microsoft · vpatakottu · Aug 21, 2024 · Aug 21, 2024 · Aug 21, 2024 · Aug 21, 2024
diff --git a/src/Microsoft.Sbom.Api/SBOMGenerator.cs b/src/Microsoft.Sbom.Api/SBOMGenerator.cs
@@ -80,7 +80,7 @@ public async Task<SbomGenerationResult> GenerateSbomAsync(
 
         var entityErrors = recorder.Errors.Select(error => error.ToEntityError()).ToList();
 
-        return new SbomGenerationResult(isSuccess, entityErrors, isSuccess ? inputConfiguration.ManifestDirPath.ToString() : null);
+        return new SbomGenerationResult(isSuccess, entityErrors);
     }
 
     /// <inheritdoc />
@@ -120,7 +120,7 @@ public async Task<SbomGenerationResult> GenerateSbomAsync(
         // This is the generate workflow
         var result = await generationWorkflow.RunAsync();
 
-        return new SbomGenerationResult(result, new List<EntityError>(), result ? inputConfiguration.ManifestDirPath.ToString() : null);
+        return new SbomGenerationResult(result, new List<EntityError>());
     }
 
     /// <inheritdoc />

diff --git a/src/Microsoft.Sbom.Contracts/Contracts/SBOMGenerationResult.cs b/src/Microsoft.Sbom.Contracts/Contracts/SBOMGenerationResult.cs
@@ -21,15 +21,9 @@ public class SbomGenerationResult
     /// </summary>
     public IList<EntityError> Errors { get; private set; }
 
-    /// <summary>
-    /// Gets the path where the SBOM was generated, if the generation was successful.
-    /// </summary>
-    public string? ManifestDirPath { get; private set; }
-
-    public SbomGenerationResult(bool isSuccessful, IList<EntityError> errors, string manifestDirPath = null)
+    public SbomGenerationResult(bool isSuccessful, IList<EntityError> errors)
     {
         IsSuccessful = isSuccessful;
         Errors = errors ?? new List<EntityError>();
-        this.ManifestDirPath = manifestDirPath;
     }
 }
diff --git a/src/Microsoft.Sbom.Targets/GenerateSbom.cs b/src/Microsoft.Sbom.Targets/GenerateSbom.cs
@@ -89,18 +89,14 @@ public partial class GenerateSbom
     public bool DeleteManifestDirIfPresent { get; set; } = true;
 
     /// <summary>
-    /// Gets or sets the path where the SBOM will be generated.
+    /// Gets or sets the path where the SBOM will be generated. For now, this property
+    /// will be unset as the _manifest directory is intended to be at the root of a NuGet package
+    /// specified by BuildDropPath.
     /// </summary>
     public string ManifestDirPath { get; set; }
 
     /// <summary>
     /// Gets or sets the path to the SBOM CLI tool
     /// </summary>
     public string SbomToolPath { get; set; }
-
-    /// <summary>
-    /// Gets or sets the path to the generated SBOM directory.
-    /// </summary>
-    [Output]
-    public string SbomPath { get; set; }
 }
diff --git a/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs b/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs
@@ -100,7 +100,6 @@ public override bool Execute()
                 externalDocumentReferenceListFile: this.ExternalDocumentListFile)).GetAwaiter().GetResult();
 #pragma warning restore VSTHRD002 // Avoid problematic synchronous waits
 
-            SbomPath = !string.IsNullOrWhiteSpace(result.ManifestDirPath) ? Path.GetFullPath(result.ManifestDirPath) : null;
             return result.IsSuccessful;
         }
         catch (Exception e)
@@ -113,7 +112,7 @@ public override bool Execute()
     /// <summary>
     /// Check for ManifestInfo and create an SbomSpecification accordingly.
     /// </summary>
-    /// <returns>A list of the parsed manifest info. Null ig the manifest info is null or empty.</returns>
+    /// <returns>A list of the parsed manifest info. Null if the manifest info is null or empty.</returns>
     private IList<SbomSpecification> ValidateAndAssignSpecifications()
     {
         if (!string.IsNullOrWhiteSpace(this.ManifestInfo))

diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -68,10 +68,8 @@
         Verbosity="$(SbomGenerationVerbosity)"
         ManifestInfo="$(SbomGenerationManifestInfo)"
         DeleteManifestDirIfPresent="$(SbomGenerationDeleteManifestDirIfPresent)"
-        ManifestDirPath="" 
         SbomToolPath="$(SbomToolPath)"
         ContinueOnError="ErrorAndContinue">
-      <Output TaskParameter="SbomPath" PropertyName="SbomPathResult" />
     </GenerateSbom>
     <Message Importance="High" Text="Task result: $(SbomPathResult)" />
 

diff --git a/src/Microsoft.Sbom.Targets/README.md b/src/Microsoft.Sbom.Targets/README.md
@@ -1,6 +1,6 @@
 # SBOM Generation for .NET Projects
 ## Microsoft.Sbom.Targets
-This project implements a custom MSBuild task that generates an SBOM using the SBOM API and CLI tool. The MSBuild task binaries along with the associated targets are packaged as a NuGet package and can be consumed within a .NET project. Once installed, an SBOM will automatically be generated upon building the .NET project.
+This project implements a custom MSBuild task that generates an SBOM using the SBOM API and CLI tool. The MSBuild task binaries along with the associated targets are packaged as a NuGet package and can be consumed within a .NET project. Once installed, an SBOM will automatically be generated upon packing the .NET project.
 
 ## MSBuild Task Implementation
 The custom MSBuild task is implemented across the following partial classes:

diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -14,31 +14,6 @@ public partial class GenerateSbom : ToolTask
 {
     protected override string ToolName => "Microsoft.Sbom.Tool";
 
-    /// <summary>
-    /// Executes the SBOM CLI Tool invocation. Need to add extra logic
-    /// to set SbomPath to the directory containing the SBOM.
-    /// </summary>
-    /// <returns></returns>
-    public override bool Execute()
-    {
-        var taskResult = base.Execute();
-        // Set the SbomPath output variable
-        if (taskResult) {
-            var manifestFolderName = "_manifest";
-            if (!string.IsNullOrWhiteSpace(this.ManifestDirPath))
-            {
-                var fullManifestDirPath = Path.GetFullPath(this.ManifestDirPath);
-                this.SbomPath = Path.Combine(fullManifestDirPath, manifestFolderName);
-            } else
-            {
-                var fullBuidDropPath = Path.GetFullPath(this.BuildDropPath);
-                this.SbomPath = Path.Combine(fullBuidDropPath, manifestFolderName);
-            }
-        }
-
-        return taskResult;
-    }
-
     /// <summary>
     /// Get full path to SBOM CLI tool.
     /// </summary>

diff --git a/test/Microsoft.Sbom.Targets.E2E.Tests/GenerateSbomE2ETests.cs b/test/Microsoft.Sbom.Targets.E2E.Tests/GenerateSbomE2ETests.cs
@@ -7,7 +7,6 @@ namespace Microsoft.Sbom.Targets.E2E.Tests;
 using System.IO;
 using System.IO.Compression;
 using System.Runtime.InteropServices;
-using Castle.Core.Internal;
 using Microsoft.Build.Evaluation;
 using Microsoft.Build.Locator;
 using Microsoft.Build.Logging;
@@ -19,6 +18,9 @@ public class GenerateSbomE2ETests
     /*
      * The following tests validate the end-to-end workflow for importing the Microsoft.Sbom.Targets.targets
      * into a .NET project, building it, packing it, and validating the generated SBOM contents.
+     *
+     * NOTE: These tests are only compatible with net6.0 and net472, as there are issues when resolving NuGet assemblies when
+     * targeting net8.0.
      */
     private static readonly bool IsWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
 

diff --git a/test/Microsoft.Sbom.Targets.E2E.Tests/Microsoft.Sbom.Targets.E2E.Tests.csproj b/test/Microsoft.Sbom.Targets.E2E.Tests/Microsoft.Sbom.Targets.E2E.Tests.csproj
@@ -20,8 +20,6 @@
     <PackageReference Include="Microsoft.Build.Framework" ExcludeAssets="Runtime" />
     <PackageReference Include="Microsoft.Build.Locator" />
     <PackageReference Include="Microsoft.Build.Utilities.Core" ExcludeAssets="Runtime" />
-    <PackageReference Include="Microsoft.CSharp" />
-    <PackageReference Include="Newtonsoft.Json" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/test/Microsoft.Sbom.Targets.Tests/Microsoft.Sbom.Targets.Tests.csproj b/test/Microsoft.Sbom.Targets.Tests/Microsoft.Sbom.Targets.Tests.csproj
@@ -17,7 +17,6 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Build.Framework" />
     <PackageReference Include="Microsoft.Build.Utilities.Core" />
-    <PackageReference Include="Microsoft.CSharp" />
     <PackageReference Include="Newtonsoft.Json" />
   </ItemGroup>
 

diff --git a/test/Microsoft.Sbom.Targets.Tests/Utility/GeneratedSbomValidator.cs b/test/Microsoft.Sbom.Targets.Tests/Utility/GeneratedSbomValidator.cs
@@ -8,8 +8,6 @@ namespace Microsoft.Sbom.Targets.Tests.Utility;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography;
-using System.Text;
-using System.Threading.Tasks;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Newtonsoft.Json;
 
@@ -93,6 +91,9 @@ internal void AssertSbomIsValid(string manifestPath, string buildDropPath, strin
             {
                 Assert.IsTrue(namespaceValue.Contains($"{expectedNamespaceUriBase.Trim()}/{expectedPackageName}/{expectedPackageVersion}"));
             }
+        } else
+        {
+            Assert.Fail("An unexpected SBOM specification was used. Please specify SPDX 2.2.");
         }
     }