From 291333d6d39e0fd614005a6b281ac8905c39fbfc Mon Sep 17 00:00:00 2001 From: Mike Zadik <80639729+CodeTigerCloud@users.noreply.github.com> Date: Thu, 14 Dec 2023 19:18:46 +0100 Subject: [PATCH] Fix: #739 remove .net-standard as dependency, as it is not in the scope of delivery Signed-off-by: CodeTiger --- CycloneDX/Services/ProjectAssetsFileService.cs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CycloneDX/Services/ProjectAssetsFileService.cs b/CycloneDX/Services/ProjectAssetsFileService.cs index 0158450b..54424c9a 100644 --- a/CycloneDX/Services/ProjectAssetsFileService.cs +++ b/CycloneDX/Services/ProjectAssetsFileService.cs @@ -84,6 +84,23 @@ public HashSet GetNugetPackages(string projectFilePath, string pro runtimePackages.Add(package); } + var allDependencies = runtimePackages.SelectMany(y => y.Dependencies.Keys).Distinct(); + var allPackages = runtimePackages.Select(p => p.Name); + var packagesNotInAllPackages = allDependencies.Except(allPackages); + + // Check if there is an "unresolved" dependency on NetStandard + if (packagesNotInAllPackages.Any(p => p == "NETStandard.Library")) + { + // If a project library has targets .net standard it actually doesn't resolve this dependency + // instead it is expected to find the Standard-Libraries on the target system + // => the libraries not being part of the resulting application and thus should not be included in + // the sbom anyways + foreach (var item in runtimePackages) + { + item.Dependencies.Remove("NETStandard.Library"); + } + } + ResolveDependencyVersionRanges(runtimePackages); packages.UnionWith(runtimePackages);