From e56b7e3acdac84fb5f32b7b602ea50039e146134 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Wed, 17 Jul 2024 08:38:56 -0700
Subject: [PATCH 01/11] update nuget package format and surface errors

---
 .../Microsoft.Sbom.Targets.targets            | 50 +++++++++++++------
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs |  3 +-
 2 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index 84012489..2ebaff5a 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -15,6 +15,15 @@
     <!--Set the SBOM CLI Tool path. This variable is only used in SbomCLIToolTask.cs-->
     <SbomToolPath Condition=" '$(MSBuildRuntimeType)' == 'Full'">$(MSBuildThisFileDirectory)\..\tasks\$(GenerateSbom_TFM)\sbom-tool</SbomToolPath>
     <ManifestFolderName>_manifest</ManifestFolderName>
+    <SbomSpecification>spdx_2.2</SbomSpecification>
+  </PropertyGroup>
+
+  <!-- Copy the SBOM files to each respective target framework folder within the .nupkg -->
+  <PropertyGroup>
+    <TargetsForTfmSpecificBuildOutput>
+      $(TargetsForTfmSpecificBuildOutput);CopySbomOutput
+    </TargetsForTfmSpecificBuildOutput>
+    <AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.sha256</AllowedOutputExtensionsInPackageBuildOutputFolder>
   </PropertyGroup>
   
   <!--Based on the MSBuild runtime, GenerateSbom will either pull the GenerateSbomTask or SbomCLIToolTask logic-->
@@ -58,23 +67,34 @@
       <Output TaskParameter="SbomPath" PropertyName="SbomPathResult" />
     </GenerateSbom>
     <Message Importance="High" Text="Task result: $(SbomPathResult)" />
+  </Target>
+
+  <!-- Specify the SBOM files to copy into the nuget package -->
+  <Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
+    <ItemGroup>
+      <!--Add manifest and SHA file from the GenerateSbomTask execution-->
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Core'"
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Core'"
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
 
-    <!-- Include the generated SBOM contents within the consumer's nuget package -->
-    <ItemGroup >
-      <Content Condition=" '$(MSBuildRuntimeType)' == 'Core'" Include="$(SbomPathResult)\**">
-        <Pack>true</Pack>
-        <PackagePath>_manifest</PackagePath>
-      </Content>
+      <!--Add manifest and SHA file from the SbomCLIToolTask execution from the default manifest path -->
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
+								  Include="$(SbomGenerationBuildDropPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
+								  Include="$(SbomGenerationBuildDropPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
 
-      <Content Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == '' " Include="$(SbomGenerationBuildDropPath)\$(ManifestFolderName)\**">
-        <Pack>true</Pack>
-        <PackagePath>_manifest</PackagePath>
-      </Content>
-      
-      <Content Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' != '' " Include="$(SbomGenerationManifestDirPath)\$(ManifestFolderName)\**">
-        <Pack>true</Pack>
-        <PackagePath>_manifest</PackagePath>
-      </Content>
+      <!--Add manifest and SHA file from the SbomCLIToolTask execution if a manifest directory was specified -->
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' != ''"
+								  Include="$(SbomGenerationManifestDirPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' != ''"
+								  Include="$(SbomGenerationManifestDirPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
     </ItemGroup>
   </Target>
 </Project>
diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index a050412a..7077e5b4 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -3,7 +3,6 @@
 
 namespace Microsoft.Sbom.Targets;
 
-using System.Diagnostics.Tracing;
 using System.IO;
 using Microsoft.Build.Utilities;
 
@@ -97,5 +96,7 @@ private void SetOutputImportance()
         {
             this.StandardOutputImportance = "Low";
         }
+
+        this.LogStandardErrorAsError = true;
     }
 }

From 157a345c09e2f82bdd2b02fa14c061f8e95e6786 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Mon, 22 Jul 2024 10:32:49 -0700
Subject: [PATCH 02/11] simplify sbom output

