Support extracting SBOMs from NuGet packages that contain them #13979
Labels
Partner:DotNet
Priority:2
Issues for the current backlog.
Product:dotnet.exe
Product:NuGet.exe
NuGet.exe
Type:Feature
NuGet Product(s) Involved
NuGet.exe, dotnet.exe
The Elevator Pitch
Now that it's easy to generate SBOMs for packages via the Microsoft.SBOM.Targets package, it would be great if the NuGet tooling made it easy to access the SBOM generated for a package without having to
Many interop scenarios, like uploading an SBOM to GitHub to participate in their Dependency Graph services, require access to the raw SBOM and it's annoying to do this dance every time. It would be great to run a command like
dotnet package extract-sbom <path to package>
to get the SBOM and signature from the package.Additional Context and Details
No response
The text was updated successfully, but these errors were encountered: