disable component detection summary

src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs

@@ -17,6 +17,7 @@
 using Microsoft.Sbom.Api.Utils;
 using Microsoft.Sbom.Common;
 using Microsoft.Sbom.Common.Config;
+using Microsoft.Sbom.Contracts;
 using Microsoft.Sbom.Extensions;
 using Constants = Microsoft.Sbom.Api.Utils.Constants;
 using ILogger = Serilog.ILogger;
@@ -34,6 +35,7 @@ public abstract class ComponentDetectionBaseWalker
     private readonly ISbomConfigProvider sbomConfigs;
     private readonly IFileSystemUtils fileSystemUtils;
     private readonly ILicenseInformationFetcher licenseInformationFetcher;
+    private readonly RuntimeConfiguration? runtimeConfiguration;
     private readonly IPackageDetailsFactory packageDetailsFactory;
 
     public ConcurrentDictionary<string, string> LicenseDictionary = new ConcurrentDictionary<string, string>();
@@ -48,7 +50,8 @@ public ComponentDetectionBaseWalker(
         ISbomConfigProvider sbomConfigs,
         IFileSystemUtils fileSystemUtils,
         IPackageDetailsFactory packageDetailsFactory,
-        ILicenseInformationFetcher licenseInformationFetcher)
+        ILicenseInformationFetcher licenseInformationFetcher,
+        RuntimeConfiguration? runtimeConfiguration)
     {
         this.log = log ?? throw new ArgumentNullException(nameof(log));
         this.componentDetector = componentDetector ?? throw new ArgumentNullException(nameof(componentDetector));
@@ -57,6 +60,7 @@ public ComponentDetectionBaseWalker(
         this.fileSystemUtils = fileSystemUtils ?? throw new ArgumentNullException(nameof(fileSystemUtils));
         this.packageDetailsFactory = packageDetailsFactory ?? throw new ArgumentNullException(nameof(packageDetailsFactory));
         this.licenseInformationFetcher = licenseInformationFetcher ?? throw new ArgumentNullException(nameof(licenseInformationFetcher));
+        this.runtimeConfiguration = runtimeConfiguration;
     }
 
     public (ChannelReader<ScannedComponent> output, ChannelReader<ComponentDetectorException> error) GetComponents(string buildComponentDirPath)
@@ -114,8 +118,11 @@ async Task Scan(string path)
             var cmdLineParams = configuration.ToComponentDetectorCommandLineParams(cliArgumentBuilder);
 
             var scanSettings = cliArgumentBuilder.BuildScanSettingsFromParsedArgs(cmdLineParams);
-            // TODO: the MSBuild pathway needs a way to disable this setting, because the CG tools write directly to stdout (which is not kind).
-            scanSettings.NoSummary = true;
+            if (runtimeConfiguration != null)
+            {
+                scanSettings.NoSummary = runtimeConfiguration.NoComponentGovernanceSummary;
+            }
+
             var scanResult = await componentDetector.ScanAsync(scanSettings);
 
             if (scanResult.ResultCode != ProcessingResultCode.Success)

src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs

@@ -9,6 +9,7 @@
 using Microsoft.Sbom.Api.Utils;
 using Microsoft.Sbom.Common;
 using Microsoft.Sbom.Common.Config;
+using Microsoft.Sbom.Contracts;
 using Microsoft.Sbom.Extensions;
 using ILogger = Serilog.ILogger;
 
@@ -19,8 +20,8 @@ namespace Microsoft.Sbom.Api.Executors;
 /// </summary>
 public class PackagesWalker : ComponentDetectionBaseWalker
 {
-    public PackagesWalker(ILogger log, ComponentDetectorCachedExecutor componentDetector, IConfiguration configuration, ISbomConfigProvider sbomConfigs, IFileSystemUtils fileSystemUtils, IPackageDetailsFactory packageDetailsFactory, ILicenseInformationFetcher licenseInformationFetcher)
-        : base(log, componentDetector, configuration, sbomConfigs, fileSystemUtils, packageDetailsFactory, licenseInformationFetcher)
+    public PackagesWalker(ILogger log, ComponentDetectorCachedExecutor componentDetector, IConfiguration configuration, ISbomConfigProvider sbomConfigs, IFileSystemUtils fileSystemUtils, IPackageDetailsFactory packageDetailsFactory, ILicenseInformationFetcher licenseInformationFetcher, RuntimeConfiguration runtimeConfiguration = null)
+        : base(log, componentDetector, configuration, sbomConfigs, fileSystemUtils, packageDetailsFactory, licenseInformationFetcher, runtimeConfiguration)
     {
     }
 

src/Microsoft.Sbom.Api/Executors/SbomComponentsWalker.cs

@@ -9,6 +9,7 @@
 using Microsoft.Sbom.Api.Utils;
 using Microsoft.Sbom.Common;
 using Microsoft.Sbom.Common.Config;
+using Microsoft.Sbom.Contracts;
 using Microsoft.Sbom.Extensions;
 using ILogger = Serilog.ILogger;
 
@@ -19,8 +20,8 @@ namespace Microsoft.Sbom.Api.Executors;
 /// </summary>
 public class SbomComponentsWalker : ComponentDetectionBaseWalker
 {
-    public SbomComponentsWalker(ILogger log, ComponentDetectorCachedExecutor componentDetector, IConfiguration configuration, ISbomConfigProvider sbomConfigs, IFileSystemUtils fileSystemUtils, IPackageDetailsFactory packageDetailsFactory, ILicenseInformationFetcher licenseInformationFetcher)
-        : base(log, componentDetector, configuration, sbomConfigs, fileSystemUtils, packageDetailsFactory, licenseInformationFetcher)
+    public SbomComponentsWalker(ILogger log, ComponentDetectorCachedExecutor componentDetector, IConfiguration configuration, ISbomConfigProvider sbomConfigs, IFileSystemUtils fileSystemUtils, IPackageDetailsFactory packageDetailsFactory, ILicenseInformationFetcher licenseInformationFetcher, RuntimeConfiguration runtimeConfiguration = null)
+        : base(log, componentDetector, configuration, sbomConfigs, fileSystemUtils, packageDetailsFactory, licenseInformationFetcher, runtimeConfiguration)
     {
     }
 

src/Microsoft.Sbom.Contracts/Contracts/RuntimeConfiguration.cs

@@ -49,4 +49,9 @@ public class RuntimeConfiguration
     /// Gets or sets a value indicating whether if set to false, we will not follow symlinks while traversing the build drop folder.
     /// </summary>
     public bool FollowSymlinks { get; set; } = true;
+
+    /// <summary>
+    /// Gets or sets a value indicating whether if set to true, we will not print a summary of the component governance to stdout.
+    /// </summary>
+    public bool NoComponentGovernanceSummary { get; set; } = false;
 }

src/Microsoft.Sbom.Targets/GenerateSbomTask.cs

@@ -48,10 +48,21 @@ public override bool Execute()
             var logVerbosity = ValidateAndAssignVerbosity();
             var msbuildLogger = new MSBuildLogger(this.Log);
             Serilog.Log.Logger = msbuildLogger;
+
+            var runtimeConfiguration = new RuntimeConfiguration
+            {
+                NamespaceUriBase = this.NamespaceBaseUri,
+                NamespaceUriUniquePart = this.NamespaceUriUniquePart,
+                DeleteManifestDirectoryIfPresent = this.DeleteManifestDirIfPresent,
+                Verbosity = logVerbosity,
+                NoComponentGovernanceSummary = true
+            };
+
             var taskHost = Host.CreateDefaultBuilder()
                .ConfigureServices((host, services) =>
                services
                .AddSingleton<IConfiguration, Configuration>()
+               .AddSingleton(runtimeConfiguration)
                .AddSbomTool(msbuildLogger)
                /* Manually adding some dependencies since `AddSbomTool()` does not add them when
                 * running the MSBuild Task from another project.
@@ -87,13 +98,6 @@ public override bool Execute()
                 PackageName = this.PackageName,
                 PackageVersion = this.PackageVersion,
             };
-            var runtimeConfiguration = new RuntimeConfiguration
-            {
-                NamespaceUriBase = this.NamespaceBaseUri,
-                NamespaceUriUniquePart = this.NamespaceUriUniquePart,
-                DeleteManifestDirectoryIfPresent = this.DeleteManifestDirIfPresent,
-                Verbosity = logVerbosity,
-            };
 #pragma warning disable VSTHRD002 // Avoid problematic synchronous waits
             var result = System.Threading.Tasks.Task.Run(() => generator.GenerateSbomAsync(
                 rootPath: this.BuildDropPath,