Proj0243: Generate software bill of materials

To be compliant with the Executive Order on Improving the Nation’s Cybersecurity a detailed list of all components and dependencies in a software project should be published with (NuGet) package.

Non-compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <IsPackable>true</IsPackable>
  </PropertyGroup>

</Project>

Compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <IsPackable>true</IsPackable>
    <GenerateSBOM>true</GenerateSBOM>
  </PropertyGroup>
  
  <ItemGroup>
    <PackageReference Include="Microsoft.Sbom.Targets" Version="*" PrivateAssets="all" />
  </ItemGroup>

</Project>

More info

1. devblogs.microsoft.com
2. SBOMs + NuGet (YouTube)