They are passed to parameters of the GenerateSbom task, but the resulting SBOM contains no license information, and the SBOMTelemetry log entry shows FetchLicenseInformation=null, EnablePackageMetadataParsing=null.
If I instead use sbom-tool with -pm true -li true, then the SBOM shows "licenseConcluded": "MIT" and/or "licenseDeclared": "MIT" for some packages, so the bug is in the MSBuild integration.
AFAICT, src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs for .NET Framework uses those parameters (but then fails because of https://github.com/microsoft/sbom-tool/issues/719), but src/Microsoft.Sbom.Targets/GenerateSbomTask.cs for .NET Core ignores the parameters.
These properties don't take effect when I set them in my project:
They are passed to parameters of the
GenerateSbomtask, but the resulting SBOM contains no license information, and theSBOMTelemetrylog entry showsFetchLicenseInformation=null, EnablePackageMetadataParsing=null.If I instead use
sbom-toolwith-pm true -li true, then the SBOM shows"licenseConcluded": "MIT"and/or"licenseDeclared": "MIT"for some packages, so the bug is in the MSBuild integration.AFAICT,
src/Microsoft.Sbom.Targets/SbomCLIToolTask.csfor .NET Framework uses those parameters (but then fails because of https://github.com/microsoft/sbom-tool/issues/719), butsrc/Microsoft.Sbom.Targets/GenerateSbomTask.csfor .NET Core ignores the parameters.Originally posted by @KalleOlaviNiemitalo in https://github.com/microsoft/sbom-tool/issues/693#issuecomment-2341488913