BOM creation fails when used latest dotnet-CycloneDX (0.11.0)

[sitraj]

Hi Steve,

When I am trying to use latest dotnet-CycloneDX (0.11.0) version for creating BOM file I am getting following message, so I am using dotnet-CycloneDX (0.9.0) is using:

¯ Analyzing: C:\Users\admin\file.csproj
  Getting project references
  No project references found
  1 project(s) found

My file.csproj contains following contents:

<Project>
  <ItemGroup>
    <!--Set Third party nuget versions-->	
    <PackageReference Include="AngleSharp" Version="0.9.4" />
	<PackageReference Include="Apache.NMS.ActiveMQ" Version="1.7.2" />
    <PackageReference Include="Aspose.BarCode" Version="19.4.0" />
    <PackageReference Include="Aspose.Cells" Version="19.8.0" />
    <PackageReference Include="Aspose.Pdf" Version="19.8.0" />
    <PackageReference Include="Aspose.Words" Version="20.1.0" />
  </ItemGroup>
</Project>

[coderpatros]

Hi @shounakitraj, that project file doesn't look valid to me. What framework is this?

Older versions of the tool would parse project file package references. Unfortunately this can miss dependencies.

For example when an explicit version isn't specified and dependencies that are brought in as a result of the target framework.

With newer versions of the tool a dotnet restore is triggered. This generates a project.assets.json file which includes all dependencies that are being used in the build.

Does dotnet restore work with that project file for you?

[sitraj]

Hi @coderpatros, Thanks for quick response. Actually this is "Directory.Build.targets" file which contains list of all server side libraries required for project.

<Project>
  <ItemGroup>
    <!--Set Third party nuget versions-->	
    <PackageReference Update="AngleSharp" Version="0.9.4" />
    <PackageReference Update="Apache.NMS.ActiveMQ" Version="1.7.2" />
    <PackageReference Update="Aspose.BarCode" Version="19.4.0" />
    <PackageReference Update="Aspose.Cells" Version="19.8.0" />
    <PackageReference Update="Aspose.Pdf" Version="19.8.0" />
    <PackageReference Update="Aspose.Words" Version="20.1.0" />
  </ItemGroup>
</Project>

I am converting this .targets file to .csproj by replacing "Update" keyword to "Include"

The project is working correctly and have no issues while compiling,

The reason I need to use .targets file is, we have multiple projects in our solution file and we are maintaining this single .targets file for resolving all dependencies required in all projects.

[coderpatros]

Ah, try adding a section like this under the project element (just update the target framework)...

  <PropertyGroup>  
    <TargetFrameworks>netcoreapp2.1</TargetFrameworks>  
  </PropertyGroup>

But we should support that use case. Are you able to send me any more details on your project structure, sanitised project files, etc that I might be able to replicate it locally? coderpatros at outlook dot com

[sitraj]

Thanks @coderpatros, I have shared the details on email to you.

Please let me know if you require any more information.

[github-actions]

This issue is stale because it has been open for 3 months with no activity.