DemaConsulting.SpdxWorkflows 1.0.0

Prefix Reserved 
dotnet add package DemaConsulting.SpdxWorkflows --version 1.0.0
                    


                    

                
NuGet\Install-Package DemaConsulting.SpdxWorkflows -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DemaConsulting.SpdxWorkflows" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DemaConsulting.SpdxWorkflows" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DemaConsulting.SpdxWorkflows" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DemaConsulting.SpdxWorkflows --version 1.0.0
                    


                    

                
#r "nuget: DemaConsulting.SpdxWorkflows, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DemaConsulting.SpdxWorkflows@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DemaConsulting.SpdxWorkflows&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DemaConsulting.SpdxWorkflows&version=1.0.0
                    


                            Install as a Cake Tool

SpdxWorkflows

GitHub forks GitHub stars GitHub contributors License Build

DEMA Consulting collection of standard SpdxTool workflow YAML files for capturing build-tool version information and populating SPDX software bills of materials (SBOMs).

Features

This collection provides:

  • Version Discovery Workflows: Detect and capture the installed versions of common build tools — .NET SDK, GCC, MSBuild, NuGet, VSTest, and IAR EW ARM
  • SPDX Package Workflows: Add build-tool packages to an SPDX document — .NET SDK, GCC, MSBuild, NuGet, VSTest, and IAR EW ARM
  • NuGet SPDX Enhancement: Enrich an SPDX document package with metadata sourced from a NuGet package's own SPDX document
  • Multi-Platform Support: Workflows target Windows and Linux build environments
  • MSTest V4: Modern unit testing with MSTest framework version 4
  • Comprehensive CI/CD: GitHub Actions workflows with quality checks and builds

Installation

SpdxWorkflows are referenced directly by URL inside your own SpdxTool workflow YAML files. No separate installation step is required beyond having SpdxTool available.

Install SpdxTool using the .NET CLI:

dotnet tool install --global DemaConsulting.SpdxTool

Usage

Reference a workflow by supplying its versioned GitHub URL and an optional SHA-512 integrity hash to the run-workflow command:

- command: run-workflow
  inputs:
    url: 'https://github.com/demaconsulting/SpdxWorkflows/blob/0.1.0/GetDotNetVersion.yaml'
    integrity: d9c80d18f6ad6b3cbd5facb28d6c5712bc68c58ace11ebf890cfc92e0857628b
    parameters:
      <optional parameters>
    outputs:
      <optional outputs>

Replace 0.1.0 with the desired release tag. See Releases for available versions and their workflow integrity hashes.

Available Workflows

Version Discovery

These workflows detect and capture the installed version of a build tool. All version discovery workflows produce a single version output parameter.

Workflow Description Platform
GetDotNetVersion.yaml Gets the installed .NET SDK version Windows, Linux
GetGccVersion.yaml Gets the installed GCC version Linux
GetIarEwArmVersion.yaml Gets the installed IAR EW ARM version Windows
GetMsBuildVersion.yaml Gets the installed MSBuild version Windows
GetNugetVersion.yaml Gets the installed NuGet version Windows
GetNugetPackagePath.yaml Gets the path to a NuGet package in the local cache Windows
GetVsTestVersion.yaml Gets the installed VSTest version Windows

SPDX Package Addition

These workflows add a build-tool entry as a package to an existing SPDX document.

Workflow Description Platform
AddDotNetPackage.yaml Adds the .NET SDK package to an SPDX document Windows, Linux
AddGccPackage.yaml Adds the GCC package to an SPDX document Linux
AddIarEwArmPackage.yaml Adds the IAR EW ARM package to an SPDX document Windows
AddMsBuildPackage.yaml Adds the MSBuild package to an SPDX document Windows
AddNugetPackage.yaml Adds the NuGet package to an SPDX document Windows
AddVsTestPackage.yaml Adds the VSTest package to an SPDX document Windows
EnhancePackageFromNugetSpdx.yaml Enhances an SPDX package with metadata from a NuGet SPDX document Windows

For full parameter and output details see the User Guide.

Documentation

  • User Guide: Workflow parameters, outputs, and usage examples

License

Copyright (c) DEMA Consulting. Licensed under the MIT License. See LICENSE for details.

By contributing to this project, you agree that your contributions will be licensed under the MIT License.

There are no supported framework assets in this package.

Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 1,473 3/3/2026
1.0.0-rc.2 219 3/2/2026
1.0.0-rc.1 169 3/2/2026