From c887d9e49ea513ab80cfb212e756e0affe6dc2e9 Mon Sep 17 00:00:00 2001
From: Bert <bert.k@hotmail.com>
Date: Tue, 22 Apr 2025 14:10:27 +0200
Subject: [PATCH 1/2] Generate SBOM for nuget packages

---
 Directory.Packages.props                                 | 1 +
 src/coverlet.collector/coverlet.collector.csproj         | 6 ++++++
 src/coverlet.console/coverlet.console.csproj             | 6 ++++++
 src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj | 6 ++++++
 4 files changed, 19 insertions(+)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index eba94e254..1fd9fda8f 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -29,6 +29,7 @@
     <!--For test TestInstrument_NetstandardAwareAssemblyResolver_PreserveCompilationContext-->
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.3" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="$(MicrosoftNETTestSdkVersion)" />
+    <PackageVersion Include="Microsoft.Sbom.Targets" Version="3.1.0" />
     <PackageVersion Include="Microsoft.TestPlatform.ObjectModel" Version="$(MicrosoftNETTestSdkVersion)" />
     <!-- Microsoft.TestPlatform.ObjectModel has a dependency to NuGet.Frameworks with specific version -->
     <!-- https://github.com/microsoft/vstest/blob/9a0c41811637edf4afe0e265e08fdd1cb18109ed/src/Microsoft.TestPlatform.ObjectModel/Microsoft.TestPlatform.ObjectModel.csproj#L36-->
diff --git a/src/coverlet.collector/coverlet.collector.csproj b/src/coverlet.collector/coverlet.collector.csproj
index 7630bb845..b07d55fb5 100644
--- a/src/coverlet.collector/coverlet.collector.csproj
+++ b/src/coverlet.collector/coverlet.collector.csproj
@@ -18,6 +18,8 @@
     <EnablePackageValidation>true</EnablePackageValidation>
     <!-- disable transitive version update and use versions defined in coverlet.core -->
     <CentralPackageTransitivePinningEnabled>false</CentralPackageTransitivePinningEnabled>
+    <!-- create SBOM -->
+    <GenerateSBOM>true</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->
@@ -40,6 +42,10 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.TestPlatform.ObjectModel" />
     <PackageReference Include="NuGet.Frameworks" />
+    <PackageReference Include="Microsoft.Sbom.Targets">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/coverlet.console/coverlet.console.csproj b/src/coverlet.console/coverlet.console.csproj
index 2a7181b18..1f61991e5 100644
--- a/src/coverlet.console/coverlet.console.csproj
+++ b/src/coverlet.console/coverlet.console.csproj
@@ -6,6 +6,8 @@
     <ToolCommandName>coverlet</ToolCommandName>
     <PackAsTool>true</PackAsTool>
     <AssemblyTitle>coverlet.console</AssemblyTitle>
+    <!-- create SBOM -->
+    <GenerateSBOM>true</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->
@@ -25,6 +27,10 @@
  
   <ItemGroup>
     <PackageReference Include="System.CommandLine" />
+    <PackageReference Include="Microsoft.Sbom.Targets">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj b/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
index c04e823b0..83a710499 100644
--- a/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
+++ b/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
@@ -19,6 +19,8 @@
     <GenerateDependencyFile>true</GenerateDependencyFile>
     <CentralPackageTransitivePinningEnabled>false</CentralPackageTransitivePinningEnabled>
     <NoWarn>$(NoWarn);NU5100;NU5129;NU5127</NoWarn>
+    <!-- create SBOM -->
+    <GenerateSBOM>true</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->
@@ -41,6 +43,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Build.Utilities.Core" VersionOverride="$(MicrosoftBuildUtilitiesCorePackageVersion)" PrivateAssets="all" ExcludeAssets="Runtime" />
+    <PackageReference Include="Microsoft.Sbom.Targets">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
   </ItemGroup>
 
   <ItemGroup>

From 1a35c7d5a7899c6f5f12a46a8b982eef2ad77677 Mon Sep 17 00:00:00 2001
From: Bert <bert.k@hotmail.com>
Date: Mon, 12 May 2025 09:16:59 +0200
Subject: [PATCH 2/2] generate SBOM for CI builds

---
 src/coverlet.collector/coverlet.collector.csproj         | 4 ++--
 src/coverlet.console/coverlet.console.csproj             | 6 +++---
 src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/coverlet.collector/coverlet.collector.csproj b/src/coverlet.collector/coverlet.collector.csproj
index b07d55fb5..8a0f12d77 100644
--- a/src/coverlet.collector/coverlet.collector.csproj
+++ b/src/coverlet.collector/coverlet.collector.csproj
@@ -18,8 +18,8 @@
     <EnablePackageValidation>true</EnablePackageValidation>
     <!-- disable transitive version update and use versions defined in coverlet.core -->
     <CentralPackageTransitivePinningEnabled>false</CentralPackageTransitivePinningEnabled>
-    <!-- create SBOM -->
-    <GenerateSBOM>true</GenerateSBOM>
+    <!-- create SBOM for CI build-->
+    <GenerateSBOM>$(TF_BUILD)</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->
diff --git a/src/coverlet.console/coverlet.console.csproj b/src/coverlet.console/coverlet.console.csproj
index 1f61991e5..c99bc39ae 100644
--- a/src/coverlet.console/coverlet.console.csproj
+++ b/src/coverlet.console/coverlet.console.csproj
@@ -6,8 +6,8 @@
     <ToolCommandName>coverlet</ToolCommandName>
     <PackAsTool>true</PackAsTool>
     <AssemblyTitle>coverlet.console</AssemblyTitle>
-    <!-- create SBOM -->
-    <GenerateSBOM>true</GenerateSBOM>
+    <!-- create SBOM for CI build-->
+    <GenerateSBOM>$(TF_BUILD)</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->
@@ -24,7 +24,7 @@
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <RepositoryType>git</RepositoryType>
   </PropertyGroup>
- 
+
   <ItemGroup>
     <PackageReference Include="System.CommandLine" />
     <PackageReference Include="Microsoft.Sbom.Targets">
diff --git a/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj b/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
index 83a710499..e4e196896 100644
--- a/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
+++ b/src/coverlet.msbuild.tasks/coverlet.msbuild.tasks.csproj
@@ -19,8 +19,8 @@
     <GenerateDependencyFile>true</GenerateDependencyFile>
     <CentralPackageTransitivePinningEnabled>false</CentralPackageTransitivePinningEnabled>
     <NoWarn>$(NoWarn);NU5100;NU5129;NU5127</NoWarn>
-    <!-- create SBOM -->
-    <GenerateSBOM>true</GenerateSBOM>
+    <!-- create SBOM for CI build-->
+    <GenerateSBOM>$(TF_BUILD)</GenerateSBOM>
   </PropertyGroup>
 
   <!-- Nuget package properties https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets -->