Include content hash for NuGet packages in CycloneDX SBOMs
Currently, NuGet SBOMs lack package hash information which could be useful for package verification and security purposes.
This issue proposes to:
- Extract SHA512 ContentHash values from NuGet lock files
- Convert the extracted hashes from base64 to hex format
- Include the converted hash information in the generated SBOM components
Implementation plan
- Update the NuGet parser to extract hash data from lock files
- Modify the CycloneDX converter to include hash information in the output
- Implement base64 to hex conversion for the hash values
Expected Outcome: Enhanced SBOM components with accurate SHA512 hash information for NuGet packages, improving package verification capabilities.
Description was generated using AI
Edited by Oscar Tovar