SBOM generation support for .NET Applications #46272

baronfel · 2025-01-24T16:40:20Z

Is your feature request related to a problem? Please describe.

.NET Developers should be able to have an integrated, robust SBOM generation capability in the toolchain, so that .NET applications and libraries have correct, updated SBOMs for consumers of the software to use.

Describe the solution you'd like

This epic tracks the work list to complete integration of Microsoft.SBOM.Targets into the .NET SDK. In the simplest case, as soon as a user sets <GenerateSBOM>true<GenerateSBOM>, the SDK should

insert an implicit PackageReference to Microsoft.SBOM.Targets
ensure that the SBOM generation provided by that package is hooked into the publish target
ensure that relevant .NET toolchain information is provided to the SBOM generation to ensure that future analysis has good traceability of the artifacts

The text was updated successfully, but these errors were encountered:

baronfel added the Epic Groups multiple user stories. Can be grouped under a theme. label Jan 24, 2025

baronfel added this to the 10.0.1xx milestone Jan 24, 2025

dotnet-issue-labeler bot added Area-NetSDK untriaged Request triage from a team member labels Jan 24, 2025

baronfel added Area-SBOM and removed untriaged Request triage from a team member labels Jan 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SBOM generation support for .NET Applications #46272

SBOM generation support for .NET Applications #46272

baronfel commented Jan 24, 2025

SBOM generation support for .NET Applications #46272

SBOM generation support for .NET Applications #46272

Comments

baronfel commented Jan 24, 2025

Is your feature request related to a problem? Please describe.

Describe the solution you'd like