---
 .../Microsoft.Sbom.Targets.targets            | 53 +++++++------------
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs | 22 ++++++++
 2 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index 2ebaff5a..d167d320 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -29,25 +29,10 @@
   <!--Based on the MSBuild runtime, GenerateSbom will either pull the GenerateSbomTask or SbomCLIToolTask logic-->
   <UsingTask TaskName="Microsoft.Sbom.Targets.GenerateSbom" AssemblyFile="$(MSBuildThisFileDirectory)\..\tasks\$(GenerateSbom_TFM)\Microsoft.Sbom.Targets.dll" />
 
-  <PropertyGroup>
-    <GenerateSBOM Condition=" '$(GenerateSBOM)' == '' ">false</GenerateSBOM>
-    <SbomGenerationBuildDropPath Condition=" '$(SbomGenerationBuildDropPath)' == '' ">$(OutDir)</SbomGenerationBuildDropPath>
-    <SbomGenerationBuildComponentPath Condition=" '$(SbomGenerationBuildComponentPath)' == '' ">$(MSBuildProjectDirectory)</SbomGenerationBuildComponentPath>
-    <SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) != '' ">$(Authors)</SbomGenerationPackageSupplier>
-    <SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) == '' ">$(AssemblyName)</SbomGenerationPackageSupplier>
-    <SbomGenerationPackageName Condition=" '$(SbomGenerationPackageName)' == '' And $(PackageId) != '' ">$(PackageId)</SbomGenerationPackageName>
-    <SbomGenerationPackageName Condition=" '$(SbomGenerationPackageName)' == '' And $(PackageId) == '' ">$(AssemblyName)</SbomGenerationPackageName>
-    <SbomGenerationPackageVersion Condition=" '$(SbomGenerationPackageVersion)' == '' And $(Version) != '' ">$(Version)</SbomGenerationPackageVersion>
-    <SbomGenerationPackageVersion Condition=" '$(SbomGenerationPackageVersion)' == '' And $(Version) == '' ">1.0.0</SbomGenerationPackageVersion>
-    <SbomGenerationNamespaceBaseUri Condition=" '$(SbomGenerationNamespaceBaseUri)' == '' ">http://spdx.org/spdxdocs/$(SbomGenerationPackageName)"</SbomGenerationNamespaceBaseUri>
-    <SbomGenerationFetchLicenseInformation Condition=" '$(SbomGenerationFetchLicenseInformation)' == '' ">false</SbomGenerationFetchLicenseInformation>
-    <SbomGenerationEnablePackageMetadataParsing Condition=" '$(SbomGenerationEnablePackageMetadataParsing)' == '' ">false</SbomGenerationEnablePackageMetadataParsing>
-    <SbomGenerationVerbosity Condition=" '$(SbomGenerationVerbosity)' == '' ">LogAlways</SbomGenerationVerbosity>
-    <SbomGenerationManifestInfo Condition=" '$(SbomGenerationManifestInfo)' == '' ">SPDX:2.2</SbomGenerationManifestInfo>
-    <SbomGenerationDeleteManifestDirIfPresent Condition=" '$(SbomGenerationDeleteManifestDirIfPresent)' == '' ">true</SbomGenerationDeleteManifestDirIfPresent>
-  </PropertyGroup>
+  <Import Project="$(MSBuildThisFileDirectory)\Microsoft.Sbom.Targets.props" />
 
   <Target Name="GenerateSbomTarget" AfterTargets="Build" Condition=" '$(GenerateSBOM)' ==  'true'">
+    <!--TODO: Add arguments for ToolTask-->
     <GenerateSbom
         BuildDropPath="$(SbomGenerationBuildDropPath)"
         BuildComponentPath="$(SbomGenerationBuildComponentPath)"
@@ -73,28 +58,28 @@
   <Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
     <ItemGroup>
       <!--Add manifest and SHA file from the GenerateSbomTask execution-->
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Core'"
+      <BuildOutputInPackage 
 								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Core'"
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
+      <BuildOutputInPackage
+                  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>
 
-      <!--Add manifest and SHA file from the SbomCLIToolTask execution from the default manifest path -->
+      <!--Add manifest and SHA file from the SbomCLIToolTask execution from the default manifest path --><!--
       <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
-								  Include="$(SbomGenerationBuildDropPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
       <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
-								  Include="$(SbomGenerationBuildDropPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>-->
 
-      <!--Add manifest and SHA file from the SbomCLIToolTask execution if a manifest directory was specified -->
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' != ''"
-								  Include="$(SbomGenerationManifestDirPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json"/>
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' != ''"
-								  Include="$(SbomGenerationManifestDirPath)\$(ManifestFolderName)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="_manifest/$(SbomSpecification)/manifest.spdx.json.sha256"/>
+      <!--Add manifest and SHA file from the SbomCLIToolTask execution if a manifest directory was specified --><!--
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full'"
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
+      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full'"
+								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
+								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>-->
     </ItemGroup>
   </Target>
 </Project>
diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index 7077e5b4..0875be7f 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -13,6 +13,28 @@ public partial class GenerateSbom : ToolTask
 {
     protected override string ToolName => "Microsoft.Sbom.Tool";
 
+    /// <summary>
+    /// Executes the SBOM CLI Tool invocation. Need to add extra logic
+    /// to set SbomPath to the directory containing the SBOM.
+    /// </summary>
+    /// <returns></returns>
+    public override bool Execute()
+    {
+        var taskResult = base.Execute();
+        // Set the SbomPath output variable
+        if (taskResult) {
+            if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
+            {
+                this.SbomPath = this.ManifestDirPath;
+            } else
+            {
+                this.SbomPath = Path.Combine(this.BuildDropPath, "_manifest");
+            }
+        }
+
+        return taskResult;
+    }
+
     /// <summary>
     /// Get full path to SBOM CLI tool.
     /// </summary>

From e29e5db8593c6c7a7c37c5c0486036ddf8a94d95 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Tue, 23 Jul 2024 11:19:02 -0700
Subject: [PATCH 03/11] update targets to use SbomPath output var for ToolTask

---
 .../Microsoft.Sbom.Targets.targets               | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index d167d320..fcd6b31d 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -64,22 +64,6 @@
       <BuildOutputInPackage
                   Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
 								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>
-
-      <!--Add manifest and SHA file from the SbomCLIToolTask execution from the default manifest path --><!--
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full' And '$(SbomGenerationManifestDirPath)' == ''"
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>-->
-
-      <!--Add manifest and SHA file from the SbomCLIToolTask execution if a manifest directory was specified --><!--
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full'"
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
-      <BuildOutputInPackage Condition=" '$(MSBuildRuntimeType)' == 'Full'"
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>-->
     </ItemGroup>
   </Target>
 </Project>

From e9fdae6d7b2201d36e7a75a5b84cfedd3e22a2be Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Tue, 23 Jul 2024 11:22:28 -0700
Subject: [PATCH 04/11] fix bad merge

---
 .../Microsoft.Sbom.Targets.targets            | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index fcd6b31d..ec2da750 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -29,10 +29,25 @@
   <!--Based on the MSBuild runtime, GenerateSbom will either pull the GenerateSbomTask or SbomCLIToolTask logic-->
   <UsingTask TaskName="Microsoft.Sbom.Targets.GenerateSbom" AssemblyFile="$(MSBuildThisFileDirectory)\..\tasks\$(GenerateSbom_TFM)\Microsoft.Sbom.Targets.dll" />
 
