Comments (9)
karolswdev
commented on August 15, 2024
1
We incorporated the creating of a NuGet.Config file in our CI/CD pipeline to ensure private package reference resolution. The entire content of the NuGet.Config file is stored in a GItHub secret.
This is our step:
- name: Create Nuget.Config file π
run: |
cat << EOF > ./NuGet.Config
${{ secrets.nuget_config }}
EOFfrom cyclonedx-dotnet.
coderpatros
commented on August 15, 2024
1
Ah, that might actually be the same issue as #74.
I have a fix pending merge in PR #75.
from cyclonedx-dotnet.
Zargath
commented on August 15, 2024
1
@coderpatros, I just tested your latest PR merge (built it locally) and it looks to have fixed my issue! πThe package information from my private feed is there, with the description this time, and its child dependencies are now included in that bom.
Thanks for the quick fix!
Edouard
from cyclonedx-dotnet.
Zargath
commented on August 15, 2024
1
Hi @coderpatros, Just tested with v0.9.2, working as expected now!
Thank you!
from cyclonedx-dotnet.
coderpatros
commented on August 15, 2024
Hi @Zargath. Internally it uses dotnet restore so it should pick up any configured nuget feeds, credentials and credential providers available to the standard restore task.
Are you getting this running it locally, or in a CI/CD pipeline?
The easiest way, I've come across, to edit your nuget sources for credentials is to use the nuget sources command https://docs.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-sources
from cyclonedx-dotnet.
coderpatros
commented on August 15, 2024
And the reason for the change is that previously any direct or transitive dependencies in your private nuget packages were not being added to the BOM.
from cyclonedx-dotnet.
Zargath
commented on August 15, 2024
Hi @coderpatros,
Thanks for the quick response! I look forward to being able to use the update since we have been creating a BOM for the private feed projects as well to be scanned separately.
I initially received the error in the CI pipeline and I've been able to reproduce it locally. We use Azure Active directory integration for our authentication. dotnet restore works without a hitch and the source is properly configured in the dotnet sources listing. No credentials are stored in the NuGet.config file for this source.
This is the original error I received that I get locally as well when I don't specify the feed url as a parameter to CycloneDX.
from cyclonedx-dotnet.
Zargath
commented on August 15, 2024
Ohhh that does look like it would fix my issue as well!
from cyclonedx-dotnet.
coderpatros
commented on August 15, 2024
@Zargath this should be fixed now in v0.9.2. Can you please confirm and close this issue if it has. Thanks
from cyclonedx-dotnet.
Related Issues (20)
- "Unable to locate valid bom ref" when AssemblyName is != project name in referenced project HOT 15
- BOM should include Framework Components HOT 5
- File Globbing ProjectReferences not supported HOT 3
- dotnet CycloneDX Use these two parameters: --exclude-test-projects --exclude-dev why doesn't it work? I want to delete the name in the box HOT 4
- Set additional properties when generating sbom for nugets HOT 3
- Scope property is always being set to required HOT 6
- Utilize package mapping to source additional information HOT 1
- Exclude developer dependencies is not reflecting real runtime dependencies HOT 2
- Support providing a solution filter HOT 6
- System.UnauthorizedAccessException thrown if .csproj file is read-only HOT 3
- Inconsistent Timestamp Representation in XML and JSON BOM Files HOT 3
- CycloneDX should fail when the provided project file was not found HOT 3
- Read version from project file
- CycloneDX.NET finishes successfully when package restore fails HOT 4
- Invalid license URL is generated HOT 3
- Schema validation fails with git style URL HOT 5
- Populate more properties of the root conponent
- Grpc.Tools version 2.55.1 not resolved to specific version error HOT 3
- Add support for X# Project files HOT 1
- Unsupported project types are included in the processing if they are referenced from a supported project type. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-dotnet.