This tool is used to gather actual dependencies used by a .net/npm/pypi project and publish them to a ProGet instance. It is available as a standalone tool
for Windows/Linux, an installable dotnet tool, or a .net class library. Its functionality
is also available in OtterScript directly using the ProGet::Record-Dependencies operation.
Download the latest version from the Releases page.
Install the tool using dotnet. For example, to install the tool locally to the current tool manifest:
dotnet tool install pgscanExecute pgscan with the identify command. For example, to generate an SBOM and submit the dependencies of v1.0.0 the MyLibrary project to ProGet:
pgscan identify --input=MyLibrary.csproj --proget-url=https://proget.local --version=1.0.0Note that the identify command requires ProGet 2022 and later. If you're using ProGet 6.0, you'll need to use the now-deprecated publish command; see the old version of this README to learn how.
Use the ProGet::Record-Dependencies operation:
ProGet::Record-Dependencies
(
Project: MyProject.csproj,
Resource: LocalProGet,
Feed: Libraries,
ConsumerVersion: $ReleaseNumber
);
Use a local dotnet tool action to run pgscan on Windows and Linux build agents.
- Create a ProGet API key
- Once the API Key is created in ProGet, you will need to add it as a Secret on your GitHub project
- Navigate to your project in GitHub
- Click "Settings"
- Navigate to "Secrets -> Actions" on the right
- Click "New repository secret"
- Enter a name (ex:
PROGETAPIKEY) and your API key as the secret value
- Commit a dotnet tool manifest
- At the root of your repository, run
dotnet new tool-manifest(see Microsoft's local tool documentation for more information) - Commit this to your git repository
- At the root of your repository, run
- Setup .NET 6.0 in your workflow
- If you are already using dotnet 6 in your workflow, go to the next step.
- Add the following to your workflow:
- name: Setup .NET uses: actions/setup-dotnet@v2 with: dotnet-version: 6.0.x
- This can be added anywhere before the pgscan steps, but is typically added at the beginning
- Add the pgscan steps after build/publish steps of your code
- name: Install pgscan
run: dotnet tool install pgscan
- name: Run pgscan
working-directory: ProfiteCalcNet.Console
run: dotnet tool run pgscan identify --type=nuget --input=MyProject.csproj --project-name=MyProject --version=1.0.0 --project-type=application --proget-url=https://proget.local --api-key=${{ secrets.PROGETAPIKEY }}Use a local dotnet tool action to run pgscan on Windows and Linux build agents.
- Create a ProGet API key
- Once the API Key is created in ProGet, you will need to add it as a secrete Variable on your pipeline.
- Navigate to your pipeline in Azure DevOps
- Click Edit
- Click Variables and then the plus icon
- Enter a name (ex:
PROGETAPIKEY) and your API key as the value - Check "Keep this value Secret"
- Click OK
- Commit a dotnet tool manifest
- At the root of your repository, run
dotnet new tool-manifest(see Microsoft's local tool documentation for more information) - Commit this to your git repository
- At the root of your repository, run
- Add .NET 6.0 in your pipeline
- If you are already using dotnet 6 in your pipeline, go to the next step.
- Add the following to your workflow:
- task: UseDotNet@2 inputs: packageType: 'sdk' version: '6.0.x'
- This can be added anywhere before the pgscan steps, but is typically added at the beginning
- Add the pgscan steps after build/publish steps of your code
- script: dotnet tool install pgscan - script: dotnet tool run pgscan identify --type=nuget --input=MyProject.csproj --project-name=MyProject --version=1.0.0 --project-type=application --proget-url=https://proget.local --api-key=$(PROGETAPIKEY)