-  <Import Project="$(MSBuildThisFileDirectory)\Microsoft.Sbom.Targets.props" />
+  <PropertyGroup>
+    <GenerateSBOM Condition=" '$(GenerateSBOM)' == '' ">false</GenerateSBOM>
+    <SbomGenerationBuildDropPath Condition=" '$(SbomGenerationBuildDropPath)' == '' ">$(OutDir)</SbomGenerationBuildDropPath>
+    <SbomGenerationBuildComponentPath Condition=" '$(SbomGenerationBuildComponentPath)' == '' ">$(MSBuildProjectDirectory)</SbomGenerationBuildComponentPath>
+    <SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) != '' ">$(Authors)</SbomGenerationPackageSupplier>
+    <SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) == '' ">$(AssemblyName)</SbomGenerationPackageSupplier>
+    <SbomGenerationPackageName Condition=" '$(SbomGenerationPackageName)' == '' And $(PackageId) != '' ">$(PackageId)</SbomGenerationPackageName>
+    <SbomGenerationPackageName Condition=" '$(SbomGenerationPackageName)' == '' And $(PackageId) == '' ">$(AssemblyName)</SbomGenerationPackageName>
+    <SbomGenerationPackageVersion Condition=" '$(SbomGenerationPackageVersion)' == '' And $(Version) != '' ">$(Version)</SbomGenerationPackageVersion>
+    <SbomGenerationPackageVersion Condition=" '$(SbomGenerationPackageVersion)' == '' And $(Version) == '' ">1.0.0</SbomGenerationPackageVersion>
+    <SbomGenerationNamespaceBaseUri Condition=" '$(SbomGenerationNamespaceBaseUri)' == '' ">http://spdx.org/spdxdocs/$(SbomGenerationPackageName)"</SbomGenerationNamespaceBaseUri>
+    <SbomGenerationFetchLicenseInformation Condition=" '$(SbomGenerationFetchLicenseInformation)' == '' ">false</SbomGenerationFetchLicenseInformation>
+    <SbomGenerationEnablePackageMetadataParsing Condition=" '$(SbomGenerationEnablePackageMetadataParsing)' == '' ">false</SbomGenerationEnablePackageMetadataParsing>
+    <SbomGenerationVerbosity Condition=" '$(SbomGenerationVerbosity)' == '' ">LogAlways</SbomGenerationVerbosity>
+    <SbomGenerationManifestInfo Condition=" '$(SbomGenerationManifestInfo)' == '' ">SPDX:2.2</SbomGenerationManifestInfo>
+    <SbomGenerationDeleteManifestDirIfPresent Condition=" '$(SbomGenerationDeleteManifestDirIfPresent)' == '' ">true</SbomGenerationDeleteManifestDirIfPresent>
+  </PropertyGroup>
 
   <Target Name="GenerateSbomTarget" AfterTargets="Build" Condition=" '$(GenerateSBOM)' ==  'true'">
-    <!--TODO: Add arguments for ToolTask-->
     <GenerateSbom
         BuildDropPath="$(SbomGenerationBuildDropPath)"
         BuildComponentPath="$(SbomGenerationBuildComponentPath)"
@@ -57,7 +72,7 @@
   <!-- Specify the SBOM files to copy into the nuget package -->
   <Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
     <ItemGroup>
-      <!--Add manifest and SHA file from the GenerateSbomTask execution-->
+      <!--Add manifest and SHA file from the GenerateSbom target execution-->
       <BuildOutputInPackage 
 								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
 								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>

From cfaa2970acf1d8e76046eca51033b509a2b4bc5a Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Tue, 23 Jul 2024 19:40:17 -0700
Subject: [PATCH 05/11] append manifest folder name for manifestdirpath

---
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index 0875be7f..9ecd6f89 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -23,12 +23,13 @@ public override bool Execute()
         var taskResult = base.Execute();
         // Set the SbomPath output variable
         if (taskResult) {
+            var manifestFolderName = "_manifest";
             if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
             {
-                this.SbomPath = this.ManifestDirPath;
+                this.SbomPath = Path.Combine(this.ManifestDirPath, manifestFolderName);
             } else
             {
-                this.SbomPath = Path.Combine(this.BuildDropPath, "_manifest");
+                this.SbomPath = Path.Combine(this.BuildDropPath, manifestFolderName);
             }
         }
 

From 43ed373cc6d5da1985e09445973b09945defa08b Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Wed, 24 Jul 2024 19:41:52 -0700
Subject: [PATCH 06/11] add path.combine and property checks

---
 .../Microsoft.Sbom.Targets.targets            | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index ec2da750..a4060e8e 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -12,22 +12,24 @@
     <GenerateSbom_TFM Condition=" '$(MSBuildRuntimeType)' == 'Full' ">net472</GenerateSbom_TFM>
     <GenerateSbom_TFM Condition=" '$(MSBuildRuntimeType)' == 'Core' ">net8.0</GenerateSbom_TFM>
 
+    <SbomToolBinaryOutputPath>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory),..,tasks,$(GenerateSbom_TFM),sbom-tool))</SbomToolBinaryOutputPath>
+    <AssemblyFilePath>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory),..,tasks,$(GenerateSbom_TFM),Microsoft.Sbom.Targets.dll))</AssemblyFilePath>
+
     <!--Set the SBOM CLI Tool path. This variable is only used in SbomCLIToolTask.cs-->
-    <SbomToolPath Condition=" '$(MSBuildRuntimeType)' == 'Full'">$(MSBuildThisFileDirectory)\..\tasks\$(GenerateSbom_TFM)\sbom-tool</SbomToolPath>
+    <SbomToolPath Condition=" '$(MSBuildRuntimeType)' == 'Full'">$(SbomToolBinaryOutputPath)</SbomToolPath>
     <ManifestFolderName>_manifest</ManifestFolderName>
     <SbomSpecification>spdx_2.2</SbomSpecification>
   </PropertyGroup>
 
   <!-- Copy the SBOM files to each respective target framework folder within the .nupkg -->
   <PropertyGroup>
-    <TargetsForTfmSpecificBuildOutput>
-      $(TargetsForTfmSpecificBuildOutput);CopySbomOutput
-    </TargetsForTfmSpecificBuildOutput>
-    <AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.sha256</AllowedOutputExtensionsInPackageBuildOutputFolder>
+    <TargetsForTfmSpecificContentInPackage>
+      $(TargetsForTfmSpecificContentInPackage);CopySbomOutput
+    </TargetsForTfmSpecificContentInPackage>
   </PropertyGroup>
   
   <!--Based on the MSBuild runtime, GenerateSbom will either pull the GenerateSbomTask or SbomCLIToolTask logic-->
-  <UsingTask TaskName="Microsoft.Sbom.Targets.GenerateSbom" AssemblyFile="$(MSBuildThisFileDirectory)\..\tasks\$(GenerateSbom_TFM)\Microsoft.Sbom.Targets.dll" />
+  <UsingTask TaskName="Microsoft.Sbom.Targets.GenerateSbom" AssemblyFile="$(AssemblyFilePath)" />
 
   <PropertyGroup>
     <GenerateSBOM Condition=" '$(GenerateSBOM)' == '' ">false</GenerateSBOM>
@@ -48,6 +50,7 @@
   </PropertyGroup>
 
   <Target Name="GenerateSbomTarget" AfterTargets="Build" Condition=" '$(GenerateSBOM)' ==  'true'">
+    <Error Condition="'$(BuildOutputTargetFolder)' == ''" Text="The GenerationSbomTarget requires the BuildOutputTargetFolder property to be non-null. Please set a folder name."/>
     <GenerateSbom
         BuildDropPath="$(SbomGenerationBuildDropPath)"
         BuildComponentPath="$(SbomGenerationBuildComponentPath)"
@@ -73,12 +76,9 @@
   <Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
     <ItemGroup>
       <!--Add manifest and SHA file from the GenerateSbom target execution-->
-      <BuildOutputInPackage 
-								  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json"/>
-      <BuildOutputInPackage
-                  Include="$(SbomPathResult)\$(SbomSpecification)\manifest.spdx.json.sha256"
-								  TargetPath="$(ManifestFolderName)/$(SbomSpecification)/manifest.spdx.json.sha256"/>
+      <TfmSpecificPackageFile Include="$(SbomPathResult)\$(SbomSpecification)\**">
+        <PackagePath>$(BuildOutputTargetFolder)/$(TargetFramework)/$(ManifestFolderName)/$(SbomSpecification)</PackagePath>
+      </TfmSpecificPackageFile>
     </ItemGroup>
   </Target>
 </Project>

From 416689b0ebd9d6c7c6570cf4a91bf901141471f5 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Wed, 24 Jul 2024 20:03:04 -0700
Subject: [PATCH 07/11] append platform version

---
 src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index a4060e8e..b4ca6dc7 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -74,10 +74,15 @@
 
