Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing environment variables to dotnet-cyclonedx #659

Open
cwa-dr opened this issue Feb 23, 2023 · 3 comments
Open

Passing environment variables to dotnet-cyclonedx #659

cwa-dr opened this issue Feb 23, 2023 · 3 comments
Labels
stale

Comments

@cwa-dr
Copy link

cwa-dr commented Feb 23, 2023

In some of my .csproj files I use variables to support different deployments.

example:

dotnet-cylonedx cannot resolve $(SourceDir) and will log an error that the project file does not exist.

How can I provide this $(SourceDir) as environment variable to dotnet-cyclonedx?
@william02210
Copy link

william02210 commented Mar 9, 2023
edited
Loading

I have a similar question. I have a Visual Studio solution which may provide different version of components depending on whether it is built in a Debug or Release configuration. I am finding that CycloneDX is reporting all of the Debug dependencies and none of the release dependencies. How does one pass the build configuration to CycloneDX? Alternatively, if there was a way to have CycloneDX report all dependencies no matter their build configuration, I could post process the results.

Is this possible to do? If so, I am struggling to figure it out.

Below, I have included an example of a csproj in the solution to help clarify question.

Thank you in advance.

<Project Sdk="Some.Sdk">

  <PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
    <RuntimeIdentifiers>win-x64</RuntimeIdentifiers>
    <RootNamespace>some_namespace</RootNamespace>
    <Configurations>Debug;Release</Configurations>
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>

  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
    <WarningsAsErrors />
  </PropertyGroup>

  <Choose>
    <When Condition="$(Configuration.Contains('Release'))">
      <ItemGroup>
        <PackageReference Include="Package1.Server" Version="$(Package1ServerVersion)" />
        <PackageReference Include="Package1.Tools" Version="$(Package1ToolsVersion)" />
      </ItemGroup>
    </When>
    <Otherwise>
      <ItemGroup>
        <PackageReference Include="Package1.Server.Debug" Version="$(Package1ServerVersion)" />
        <PackageReference Include="Package1.Tools.Debug" Version="$(Package1ToolsDebugVersion)" />
      </ItemGroup>
    </Otherwise>
  </Choose>


  <ItemGroup>
    ...Stuff...
  </ItemGroup>
    
  <ItemGroup>
	...Stuff...
  </ItemGroup>

</Project>

@william02210
Copy link

@cwa-dr I worked around my issues with having configuration dependent assets by building the solution as I normally would, then using the -dpr (Disable Package Restore) option with CycloneDX. With this option, CycloneDX is no longer responsible for all of the different options to restoring the assets/packages.

Being somewhat new to Nuget and how SBOMs are built, it took me stepping through the CycloneDX source to understand what it was doing and what the dpr option meant.

Maybe this will work for you and save you some time as well.

@mtsfoni mtsfoni mentioned this issue Dec 28, 2023
Open
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 3 months with no activity.

@github-actions github-actions bot added the stale label Dec 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cwa-dr @william02210