Merge branch 'main' into dev/docs-add-homebrew-install

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

Directory.Packages.props

@@ -7,14 +7,13 @@
         </PackageVersion>
     </ItemDefinitionGroup>
     <PropertyGroup>
-        <ComponentDetectionPackageVersion>3.3.12</ComponentDetectionPackageVersion>
+        <ComponentDetectionPackageVersion>2.0.8</ComponentDetectionPackageVersion>
     </PropertyGroup>
     <ItemGroup>
         <PackageVersion Include="MinVer" Version="2.5.0"/>
-        <PackageVersion Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.0"/>
+        <PackageVersion Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.2"/>
         <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="1.1.1"/>
-        <PackageVersion Include="Newtonsoft.Json" Version="13.0.3"/>
-        <PackageVersion Include="Serilog.Extensions.Hosting" Version="7.0.0"/>
+        <PackageVersion Include="Newtonsoft.Json" Version="13.0.1"/>
         <PackageVersion Include="StyleCop.Analyzers" Version="1.1.118"/>
         <PackageVersion Include="System.Text.Json" Version="7.0.3" />
         <PackageVersion Include="System.Composition.AttributedModel" Version="1.4.1"/>
@@ -26,7 +25,7 @@
         <PackageVersion Include="System.Reactive" Version="5.0.0"/>
         <PackageVersion Include="System.Runtime.Loader" Version="4.3.0"/>
         <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="4.11.1"/>
-        <PackageVersion Include="Serilog.Sinks.Console" Version="4.1.0"/>
+        <PackageVersion Include="Serilog.Sinks.Console" Version="4.0.0" />
         <PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
         <PackageVersion Include="Mono.Posix.NETStandard" Version="1.0.0" />
         <PackageVersion Include="Microsoft.ComponentDetection.Contracts" Version="$(ComponentDetectionPackageVersion)" />
@@ -43,13 +42,12 @@
         <PackageVersion Include="PowerArgs" Version="3.6.0" />
         <PackageVersion Include="System.Threading.Channels" Version="6.0.0" />
         <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-        <PackageVersion Include="NuGet.Frameworks" Version="6.6.1"/>
+        <PackageVersion Include="NuGet.Frameworks" Version="5.11.3" />
         <PackageVersion Include="System.Linq.Async" Version="6.0.1" />
         <PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="6.0.0" />
         <PackageVersion Include="System.Private.Uri" Version="4.3.2" />
         <PackageVersion Include="Microsoft.Extensions.Hosting" Version="6.0.1" />
         <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="6.0.1" />
-        <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="7.0.1" />
         <PackageVersion Include="Scrutor" Version="4.2.0" />
         <PackageVersion Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="8.1.1" />
         <PackageVersion Include="Serilog.AspNetCore" Version="6.1.0" />

src/Microsoft.Sbom.Api/Executors/ConcurrentSha256HashValidator.cs

@@ -55,7 +55,7 @@ private async Task Validate(InternalSbomFileInfo internalFileInfo, Channel<FileV
         var newValue = fileHashesDictionary.FileHashes.AddOrUpdate(internalFileInfo.Path, fileHashes, (key, oldValue) =>
         {
             // This means a file with the same location was already added to the dictionary.
-            if (oldValue.GetHash(internalFileInfo.FileLocation) != null)
+            if (oldValue?.GetHash(internalFileInfo.FileLocation) != null)
             {
                 failureResult = new FileValidationResult
                 {
@@ -66,7 +66,7 @@ private async Task Validate(InternalSbomFileInfo internalFileInfo, Channel<FileV
                 return null;
             }
 
-            oldValue.SetHash(internalFileInfo.FileLocation, sha256Checksum);
+            oldValue?.SetHash(internalFileInfo.FileLocation, sha256Checksum);
             return oldValue;
         });
 
@@ -77,7 +77,7 @@ private async Task Validate(InternalSbomFileInfo internalFileInfo, Channel<FileV
         }
 
