component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Publish to nuget.org

Open JamieMagee opened this issue 4 years ago • 5 comments

Currently our packages are only published to our GitHub NuGet feed^1. To make is easier for users to find and consume our packages we should publish our packages to nuget.org.

We should follow Microsoft best practices for creating NuGet packages, including package signing, before publishing to nuget.org

JamieMagee avatar Dec 18 '21 00:12 JamieMagee

@JamieMagee , is this something you can prioritize to get it done soon? The SBOM OSS project needs to use a public ADO feed to be able to consume the Component Detectors packages @aasim , @daneshbadlani

edgarrs avatar Jun 22 '22 19:06 edgarrs

I was out at a conference last week, but I will try and get this wrapped up this week.

JamieMagee avatar Jun 27 '22 22:06 JamieMagee

@JamieMagee , any chance this might happen soon? @daneshbadlani

edgarrs avatar Jul 29 '22 16:07 edgarrs

We've created the MicrosoftOpenSourceEngineeringTeam^1 organization, and reserved the Microsoft.ComponentDetection and Microsoft.ComponentDetection.* package namespaces.

JamieMagee avatar Aug 04 '22 15:08 JamieMagee

We're currently blocked on ESRP signing https://dev.azure.com/msazure/ESRPSignOnboarding/_workitems/edit/15434568

JamieMagee avatar Sep 01 '22 20:09 JamieMagee

Component Detection is now available on nuget.org https://www.nuget.org/packages/Microsoft.ComponentDetection

JamieMagee avatar Oct 05 '22 17:10 JamieMagee