Fix: #739 remove .net-standard as dependency, as it is not in the sco…

…pe of delivery Signed-off-by: CodeTiger <[email protected]>
CycloneDX · Dec 14, 2023 · 291333d · 291333d
1 parent 1d858e9
commit 291333d
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/CycloneDX/Services/ProjectAssetsFileService.cs b/CycloneDX/Services/ProjectAssetsFileService.cs
@@ -84,6 +84,23 @@ public HashSet<NugetPackage> GetNugetPackages(string projectFilePath, string pro
                         runtimePackages.Add(package);
                     }
 
+                    var allDependencies = runtimePackages.SelectMany(y => y.Dependencies.Keys).Distinct();
+                    var allPackages = runtimePackages.Select(p => p.Name);
+                    var packagesNotInAllPackages = allDependencies.Except(allPackages);
+
+                    // Check if there is an "unresolved" dependency on NetStandard                    
+                    if (packagesNotInAllPackages.Any(p => p == "NETStandard.Library"))
+                    {
+                        // If a project library has targets .net standard it actually doesn't resolve this dependency
+                        // instead it is expected to find the Standard-Libraries on the target system
+                        // => the libraries not being part of the resulting application and thus should not be included in
+                        // the sbom anyways
+                        foreach (var item in runtimePackages)
+                        {
+                            item.Dependencies.Remove("NETStandard.Library");
+                        }
+                    }
+
                     ResolveDependencyVersionRanges(runtimePackages);
 
                     packages.UnionWith(runtimePackages);