         // If we have the files from both locations present in the hash, validate if the hashes match.
-        if (newValue.FileLocation == Sbom.Entities.FileLocation.All)
+        if (newValue?.FileLocation == Sbom.Entities.FileLocation.All)
         {
             if (string.Equals(newValue.OnDiskHash.ChecksumValue, newValue.SBOMFileHash.ChecksumValue, StringComparison.InvariantCultureIgnoreCase))
             {

src/Microsoft.Sbom.Api/Executors/DirectoryWalker.cs

@@ -57,8 +57,10 @@ async Task WalkDir(string path)
         {
             try
             {
+                log.Verbose("Enumerating files under the directory {path}", path);
                 foreach (var file in fileSystemUtils.GetFilesInDirectory(path, followSymlinks))
                 {
+                    log.Verbose("Found file {file}.", file);
                     await output.Writer.WriteAsync(file);
                 }
 

src/Microsoft.Sbom.Api/Executors/FileInfoWriter.cs

@@ -68,6 +68,7 @@ private async Task Generate(IList<ISbomConfig> filesArraySupportingSBOMs, Intern
         {
             foreach (var config in filesArraySupportingSBOMs)
             {
+                log.Verbose("Generating json for file {file} into {config}", sbomFile.Path, config.ManifestJsonFilePath);
                 var generationResult = manifestGeneratorProvider
                     .Get(config.ManifestInfo)
                     .GenerateJsonDocument(sbomFile);

src/Microsoft.Sbom.Api/Microsoft.Sbom.Api.csproj

@@ -16,8 +16,6 @@
         <PackageReference Include="Microsoft.ComponentDetection.Contracts" />
         <PackageReference Include="Microsoft.ComponentDetection.Orchestrator" />
         <PackageReference Include="Microsoft.ComponentDetection.Detectors" />
-        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
-        <PackageReference Include="Serilog.Extensions.Hosting" />
         <PackageReference Include="System.Private.Uri" />
         <PackageReference Include="Newtonsoft.Json" />
         <PackageReference Include="packageurl-dotnet" />

src/Microsoft.Sbom.Api/Providers/FilesProviders/PathBasedFileToJsonProviderBase.cs

@@ -55,9 +55,9 @@ protected override (ChannelReader<JsonDocWithSerializer> results, ChannelReader<
         // Generate hash code for the files
         var (fileInfos, hashingErrors) = fileHasher.Run(filteredFiles);
         errors.Add(hashingErrors);
-        fileInfos = internalSBOMFileInfoDeduplicator.Deduplicate(fileInfos);
+        var deduplicatedFileInfos = internalSBOMFileInfoDeduplicator.Deduplicate(fileInfos);
 
-        var (jsonDocCount, jsonErrors) = fileHashWriter.Write(fileInfos, requiredConfigs);
+        var (jsonDocCount, jsonErrors) = fileHashWriter.Write(deduplicatedFileInfos, requiredConfigs);
         errors.Add(jsonErrors);
 
         return (jsonDocCount, ChannelUtils.Merge(errors.ToArray()));

src/Microsoft.Sbom.Api/Utils/ComponentDetectionCliArgumentBuilder.cs

@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.ComponentDetection.Contracts;
+using Microsoft.ComponentDetection.Common;
 using PowerArgs;
 
 namespace Microsoft.Sbom.Api.Utils;

src/Microsoft.Sbom.Api/Utils/ComponentDetector.cs

@@ -1,51 +1,20 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-using System;
-using System.Collections.Generic;
 using System.Threading.Tasks;
-using Microsoft.ComponentDetection.Common;
 using Microsoft.ComponentDetection.Contracts.BcdeModels;
 using Microsoft.ComponentDetection.Orchestrator;
-using Microsoft.ComponentDetection.Orchestrator.Services;
-using Microsoft.Extensions.Logging;
 
 namespace Microsoft.Sbom.Api.Utils;
 