   <!-- Specify the SBOM files to copy into the nuget package -->
   <Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
+    <PropertyGroup>
+      <!--When building frameworks such as net8.0-windows, the platform version is appended to the framework in the NuGet package-->
+      <TargetFrameworkWithPlatformVersion Condition="$(TargetPlatformVersion) != ''">$(TargetFramework)$(TargetPlatformVersion)</TargetFrameworkWithPlatformVersion>
+      <TargetFrameworkWithPlatformVersion Condition="$(TargetPlatformVersion) == ''">$(TargetFramework)</TargetFrameworkWithPlatformVersion>
+    </PropertyGroup>
     <ItemGroup>
       <!--Add manifest and SHA file from the GenerateSbom target execution-->
       <TfmSpecificPackageFile Include="$(SbomPathResult)\$(SbomSpecification)\**">
-        <PackagePath>$(BuildOutputTargetFolder)/$(TargetFramework)/$(ManifestFolderName)/$(SbomSpecification)</PackagePath>
+        <PackagePath>$(BuildOutputTargetFolder)/$(TargetFrameworkWithPlatformVersion)/$(ManifestFolderName)/$(SbomSpecification)</PackagePath>
       </TfmSpecificPackageFile>
     </ItemGroup>
   </Target>

From 8b591e848c7a6facf851b7e5a04de6bfccc0d5e8 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Thu, 25 Jul 2024 16:01:52 -0700
Subject: [PATCH 08/11] create ManifestDirPath if needed

---
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs | 30 ++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index 9ecd6f89..3e425009 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -3,6 +3,7 @@
 
 namespace Microsoft.Sbom.Targets;
 
+using System;
 using System.IO;
 using Microsoft.Build.Utilities;
 
@@ -96,7 +97,7 @@ protected override string GenerateCommandLineCommands()
     protected override bool ValidateParameters()
     {
         // Validate required args and args that take paths as input.
-        if (!ValidateAndSanitizeRequiredParams() || !ValidateAndSanitizeNamespaceUriUniquePart())
+        if (!ValidateAndSanitizeRequiredParams() || !ValidateAndSanitizeNamespaceUriUniquePart() || !CreateManifestDirPathDirectory())
         {
             return false;
         }
@@ -122,4 +123,31 @@ private void SetOutputImportance()
 
         this.LogStandardErrorAsError = true;
     }
+
+    /// <summary>
+    /// Create the ManifestDirPath if it's specified by the user
+    /// and doesn't exist. This is automatically done by the
+    /// SBOM API, but not the SBOM CLI tool.
+    /// </summary>
+    /// <returns>Whether the directory creation succeeded</returns>
+    private bool CreateManifestDirPathDirectory()
+    {
+        try
+        {
+            if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
+            {
+                if (!Directory.Exists(this.ManifestDirPath))
+                {
+                    Directory.CreateDirectory(this.ManifestDirPath);
+                }
+            }
+        }
+        catch (Exception e)
+        {
+            Log.LogError($"SBOM generation failed: Failed to create the 'ManifestDirPath' directory due to {e.Message}");
+            return false;
+        }
+
+        return true;
+    }
 }

From c21d38a2301d043caee2a43707d61464017d069b Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Sun, 28 Jul 2024 11:44:34 -0700
Subject: [PATCH 09/11] temporarily comment out

---
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs | 54 +++++++++----------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index 88760a07..a7850a77 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -97,7 +97,7 @@ protected override string GenerateCommandLineCommands()
     protected override bool ValidateParameters()
     {
         // Validate required args and args that take paths as input.
-        if (!ValidateAndSanitizeRequiredParams() || !ValidateAndSanitizeNamespaceUriUniquePart() || !CreateManifestDirPathDirectory())
+        if (!ValidateAndSanitizeRequiredParams() || !ValidateAndSanitizeNamespaceUriUniquePart())
         {
             return false;
         }
@@ -124,30 +124,30 @@ private void SetOutputImportance()
         this.LogStandardErrorAsError = true;
     }
 
-    /// <summary>
-    /// Create the ManifestDirPath if it's specified by the user
-    /// and doesn't exist. This is automatically done by the
-    /// SBOM API, but not the SBOM CLI tool.
-    /// </summary>
-    /// <returns>Whether the directory creation succeeded</returns>
-    private bool CreateManifestDirPathDirectory()
-    {
-        try
-        {
-            if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
-            {
-                if (!Directory.Exists(this.ManifestDirPath))
-                {
-                    Directory.CreateDirectory(this.ManifestDirPath);
-                }
-            }
-        }
-        catch (Exception e)
-        {
-            Log.LogError($"SBOM generation failed: Failed to create the 'ManifestDirPath' directory due to {e.Message}");
-            return false;
-        }
-
-        return true;
-    }
+    ///// <summary>
+    ///// Create the ManifestDirPath if it's specified by the user
+    ///// and doesn't exist. This is automatically done by the
+    ///// SBOM API, but not the SBOM CLI tool.
+    ///// </summary>
+    ///// <returns>Whether the directory creation succeeded</returns>
+    //private bool CreateManifestDirPathDirectory()
+    //{
+    //    try
+    //    {
+    //        if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
+    //        {
+    //            if (!Directory.Exists(this.ManifestDirPath))
+    //            {
+    //                Directory.CreateDirectory(this.ManifestDirPath);
+    //            }
+    //        }
+    //    }
+    //    catch (Exception e)
+    //    {
+    //        Log.LogError($"SBOM generation failed: Failed to create the 'ManifestDirPath' directory due to {e.Message}");
+    //        return false;
+    //    }
+
+    //    return true;
+    //}
 }

From bcdf1f02d96d37ae65d1f2d178a9a2f5b52b4e53 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Sun, 28 Jul 2024 11:56:50 -0700
Subject: [PATCH 10/11] remove manifestdirpath logic for now

---
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs | 27 -------------------
 1 file changed, 27 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index a7850a77..614975ae 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -123,31 +123,4 @@ private void SetOutputImportance()
 
         this.LogStandardErrorAsError = true;
     }
-
-    ///// <summary>
-    ///// Create the ManifestDirPath if it's specified by the user
-    ///// and doesn't exist. This is automatically done by the
-    ///// SBOM API, but not the SBOM CLI tool.
-    ///// </summary>
-    ///// <returns>Whether the directory creation succeeded</returns>
-    //private bool CreateManifestDirPathDirectory()
-    //{
-    //    try
-    //    {
-    //        if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
-    //        {
-    //            if (!Directory.Exists(this.ManifestDirPath))
-    //            {
-    //                Directory.CreateDirectory(this.ManifestDirPath);
-    //            }
-    //        }
-    //    }
-    //    catch (Exception e)
-    //    {
-    //        Log.LogError($"SBOM generation failed: Failed to create the 'ManifestDirPath' directory due to {e.Message}");
-    //        return false;
-    //    }
-
-    //    return true;
-    //}
 }

From 08be8eec337b38bfe24ed49eff802888cc2daae0 Mon Sep 17 00:00:00 2001
From: vpatakottu <vpatakottu@microsoft.com>
Date: Sun, 28 Jul 2024 12:46:29 -0700
Subject: [PATCH 11/11] use path.combine and full path

---
 src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets | 4 ++--
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs             | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index 42567db8..c6700e7f 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -81,8 +81,8 @@
     </PropertyGroup>
     <ItemGroup>
       <!--Add manifest and SHA file from the GenerateSbom target execution-->
-      <TfmSpecificPackageFile Include="$(SbomPathResult)\$(SbomSpecification)\**">
-        <PackagePath>$(BuildOutputTargetFolder)/$(TargetFrameworkWithPlatformVersion)/$(ManifestFolderName)/$(SbomSpecification)</PackagePath>
+      <TfmSpecificPackageFile Include="$([System.IO.Path]::Combine($(SbomPathResult),$(SbomSpecification)))\**">
+        <PackagePath>$([System.IO.Path]::Combine($(BuildOutputTargetFolder),$(TargetFrameworkWithPlatformVersion),$(ManifestFolderName),$(SbomSpecification)))</PackagePath>
       </TfmSpecificPackageFile>
     </ItemGroup>
   </Target>
diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index 614975ae..c86dcd38 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -27,10 +27,12 @@ public override bool Execute()
             var manifestFolderName = "_manifest";
             if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
             {
-                this.SbomPath = Path.Combine(this.ManifestDirPath, manifestFolderName);
+                var fullManifestDirPath = Path.GetFullPath(this.ManifestDirPath);
+                this.SbomPath = Path.Combine(fullManifestDirPath, manifestFolderName);
             } else
             {
-                this.SbomPath = Path.Combine(this.BuildDropPath, manifestFolderName);
+                var fullBuidDropPath = Path.GetFullPath(this.BuildDropPath);
+                this.SbomPath = Path.Combine(fullBuidDropPath, manifestFolderName);
             }
         }