This issue is causing unreasonable pain

Repos we need signoff for SBOM generation

Repository	Owner	Status	Does this need sbom?	Notes
dotnet-project-system	MiYanni			Spl case, inserts to VS
SignalR-SignalR	BrennanConroy	✔️		working on arcade update
dotnet-insertions-client	bekir-ozturk
dotnet-deployment-tools	NikolaMilosavljevic	✔️		I think I saw a PR in that repo
dotnet-diagnostics-internal-components	hoyosjs
dotnet-machinelearning-assets	ericstj	✔️		they were working on getting the arcade update
dotnet-maui	antonfirsov			arcade update is flowing? Not sure
dotnet-microsoft.maui.graphics	mjbond-msft		arcade update is flowing?
dotnet-optimization	DrewScoggins
dotnet-try-convert	jmarolf	✔️		last update was in oct 21st
dotnet-winforms-datavisualization				last update was in dec 31st
dotnet-wpf-int	singhashish-wpf			I see release/6.0 generating SBOM but not in main. Is that expected?
Microsoft-clrmd				Needs arcade update
microsoft-vstest	Evangelink
vs-code-coverage
dotnet-symuploader	hoyosjs			Not sure
dotnet-spark	suhsteve			Needs arcade update
Nuget.BuildTasks	MiYanni			Spl case, gets arcade update and inserts only to VS
ASP.Net Classic nuget packages	StephenMolloy			New case, has not been updated in a few years (added 3/8 to this list)

created PR but not updated the issue	Repository	Owner	Status	Does this need sbom?	Notes
dotnet-roslyn-tools	JoeRobich	✔️
dotnet-roslyn	JoeRobich	✔️		Still needs update to reference SBOM from VS Component manifests.
dotnet-roslyn-sdk	JoeRobich	✔️

SBOM tool failure	Repository	Owner	Status	Does this need sbom?	Notes
dotnet-aspnetcore and dotnet-runtime	dougbu		Alpine legs fail	https://github.com/microsoft/dropvalidator/issues/397
dotnet-llvm-project	akoeplinger		Problem with symlinks	(https://github.com/microsoft/dropvalidator/issues/368)

[BrennanConroy]

aspnet-SignalR-Client-Cpp needs more info https://github.com/dotnet/arcade/issues/8477#issuecomment-1043324121 SignalR-SignalR is almost working, has a PR to fix some conditions

[epananth]

@BrennanConroy which is fully C++ and ships as code - we don't need to create SBOM for this. Sorry I missed this conversation

[epananth]

Moving this to comment, as I was able to verify these repos

These repos I know that they have sboms working, but have not reported back	Repository	Owner	Status	Does this need sbom?	Notes
dotnet-wcf	HongGit
dotnet-symreader	hoyosjs
dotnet-symreader-converter	hoyosjs
dotnet-symreader-portable	hoyosjs
dotnet-symstore	hoyosjs
dotnet-tye	philliphoff
dotnet-winforms-designer	dreddy-work
dotnet-wpf	singhashish-wpf
dotnet-xharness	akoeplinger
dotnet-Scaffolding	deepchoudhery
dotnet-roslyn-analyzers	JoeRobich	✔️
dotnet-performance	wfurt
dotnet-msquic	wfurt
dotnet-diagnostics	hoyosjs
dotnet-fsharp	brettfo/kevinransom		Needs arcade update
dotnet-interactive	colombod			Needs arcade update
dotnet-razor-tooling	NTaylorMullen			Needs arcade update
dotnet-test-templates	Haplois			Needs arcade update
dotnet-command-line-api	vlada-shubina
dotnet-msbuild	rainersigwald			I see sbom generated but did not get confirmation from the team
dotnet-project-system-tools	MiYanni			Got arcade update yet to hear back about validation

[Haplois]

For dotnet-test-templates, we updated arcade, and sbom is generated as part of our pipeline.

[premun]

@epananth dotnet-xharness should be handled by our team

[BrennanConroy]

SignalR/SignalR done

[epananth]

For dotnet-test-templates, we updated arcade, and sbom is generated as part of our pipeline.

thank you !

[epananth]

@epananth dotnet-xharness should be handled by our team

okay, will change owner. It is validated..

[epananth]

SignalR/SignalR done

thanks

[MiYanni]

@epananth The dotnet-project-system has now been verified to have SBOM. The insertion PR hasn't merged yet, but the SBOM check has passed. https://devdiv.visualstudio.com/DevDiv/_git/VS/pullrequest/385416

[epananth]

calling this done and closing this issue