Merge pull request #1 from dborgards/claude/cyclonedx-nuget-package-01EkX7VTfBKakXEbsnQoSXCb

feat: Implement CycloneDX.MSBuild NuGet package

Author: dborgards

.editorconfig

@@ -0,0 +1,35 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# All files
+[*]
+charset = utf-8
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# XML files (.props, .targets, .csproj, .nuspec)
+[*.{props,targets,csproj,nuspec,xml}]
+indent_style = space
+indent_size = 2
+
+# C# files
+[*.cs]
+indent_style = space
+indent_size = 4
+
+# Markdown files
+[*.md]
+trim_trailing_whitespace = false
+
+# JSON files
+[*.json]
+indent_style = space
+indent_size = 2
+
+# Shell scripts
+[*.sh]
+end_of_line = lf
+indent_style = space
+indent_size = 2

.gitattributes

@@ -0,0 +1,29 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Source code
+*.cs text diff=csharp
+*.csproj text diff=csharp
+*.sln text eol=crlf
+
+# MSBuild files
+*.props text
+*.targets text
+*.nuspec text
+
+# Documentation
+*.md text
+*.txt text
+
+# Scripts
+*.sh text eol=lf
+*.ps1 text eol=crlf
+
+# JSON files
+*.json text
+
+# Binary files
+*.dll binary
+*.exe binary
+*.nupkg binary
+*.snk binary

CONTRIBUTING.md

@@ -0,0 +1,125 @@
+# Contributing to CycloneDX.MSBuild
+
+Thank you for your interest in contributing to CycloneDX.MSBuild! This document provides guidelines and instructions for contributing.
+
+## Code of Conduct
+
+This project adheres to the CycloneDX community standards. By participating, you are expected to uphold professional and respectful communication.
+
+## How to Contribute
+
+### Reporting Issues
+
+- Use the GitHub issue tracker
+- Search existing issues before creating a new one
+- Provide detailed reproduction steps
+- Include environment details (OS, .NET version, MSBuild version)
+
+### Suggesting Features
+
+- Open a GitHub issue with the label "enhancement"
+- Clearly describe the use case and benefits
+- Consider backward compatibility
+
+### Pull Requests
+
+1. Fork the repository
+2. Create a feature branch (`git checkout -b feature/your-feature`)
+3. Make your changes following our coding standards
+4. Add tests for new functionality
+5. Update documentation
+6. Commit with clear messages
+7. Push to your fork
+8. Open a pull request
+
+## Development Guidelines
+
+### Security by Design
+
+All contributions must follow these security principles:
+
+- **No Elevated Permissions**: Code runs in build context only
+- **Input Validation**: Validate all MSBuild properties
+- **Fail-Safe Defaults**: Default to safe behavior
+- **No Arbitrary Code Execution**: Only execute vetted tools
+- **Dependency Pinning**: Use explicit versions
+
+### Clean Code Principles
+
+- **Separation of Concerns**: Keep configuration (.props) and logic (.targets) separate
+- **Single Responsibility**: Each target does one thing
+- **DRY**: Don't repeat yourself
+- **Meaningful Names**: Use clear, descriptive names
+- **Documentation**: Comment complex logic
+
+### MSBuild Best Practices
+
+- Use conditions to avoid unnecessary execution
+- Provide clear messages for errors and warnings
+- Use appropriate message importance levels
+- Handle multi-targeting scenarios
+- Test with various project types
+
+### Code Style
+
+- Follow existing patterns in the codebase
+- Use XML formatting for .props and .targets files
+- Indent with 2 spaces
+- Keep lines under 120 characters
+
+## Testing
+
+### Manual Testing
+
+Test your changes with:
+
+1. Simple single-target projects
+2. Multi-targeting projects
+3. Projects with disabled SBOM generation
+4. Custom configuration scenarios
+
+### Test Projects
+
+Use the integration test projects:
+
+```bash
+# Build test projects
+dotnet build tests/Integration.Tests/SimpleProject/SimpleProject.csproj
+dotnet build tests/Integration.Tests/MultiTargetProject/MultiTargetProject.csproj
+dotnet build tests/Integration.Tests/DisabledProject/DisabledProject.csproj
+
+# Verify SBOM generation
+ls tests/Integration.Tests/SimpleProject/bin/Debug/net8.0/bom.json
+```
+
+## Documentation
+
+Update documentation when:
+
+- Adding new features
+- Changing configuration options
+- Modifying behavior
+- Adding examples
+
+Documentation locations:
+- `README.md` - User-facing documentation
+- XML comments in `.props` and `.targets` - Property descriptions
+- `CONTRIBUTING.md` - Development guidelines
+
+## Release Process
+
+1. Update version in `CycloneDX.MSBuild.csproj`
+2. Update `CHANGELOG.md` (if present)
+3. Update `README.md` version references
+4. Create a pull request
+5. After merge, maintainers will create a release tag
+
+## Questions?
+
+- Open a GitHub discussion
+- Check existing documentation
+- Review similar issues
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the Apache License 2.0.

CycloneDX.MSBuild.sln

@@ -0,0 +1,47 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{A1B2C3D4-E5F6-4A5B-8C9D-0E1F2A3B4C5D}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{B2C3D4E5-F6A7-4B5C-9D0E-1F2A3B4C5D6E}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CycloneDX.MSBuild", "src\CycloneDX.MSBuild\CycloneDX.MSBuild.csproj", "{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SimpleProject", "tests\Integration.Tests\SimpleProject\SimpleProject.csproj", "{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MultiTargetProject", "tests\Integration.Tests\MultiTargetProject\MultiTargetProject.csproj", "{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DisabledProject", "tests\Integration.Tests\DisabledProject\DisabledProject.csproj", "{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{C3D4E5F6-A7B8-4C5D-0E1F-2A3B4C5D6E7F} = {A1B2C3D4-E5F6-4A5B-8C9D-0E1F2A3B4C5D}
+		{D4E5F6A7-B8C9-4D5E-1F2A-3B4C5D6E7F8A} = {B2C3D4E5-F6A7-4B5C-9D0E-1F2A3B4C5D6E}
+		{E5F6A7B8-C9D0-4E5F-2A3B-4C5D6E7F8A9B} = {B2C3D4E5-F6A7-4B5C-9D0E-1F2A3B4C5D6E}
+		{F6A7B8C9-D0E1-4F5A-3B4C-5D6E7F8A9B0C} = {B2C3D4E5-F6A7-4B5C-9D0E-1F2A3B4C5D6E}
+	EndGlobalSection
+EndGlobal