Replies: 2 comments 1 reply
-
Solution bom is basically aggregating all projects but currently expects to not find dependencies is different versions. I consider this a bug and it's probably the case here. If you can generate the sbom from a csproj you should prefer that, it's generally more reliable (if you use packagesReference and not packages.config) |
Beta Was this translation helpful? Give feedback.
-
I am running the same command:
Something here smells fishy and horribly bugged |
Beta Was this translation helpful? Give feedback.
-
Hi I am trying to generate BOM file for my .sln using CycloneDX 3.0.5.0 and I keep getting an error:
"Unable to locate valid bom ref for NETStandard.Library [2.0.1, )"
And couple of these: "Dependency (NETStandard.Library) with version range ([2.0.1, )) referenced by (Name:Microsoft.Azure.Storage.Queue Version:11.1.7) did not resolve to a specific version."
The thing is when I go .csproj after .csproj everything goes smooth I mean the latter error keeps popping up but the BOM gets generated regardless. And another thing is when I am looking for something that references NETStandard.Library with version 2.0.1 - there is nothing ... I don't know maybe I'm just blind or looking somewhere else
Beta Was this translation helpful? Give feedback.
All reactions