 /// <summary>
 /// A component detector wrapper, used for unit testing.
 /// </summary>
-public class ComponentDetector : IComponentDetector
+public class ComponentDetector
 {
-    private readonly IServiceProvider serviceProvider;
-    private readonly IEnumerable<IArgumentHandlingService> argumentHandlers;
-    private readonly IFileWritingService fileWritingService;
-    private readonly IArgumentHelper argumentHelper;
-    private readonly ILogger<Orchestrator> logger;
-
-    public ComponentDetector(
-        IServiceProvider serviceProvider,
-        IEnumerable<IArgumentHandlingService> argumentHandlers,
-        IFileWritingService fileWritingService,
-        IArgumentHelper argumentHelper,
-        ILogger<Orchestrator> logger)
-    {
-        this.serviceProvider = serviceProvider;
-        this.argumentHandlers = argumentHandlers;
-        this.fileWritingService = fileWritingService;
-        this.argumentHelper = argumentHelper;
-        this.logger = logger;
-    }
-
     public virtual async Task<ScanResult> ScanAsync(string[] args)
     {
-        var orchestrator = new Orchestrator(
-            serviceProvider,
-            argumentHandlers,
-            fileWritingService,
-            argumentHelper,
-            logger);
-
+        var orchestrator = new Orchestrator();
         return await orchestrator.LoadAsync(args);
     }
 }

src/Microsoft.Sbom.Api/Utils/ComponentDetectorCachedExecutor.cs

@@ -16,10 +16,10 @@ namespace Microsoft.Sbom.Api.Utils;
 public class ComponentDetectorCachedExecutor
 {
     private readonly ILogger log;
-    private readonly IComponentDetector detector;
+    private readonly ComponentDetector detector;
     private ConcurrentDictionary<int, ScanResult> results;
 
-    public ComponentDetectorCachedExecutor(ILogger log, IComponentDetector detector)
+    public ComponentDetectorCachedExecutor(ILogger log, ComponentDetector detector)
     {
         this.log = log ?? throw new ArgumentNullException(nameof(log));
         this.detector = detector ?? throw new ArgumentNullException(nameof(detector));

src/Microsoft.Sbom.Api/Workflows/Helpers/FileArrayGenerator.cs

@@ -10,6 +10,7 @@
 using Microsoft.Sbom.Api.Providers;
 using Microsoft.Sbom.Api.Utils;
 using Microsoft.Sbom.Extensions;
+using ILogger = Serilog.ILogger;
 
 namespace Microsoft.Sbom.Api.Workflows.Helpers;
 
@@ -24,14 +25,18 @@ public class FileArrayGenerator : IJsonArrayGenerator<FileArrayGenerator>
 
     private readonly IRecorder recorder;
 
+    private readonly ILogger logger;
+
     public FileArrayGenerator(
         ISbomConfigProvider sbomConfigs,
         IEnumerable<ISourcesProvider> sourcesProviders,
-        IRecorder recorder)
+        IRecorder recorder,
+        ILogger logger)
     {
         this.sbomConfigs = sbomConfigs ?? throw new ArgumentNullException(nameof(sbomConfigs));
         this.sourcesProviders = sourcesProviders ?? throw new ArgumentNullException(nameof(sourcesProviders));
         this.recorder = recorder ?? throw new ArgumentNullException(nameof(recorder));
+        this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
     }
 
     /// <summary>
@@ -61,6 +66,7 @@ public async Task<IList<FileValidationResult>> GenerateAsync()
                 {
                     config.JsonSerializer.StartJsonArray(filesArrayHeaderName);
                     filesArraySupportingSBOMs.Add(config);
+                    this.logger.Verbose("Started writing files array for {configFile}.", config.ManifestJsonFilePath);
                 }
             }
 

src/Microsoft.Sbom.Extensions.DependencyInjection/Microsoft.Sbom.Extensions.DependencyInjection.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>