Navigation

    Inedo Community Forums

    Forums

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. fabrice.mejean
    3. Topics
    F
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Topics created by fabrice.mejean

    • F

      pgutil doesn't support nuget lock files to generate sbom
      Support • • fabrice.mejean  

      4
      0
      Votes
      4
      Posts
      6
      Views

      atripp

      Hi @fabrice-mejean , I definitely understand where you're coming from.... both commands basically work off the assets file, which is generated at build time. But your workflow is not common... the standard for SBOM generation is post-build. Doing it pre-build checking requires that packages.lock.json is used, which not many use... it's hard for us to advocate this workflow when most users don't care about saving time in this stage. I know we could add a "switch" or something to pgutil, but we learned "the hard way" that adding lots of complex alternative/branching paths to pgscan made for very difficult to maintain/understand code, so we want to keep the utility as simple as possible. Thanks, Alana
    • F

      How to create a Custom OSS provider
      Support • • fabrice.mejean  

      5
      0
      Votes
      5
      Posts
      10
      Views

      F

      Oh ok, I was thinking that we could create a private metadata provider if we want deprecate our own packages without doing it on each feeds. So it will not help me. Thanks
    • F

      Request for Creation of API for Package Auditing Before Dependency Restoration
      Support • • fabrice.mejean  

      12
      0
      Votes
      12
      Posts
      48
      Views

      atripp

      Hi @pmsensi, Correct -- it'll be whatever data is on the "Dependencies" tab in ProGet, which is basically whatever is in the manifest file (.nuspec, etc). Thanks, Alana
    • 1 / 1