Proj0506: Third-party license registry requires hash

Using a NuGet package implies that you and/or your company explicitly agree with the legally binding conditions of the license and the copyright of the owner of the package.

The .NET project file analyzers require a <ThirdPartyLicense> to define a Hash to work properly.

Non-compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="SonarAnalyzer.CSharp" Version="10.6.0.109712" />
  </ItemGroup>
  
  <ItemGroup Label="Approved licenses">
    <ThirdPartyLicense Include="SonarAnalyzer.CSharp" />
  </ItemGroup>

</Project>

Compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="SonarAnalyzer.CSharp" Version="10.6.0.109712" />
  </ItemGroup>

  <ItemGroup Label="Approved licenses">
    <ThirdPartyLicense Include="SonarAnalyzer.CSharp" Hash="ZOAgZmx18wSWq5KpOpWd2bB9123" />
  </ItemGroup>

</Project>