From 90eeee8e134d793fb32c360866e3b562adb38a8d Mon Sep 17 00:00:00 2001
From: Sebastian Gomez <segomez@microsoft.com>
Date: Fri, 12 Jan 2024 10:53:28 -0500
Subject: [PATCH 1/5] Add supplier/license info for cargo and pip

---
 Directory.Packages.props                      |   6 +-
 .../CargoComponentExtensions.cs               |   6 +-
 .../PipComponentExtensions.cs                 |   6 +-
 .../Executors/ComponentDetectionBaseWalker.cs |   1 +
 .../Executors/PackagesWalker.cs               |   2 +
 .../ServiceCollectionExtensions.cs            | 100 +-----------------
 src/Microsoft.Sbom.Tool/Program.cs            |   2 +-
 7 files changed, 17 insertions(+), 106 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 85533223d..ab559fea7 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -7,7 +7,7 @@
         </PackageVersion>
     </ItemDefinitionGroup>
     <PropertyGroup>
-        <ComponentDetectionPackageVersion>4.0.11</ComponentDetectionPackageVersion>
+        <ComponentDetectionPackageVersion>4.0.12-preview.0.12</ComponentDetectionPackageVersion>
     </PropertyGroup>
     <ItemGroup>
         <PackageVersion Include="AutoMapper" Version="10.1.1" />
@@ -32,8 +32,8 @@
         <PackageVersion Include="Mono.Posix.NETStandard" Version="1.0.0" Condition="'$(TargetFramework)' == 'net6.0'"/>
         <PackageVersion Include="Moq" Version="4.17.2" />
         <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
-        <PackageVersion Include="NuGet.Configuration" Version="6.7.0" />
-        <PackageVersion Include="NuGet.Frameworks" Version="6.7.0" />
+        <PackageVersion Include="NuGet.Configuration" Version="6.8.0" />
+        <PackageVersion Include="NuGet.Frameworks" Version="6.8.0" />
         <PackageVersion Include="packageurl-dotnet" Version="1.1.0" />
         <PackageVersion Include="PowerArgs" Version="3.6.0" />
         <PackageVersion Include="Scrutor" Version="4.2.0" />
diff --git a/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/CargoComponentExtensions.cs b/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/CargoComponentExtensions.cs
index cf442b0a7..5779b8b2e 100644
--- a/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/CargoComponentExtensions.cs
+++ b/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/CargoComponentExtensions.cs
@@ -23,10 +23,12 @@ internal static class CargoComponentExtensions
         PackageUrl = cargoComponent.PackageUrl?.ToString(),
         PackageName = cargoComponent.Name,
         PackageVersion = cargoComponent.Version,
-        LicenseInfo = string.IsNullOrWhiteSpace(component.LicenseConcluded) ? null : new LicenseInfo
+        LicenseInfo = new LicenseInfo
         {
-            Concluded = component.LicenseConcluded,
+            Concluded = string.IsNullOrEmpty(component.LicenseConcluded) ? null : component.LicenseConcluded,
+            Declared = string.IsNullOrEmpty(cargoComponent.License) ? null : cargoComponent.License,
         },
+        Supplier = string.IsNullOrEmpty(cargoComponent.Author) ? null : $"Organization: {cargoComponent.Author}",
         FilesAnalyzed = false,
         Type = "cargo",
     };
diff --git a/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/PipComponentExtensions.cs b/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/PipComponentExtensions.cs
index 257fafdd7..794cedfc2 100644
--- a/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/PipComponentExtensions.cs
+++ b/src/Microsoft.Sbom.Adapters/Adapters/ComponentDetection/PipComponentExtensions.cs
@@ -23,10 +23,12 @@ internal static class PipComponentExtensions
         PackageUrl = pipComponent.PackageUrl?.ToString(),
         PackageName = pipComponent.Name,
         PackageVersion = pipComponent.Version,
-        LicenseInfo = string.IsNullOrWhiteSpace(component.LicenseConcluded) ? null : new LicenseInfo
+        LicenseInfo = new LicenseInfo
         {
-            Concluded = component.LicenseConcluded,
+            Concluded = string.IsNullOrEmpty(component.LicenseConcluded) ? null : component.LicenseConcluded,
+            Declared = string.IsNullOrEmpty(pipComponent.License) ? null : pipComponent.License,
         },
+        Supplier = string.IsNullOrEmpty(pipComponent.Author) ? null : $"Organization: {pipComponent.Author}",
         FilesAnalyzed = false,
         Type = "python",
     };
diff --git a/src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs b/src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs
index d4240c50c..24b6a8b94 100644
--- a/src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs
+++ b/src/Microsoft.Sbom.Api/Executors/ComponentDetectionBaseWalker.cs
@@ -78,6 +78,7 @@ public ComponentDetectionBaseWalker(
         // Enable SPDX22 and ConanLock detector which is disabled by default.
         cliArgumentBuilder.AddDetectorArg("SPDX22SBOM", "EnableIfDefaultOff");
         cliArgumentBuilder.AddDetectorArg("ConanLock", "EnableIfDefaultOff");
+        cliArgumentBuilder.AddDetectorArg("RustCli", "EnableIfDefaultOff");
 
         if (sbomConfigs.TryGet(Constants.SPDX22ManifestInfo, out var spdxSbomConfig))
         {
diff --git a/src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs b/src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs
index 0e7e6346a..e296804ea 100644
--- a/src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs
+++ b/src/Microsoft.Sbom.Api/Executors/PackagesWalker.cs
@@ -29,6 +29,8 @@ protected override IEnumerable<ScannedComponent> FilterScannedComponents(ScanRes
         return result
             .ComponentsFound
             .Where(component => !(component.Component is SpdxComponent)) // We exclude detected SBOMs from packages section and reference them as an ExternalReference
+            .GroupBy(component => component.Component.Id)
+            .Select(group => group.FirstOrDefault(component => component.DetectorId == "RustCli") ?? group.First())
             .Distinct(new ScannedComponentEqualityComparer())
             .ToList();
     }
diff --git a/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs b/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
index dad6ebb08..693039189 100644
--- a/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
@@ -2,31 +2,8 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System.Collections.Concurrent;
-using Microsoft.ComponentDetection.Common;
-using Microsoft.ComponentDetection.Contracts;
-using Microsoft.ComponentDetection.Detectors.CocoaPods;
-using Microsoft.ComponentDetection.Detectors.Conan;
-using Microsoft.ComponentDetection.Detectors.Dockerfile;
-using Microsoft.ComponentDetection.Detectors.Go;
-using Microsoft.ComponentDetection.Detectors.Gradle;
-using Microsoft.ComponentDetection.Detectors.Ivy;
-using Microsoft.ComponentDetection.Detectors.Linux;
-using Microsoft.ComponentDetection.Detectors.Maven;
-using Microsoft.ComponentDetection.Detectors.Npm;
-using Microsoft.ComponentDetection.Detectors.NuGet;
-using Microsoft.ComponentDetection.Detectors.Pip;
-using Microsoft.ComponentDetection.Detectors.Pnpm;
-using Microsoft.ComponentDetection.Detectors.Poetry;
-using Microsoft.ComponentDetection.Detectors.Ruby;
-using Microsoft.ComponentDetection.Detectors.Rust;
-using Microsoft.ComponentDetection.Detectors.Spdx;
-using Microsoft.ComponentDetection.Detectors.Vcpkg;
-using Microsoft.ComponentDetection.Detectors.Yarn;
-using Microsoft.ComponentDetection.Detectors.Yarn.Parsers;
 using Microsoft.ComponentDetection.Orchestrator;
-using Microsoft.ComponentDetection.Orchestrator.Experiments;
-using Microsoft.ComponentDetection.Orchestrator.Services;
-using Microsoft.ComponentDetection.Orchestrator.Services.GraphTranslation;
+using Microsoft.ComponentDetection.Orchestrator.Extensions;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Http;
 using Microsoft.Extensions.Logging;
@@ -212,10 +189,7 @@ public static IServiceCollection AddSbomTool(this IServiceCollection services, L
 
                 return manifestData;
             })
-            .ConfigureLoggingProviders()
-            .ConfigureComponentDetectors()
-            .ConfigureComponentDetectionSharedServices()
-            .ConfigureComponentDetectionCommandLineServices()
+            .AddComponentDetection()
             .AddHttpClient<LicenseInformationService>();
 
         return services;
@@ -240,74 +214,4 @@ public static IServiceCollection ConfigureLoggingProviders(this IServiceCollecti
 
         return services;
     }
-
-    public static IServiceCollection ConfigureComponentDetectionCommandLineServices(this IServiceCollection services)
-    {
-        services.AddSingleton<IScanExecutionService, ScanExecutionService>();
-        services.AddSingleton<IDetectorProcessingService, DetectorProcessingService>();
-        services.AddSingleton<IDetectorRestrictionService, DetectorRestrictionService>();
-        services.AddSingleton<IArgumentHelper, ArgumentHelper>();
-
-        return services;
-    }
-
-    public static IServiceCollection ConfigureComponentDetectionSharedServices(this IServiceCollection services)
-    {
-        services.AddSingleton<IFileWritingService, FileWritingService>();
-        services.AddSingleton<IArgumentHelper, ArgumentHelper>();
-        services.AddSingleton<ICommandLineInvocationService, CommandLineInvocationService>();
-        services.AddSingleton<IComponentStreamEnumerableFactory, ComponentStreamEnumerableFactory>();
-        services.AddSingleton<IConsoleWritingService, ConsoleWritingService>();
-        services.AddSingleton<IDockerService, DockerService>();
-        services.AddSingleton<IEnvironmentVariableService, EnvironmentVariableService>();
-        services.AddSingleton<IObservableDirectoryWalkerFactory, FastDirectoryWalkerFactory>();
-        services.AddSingleton<IFileUtilityService, FileUtilityService>();
-        services.AddSingleton<IFileWritingService, FileWritingService>();
-        services.AddSingleton<IGraphTranslationService, DefaultGraphTranslationService>();
-        services.AddSingleton<IPathUtilityService, PathUtilityService>();
-        services.AddSingleton<ISafeFileEnumerableFactory, SafeFileEnumerableFactory>();
-        services.AddSingleton<IExperimentService, ExperimentService>();
-
-        return services;
-    }
-
-    public static IServiceCollection ConfigureComponentDetectors(this IServiceCollection services)
-    {
-        services.AddSingleton<IComponentDetector, PodComponentDetector>();
-        services.AddSingleton<IComponentDetector, ConanLockComponentDetector>();
-        services.AddSingleton<IComponentDetector, CondaLockComponentDetector>();
-        services.AddSingleton<IComponentDetector, DockerfileComponentDetector>();
-        services.AddSingleton<IComponentDetector, GoComponentDetector>();
-        services.AddSingleton<IComponentDetector, GradleComponentDetector>();
-        services.AddSingleton<IComponentDetector, IvyDetector>();
-        services.AddSingleton<ILinuxScanner, LinuxScanner>();
-        services.AddSingleton<IComponentDetector, LinuxContainerDetector>();
-        services.AddSingleton<IMavenCommandService, MavenCommandService>();
-        services.AddSingleton<IMavenStyleDependencyGraphParserService, MavenStyleDependencyGraphParserService>();
-        services.AddSingleton<IComponentDetector, MvnCliComponentDetector>();
-        services.AddSingleton<IComponentDetector, NpmComponentDetector>();
-        services.AddSingleton<IComponentDetector, NpmComponentDetectorWithRoots>();
-        services.AddSingleton<IComponentDetector, NpmLockfile3Detector>();
-        services.AddSingleton<IComponentDetector, NuGetComponentDetector>();
-        services.AddSingleton<IComponentDetector, NuGetPackagesConfigDetector>();
-        services.AddSingleton<IComponentDetector, NuGetProjectModelProjectCentricComponentDetector>();
-        services.AddSingleton<IPyPiClient, PyPiClient>();
-        services.AddSingleton<ISimplePyPiClient, SimplePyPiClient>();
-        services.AddSingleton<IPythonCommandService, PythonCommandService>();
-        services.AddSingleton<IPythonResolver, PythonResolver>();
-        services.AddSingleton<ISimplePythonResolver, SimplePythonResolver>();
-        services.AddSingleton<IComponentDetector, PipComponentDetector>();
-        services.AddSingleton<IComponentDetector, SimplePipComponentDetector>();
-        services.AddSingleton<IComponentDetector, PnpmComponentDetector>();
-        services.AddSingleton<IComponentDetector, PoetryComponentDetector>();
-        services.AddSingleton<IComponentDetector, RubyComponentDetector>();
-        services.AddSingleton<IComponentDetector, RustCrateDetector>();
-        services.AddSingleton<IComponentDetector, Spdx22ComponentDetector>();
-        services.AddSingleton<IComponentDetector, VcpkgComponentDetector>();
-        services.AddSingleton<IYarnLockParser, YarnLockParser>();
-        services.AddSingleton<IYarnLockFileFactory, YarnLockFileFactory>();
-        services.AddSingleton<IComponentDetector, YarnLockComponentDetector>();
-
-        return services;
-    }
 }
diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs
index 264421651..a46cb9868 100644
--- a/src/Microsoft.Sbom.Tool/Program.cs
+++ b/src/Microsoft.Sbom.Tool/Program.cs
@@ -69,7 +69,7 @@ await Host.CreateDefaultBuilder(args)
                             inputConfiguration.ToConfiguration();
                             return inputConfiguration;
                         })
-
+                        .ConfigureLoggingProviders()
                         .AddSbomTool();
                 })
                 .RunConsoleAsync(x => x.SuppressStatusMessages = true);

From 458ed7096abf44cc243c471503fd9d56993b51bb Mon Sep 17 00:00:00 2001
From: Sebastian Gomez <segomez@microsoft.com>
Date: Fri, 12 Jan 2024 11:17:01 -0500
Subject: [PATCH 2/5] Revert unnecessary changes

---
 .../ServiceCollectionExtensions.cs            | 100 +++++++++++++++++-
 src/Microsoft.Sbom.Tool/Program.cs            |   1 -
 2 files changed, 98 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs b/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
index 693039189..dad6ebb08 100644
--- a/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.Sbom.Extensions.DependencyInjection/ServiceCollectionExtensions.cs
@@ -2,8 +2,31 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System.Collections.Concurrent;
+using Microsoft.ComponentDetection.Common;
+using Microsoft.ComponentDetection.Contracts;
+using Microsoft.ComponentDetection.Detectors.CocoaPods;
+using Microsoft.ComponentDetection.Detectors.Conan;
+using Microsoft.ComponentDetection.Detectors.Dockerfile;
+using Microsoft.ComponentDetection.Detectors.Go;
+using Microsoft.ComponentDetection.Detectors.Gradle;
+using Microsoft.ComponentDetection.Detectors.Ivy;
+using Microsoft.ComponentDetection.Detectors.Linux;
+using Microsoft.ComponentDetection.Detectors.Maven;
+using Microsoft.ComponentDetection.Detectors.Npm;
+using Microsoft.ComponentDetection.Detectors.NuGet;
+using Microsoft.ComponentDetection.Detectors.Pip;
+using Microsoft.ComponentDetection.Detectors.Pnpm;
+using Microsoft.ComponentDetection.Detectors.Poetry;
+using Microsoft.ComponentDetection.Detectors.Ruby;
+using Microsoft.ComponentDetection.Detectors.Rust;
+using Microsoft.ComponentDetection.Detectors.Spdx;
+using Microsoft.ComponentDetection.Detectors.Vcpkg;
+using Microsoft.ComponentDetection.Detectors.Yarn;
+using Microsoft.ComponentDetection.Detectors.Yarn.Parsers;
 using Microsoft.ComponentDetection.Orchestrator;
-using Microsoft.ComponentDetection.Orchestrator.Extensions;
+using Microsoft.ComponentDetection.Orchestrator.Experiments;
+using Microsoft.ComponentDetection.Orchestrator.Services;
+using Microsoft.ComponentDetection.Orchestrator.Services.GraphTranslation;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Http;
 using Microsoft.Extensions.Logging;
@@ -189,7 +212,10 @@ public static IServiceCollection AddSbomTool(this IServiceCollection services, L
 
                 return manifestData;
             })
-            .AddComponentDetection()
+            .ConfigureLoggingProviders()
+            .ConfigureComponentDetectors()
+            .ConfigureComponentDetectionSharedServices()
+            .ConfigureComponentDetectionCommandLineServices()
             .AddHttpClient<LicenseInformationService>();
 
         return services;
@@ -214,4 +240,74 @@ public static IServiceCollection ConfigureLoggingProviders(this IServiceCollecti
 
         return services;
     }
+
+    public static IServiceCollection ConfigureComponentDetectionCommandLineServices(this IServiceCollection services)
+    {
+        services.AddSingleton<IScanExecutionService, ScanExecutionService>();
+        services.AddSingleton<IDetectorProcessingService, DetectorProcessingService>();
+        services.AddSingleton<IDetectorRestrictionService, DetectorRestrictionService>();
+        services.AddSingleton<IArgumentHelper, ArgumentHelper>();
+
+        return services;
+    }
+
+    public static IServiceCollection ConfigureComponentDetectionSharedServices(this IServiceCollection services)
+    {
+        services.AddSingleton<IFileWritingService, FileWritingService>();
+        services.AddSingleton<IArgumentHelper, ArgumentHelper>();
+        services.AddSingleton<ICommandLineInvocationService, CommandLineInvocationService>();
+        services.AddSingleton<IComponentStreamEnumerableFactory, ComponentStreamEnumerableFactory>();
+        services.AddSingleton<IConsoleWritingService, ConsoleWritingService>();
+        services.AddSingleton<IDockerService, DockerService>();
+        services.AddSingleton<IEnvironmentVariableService, EnvironmentVariableService>();
+        services.AddSingleton<IObservableDirectoryWalkerFactory, FastDirectoryWalkerFactory>();
+        services.AddSingleton<IFileUtilityService, FileUtilityService>();
+        services.AddSingleton<IFileWritingService, FileWritingService>();
+        services.AddSingleton<IGraphTranslationService, DefaultGraphTranslationService>();
+        services.AddSingleton<IPathUtilityService, PathUtilityService>();
+        services.AddSingleton<ISafeFileEnumerableFactory, SafeFileEnumerableFactory>();
+        services.AddSingleton<IExperimentService, ExperimentService>();
+
+        return services;
+    }
+
+    public static IServiceCollection ConfigureComponentDetectors(this IServiceCollection services)
+    {
+        services.AddSingleton<IComponentDetector, PodComponentDetector>();
+        services.AddSingleton<IComponentDetector, ConanLockComponentDetector>();
+        services.AddSingleton<IComponentDetector, CondaLockComponentDetector>();
+        services.AddSingleton<IComponentDetector, DockerfileComponentDetector>();
+        services.AddSingleton<IComponentDetector, GoComponentDetector>();
+        services.AddSingleton<IComponentDetector, GradleComponentDetector>();
+        services.AddSingleton<IComponentDetector, IvyDetector>();
+        services.AddSingleton<ILinuxScanner, LinuxScanner>();
+        services.AddSingleton<IComponentDetector, LinuxContainerDetector>();
+        services.AddSingleton<IMavenCommandService, MavenCommandService>();
+        services.AddSingleton<IMavenStyleDependencyGraphParserService, MavenStyleDependencyGraphParserService>();
+        services.AddSingleton<IComponentDetector, MvnCliComponentDetector>();
+        services.AddSingleton<IComponentDetector, NpmComponentDetector>();
+        services.AddSingleton<IComponentDetector, NpmComponentDetectorWithRoots>();
+        services.AddSingleton<IComponentDetector, NpmLockfile3Detector>();
+        services.AddSingleton<IComponentDetector, NuGetComponentDetector>();
+        services.AddSingleton<IComponentDetector, NuGetPackagesConfigDetector>();
+        services.AddSingleton<IComponentDetector, NuGetProjectModelProjectCentricComponentDetector>();
+        services.AddSingleton<IPyPiClient, PyPiClient>();
+        services.AddSingleton<ISimplePyPiClient, SimplePyPiClient>();
+        services.AddSingleton<IPythonCommandService, PythonCommandService>();
+        services.AddSingleton<IPythonResolver, PythonResolver>();
+        services.AddSingleton<ISimplePythonResolver, SimplePythonResolver>();
+        services.AddSingleton<IComponentDetector, PipComponentDetector>();
+        services.AddSingleton<IComponentDetector, SimplePipComponentDetector>();
+        services.AddSingleton<IComponentDetector, PnpmComponentDetector>();
+        services.AddSingleton<IComponentDetector, PoetryComponentDetector>();
+        services.AddSingleton<IComponentDetector, RubyComponentDetector>();
+        services.AddSingleton<IComponentDetector, RustCrateDetector>();
+        services.AddSingleton<IComponentDetector, Spdx22ComponentDetector>();
+        services.AddSingleton<IComponentDetector, VcpkgComponentDetector>();
+        services.AddSingleton<IYarnLockParser, YarnLockParser>();
+        services.AddSingleton<IYarnLockFileFactory, YarnLockFileFactory>();
+        services.AddSingleton<IComponentDetector, YarnLockComponentDetector>();
+
+        return services;
+    }
 }
diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs
index a46cb9868..d03b4792f 100644
--- a/src/Microsoft.Sbom.Tool/Program.cs
+++ b/src/Microsoft.Sbom.Tool/Program.cs
@@ -69,7 +69,6 @@ await Host.CreateDefaultBuilder(args)
                             inputConfiguration.ToConfiguration();
                             return inputConfiguration;
                         })
-                        .ConfigureLoggingProviders()
                         .AddSbomTool();
                 })
                 .RunConsoleAsync(x => x.SuppressStatusMessages = true);

From 977c243025e024c60b4d3ac8aecce3753b3cacb6 Mon Sep 17 00:00:00 2001
From: Sebastian Gomez <segomez@microsoft.com>
Date: Fri, 12 Jan 2024 11:17:40 -0500
Subject: [PATCH 3/5] Nit

---
 src/Microsoft.Sbom.Tool/Program.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs
index d03b4792f..264421651 100644
--- a/src/Microsoft.Sbom.Tool/Program.cs
+++ b/src/Microsoft.Sbom.Tool/Program.cs
@@ -69,6 +69,7 @@ await Host.CreateDefaultBuilder(args)
                             inputConfiguration.ToConfiguration();
                             return inputConfiguration;
                         })
+
                         .AddSbomTool();
                 })
                 .RunConsoleAsync(x => x.SuppressStatusMessages = true);

From 62c9cc85838490e8e5b56bdc4f54126299be6583 Mon Sep 17 00:00:00 2001
From: Sebastian Gomez <segomez@microsoft.com>
Date: Fri, 12 Jan 2024 11:23:58 -0500
Subject: [PATCH 4/5] Correct component-detection version

---
 Directory.Packages.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index ab559fea7..75cca2428 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -7,7 +7,7 @@
         </PackageVersion>
     </ItemDefinitionGroup>
     <PropertyGroup>
-        <ComponentDetectionPackageVersion>4.0.12-preview.0.12</ComponentDetectionPackageVersion>
+        <ComponentDetectionPackageVersion>4.0.12</ComponentDetectionPackageVersion>
     </PropertyGroup>
     <ItemGroup>
         <PackageVersion Include="AutoMapper" Version="10.1.1" />

From 813ab74ce8ad9c01173d6c9aa3f90e2681d5693d Mon Sep 17 00:00:00 2001
From: Sebastian Gomez <segomez@microsoft.com>
Date: Tue, 23 Jan 2024 18:40:23 -0500
Subject: [PATCH 5/5] Bump CD version

---
 Directory.Packages.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 75cca2428..90b461680 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -7,7 +7,7 @@
         </PackageVersion>
     </ItemDefinitionGroup>
     <PropertyGroup>
-        <ComponentDetectionPackageVersion>4.0.12</ComponentDetectionPackageVersion>
+        <ComponentDetectionPackageVersion>4.1.0</ComponentDetectionPackageVersion>
     </PropertyGroup>
     <ItemGroup>
         <PackageVersion Include="AutoMapper" Version="10.1.1" />