-
-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope property is always being set to required #843
Comments
This issue is stale because it has been open for 3 months with no activity. |
@mtsfoni how is this progressing? |
#847 and #848 basically has the solution to the problem that we discussed regarding figuring out what is a dev dependency and what not. Unfortunately, the PR is like 90% done, if is recall correctly. After that, I planned to introduce an enum CLI-argument, so users can decide how to handle dev dependencies.
After checking with different people in the CycloneDX core group, I got different answers how to handle dev-dependencies and what e.g. excluded scope is meant for (Somewhere it said for components that must be added to the scope of delivery). Hence, I just want to give the full control about that to the user. Unfortunately, I'm busy with updating the cdx-dotnet-library to version 1.6 before I can put a lot of time into the tool again. |
Ok thanks for the update @mtsfoni I might see if I can determine what is outstanding to help it along. |
This issue is stale because it has been open for 3 months with no activity. |
Still awaiting for solution |
This issue is stale because it has been open for 3 months with no activity. |
Still relevant |
In my project I have a number of packagereference which has the privateAssets/excludedAssets property set to all yet when I look at the bom which is generated it has the scope property set to required for all components.
The text was updated successfully, but these errors were encountered: