Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a pre-compress target/hook #13690

Open
gustavoaca1997 opened this issue Aug 9, 2024 · 1 comment
Open

Add a pre-compress target/hook #13690

gustavoaca1997 opened this issue Aug 9, 2024 · 1 comment
Assignees

Comments

@gustavoaca1997
Copy link

NuGet Product(s) Involved

dotnet.exe

The Elevator Pitch

As part of the efforts of including Software Bill of Materials (SBOM) generation into .NET, we need a target or hook that occurs right before the compression of the Nuget package's content, so that we can:

  • Scan the content of the package.
  • Generate and include the SBOM manifest.

By integrating SBOM generation into NuGet packages, we can provide developers with a transparent and comprehensive view of the components within their applications. This addition not only enhances security but also streamlines compliance and fosters trust within the developer community.

Additional Context and Details

Right now, the only way we have for adding a SBOM manifest into the Nuget package is by doing the following:

  • Extracting the content of the package.
  • Scan it and generate the SBOM manifest.
  • Compress it again.

Ideally we could skip the unzip-zip part, and use a target that will let us scan the whole content of the package right before it's compressed. We would need a property with the path to the content. Something like this:

  <Target Name="GenerateSbomTarget" AfterTargets="PreCompress" Condition=" '$(GenerateSBOM)' ==  'true'" >

    <!-- Call the SBOM Task to generate a SBOM. -->
    <GenerateSbom
        BuildDropPath="$(PackageContentPath)"
        ...
    </GenerateSbom>
  </Target>
@Nigusu-Allehu
Copy link
Contributor

There is an Epic tracking introduction of SBOMs to NuGet #12497

@jeffkl jeffkl added Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. help wanted Considered good issues for community contributions. labels Sep 9, 2024
@nkolev92 nkolev92 added Priority:2 Issues for the current backlog. Partner:DotNet and removed Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. help wanted Considered good issues for community contributions. Triage:NeedsTriageDiscussion labels Oct 28, 2024
@nkolev92 nkolev92 self-assigned this Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants