feat: add initial dotnet-support (#951)

* feat: add initial dotnet-support

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add path, sha512 and hashpath

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: add missing dot

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix: lint warnings

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* fix CLI test package counts to account for dotnet

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix: updated packagurl-go

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

* tidy go.sum

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update json schema

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

Co-authored-by: Alex Goodman <alex.goodman@anchore.com>

README.md

@@ -31,6 +31,7 @@ A CLI tool and Go library for generating a Software Bill of Materials (SBOM) fro
 - Alpine (apk)
 - Dart (pubs)
 - Debian (dpkg)
+- Dotnet (deps.json)
 - Go (go.mod, Go binaries)
 - Java (jar, ear, war, par, sar)
 - JavaScript (npm, yarn)

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/anchore/go-rpmdb v0.0.0-20210914181456-a9c52348da63
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
-	github.com/anchore/packageurl-go v0.1.1-0.20220314153042-1bcd40e5206b
+	github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7
 	github.com/anchore/stereoscope v0.0.0-20220406160859-c03a18a6b270
 	github.com/antihax/optional v1.0.0
 	github.com/bmatcuk/doublestar/v4 v4.0.2

go.sum

@@ -272,8 +272,8 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/packageurl-go v0.1.1-0.20220314153042-1bcd40e5206b h1:YJWYt/6KQXR9JR46lLHrTTYi8rcye42tKcyjREA/hvA=
-github.com/anchore/packageurl-go v0.1.1-0.20220314153042-1bcd40e5206b/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
+github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTSM9uIxaX/P9s0F4nKYNM+hnSgLJdLpqvsaQ/g=
+github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/stereoscope v0.0.0-20220406160859-c03a18a6b270 h1:NmxPDR6vo3xjwCL6o+tpF1vUad/BVo+WaVSwueB9W9w=
 github.com/anchore/stereoscope v0.0.0-20220406160859-c03a18a6b270/go.mod h1:yoCLUZY0k/pYLNIy0L80p2Ko0PKVNXm8rHtgxp4OiSc=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=

internal/constants.go

@@ -6,5 +6,5 @@ const (
 
 	// JSONSchemaVersion is the current schema version output by the JSON encoder
 	// This is roughly following the "SchemaVer" guidelines for versioning the JSON schema. Please see schema/json/README.md for details on how to increment.
-	JSONSchemaVersion = "3.2.2"
+	JSONSchemaVersion = "3.2.3"
 )

internal/formats/common/spdxhelpers/source_info.go

@@ -17,6 +17,8 @@ func SourceInfo(p pkg.Package) string {
 		answer = "acquired package info from pubspec manifest"
 	case pkg.DebPkg:
 		answer = "acquired package info from DPKG DB"
+	case pkg.DotnetPkg:
+		answer = "acquired package info from dotnet project assets file"
 	case pkg.NpmPkg:
 		answer = "acquired package info from installed node module manifest file"
 	case pkg.PythonPkg:

internal/formats/common/spdxhelpers/source_info_test.go

@@ -134,6 +134,14 @@ func Test_SourceInfo(t *testing.T) {
 				"from pubspec manifest",
 			},
 		},
+		{
+			input: pkg.Package{
+				Type: pkg.DotnetPkg,
+			},
+			expected: []string{
+				"from dotnet project assets file",
+			},
+		},
 	}
 	var pkgTypes []pkg.Type
 	for _, test := range tests {

internal/formats/syftjson/model/package.go

@@ -136,6 +136,12 @@ func (p *Package) UnmarshalJSON(b []byte) error {
 			return err
 		}
 		p.Metadata = payload
+	case pkg.DotnetDepsMetadataType:
+		var payload pkg.DotnetDepsMetadata
+		if err := json.Unmarshal(unpacker.Metadata, &payload); err != nil {
+			return err
+		}
+		p.Metadata = payload
 	default:
 		log.Warnf("unknown package metadata type=%q for packageID=%q", p.MetadataType, p.ID)
 	}

internal/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden

@@ -88,7 +88,7 @@
   }
  },
  "schema": {
-  "version": "3.2.2",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.2.json"
+  "version": "3.2.3",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
  }
 }

internal/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden

@@ -184,7 +184,7 @@
   }
  },
  "schema": {
-  "version": "3.2.2",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.2.json"
+  "version": "3.2.3",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
  }
 }

internal/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden

@@ -111,7 +111,7 @@
   }
  },
  "schema": {
-  "version": "3.2.2",
-  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.2.json"
+  "version": "3.2.3",
+  "url": "https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-3.2.3.json"
  }
 }

schema/json/generate.go

@@ -38,6 +38,7 @@ type artifactMetadataContainer struct {
 	Go     pkg.GolangBinMetadata
 	Php    pkg.PhpComposerJSONMetadata
 	Dart   pkg.DartPubMetadata
+	Dotnet pkg.DotnetDepsMetadata
 }
 
 func main() {

syft/pkg/cataloger/cataloger.go

@@ -11,6 +11,7 @@ import (
 	"github.com/anchore/syft/syft/pkg/cataloger/apkdb"
 	"github.com/anchore/syft/syft/pkg/cataloger/dart"
 	"github.com/anchore/syft/syft/pkg/cataloger/deb"
+	"github.com/anchore/syft/syft/pkg/cataloger/dotnet"
 	"github.com/anchore/syft/syft/pkg/cataloger/golang"
 	"github.com/anchore/syft/syft/pkg/cataloger/java"
 	"github.com/anchore/syft/syft/pkg/cataloger/javascript"
@@ -44,6 +45,7 @@ func ImageCatalogers(cfg Config) []Cataloger {
 		java.NewJavaCataloger(cfg.Java()),
 		apkdb.NewApkdbCataloger(),
 		golang.NewGoModuleBinaryCataloger(),
+		dotnet.NewDotnetDepsCataloger(),
 	}
 }
 
@@ -63,6 +65,7 @@ func DirectoryCatalogers(cfg Config) []Cataloger {
 		golang.NewGoModFileCataloger(),
 		rust.NewCargoLockCataloger(),
 		dart.NewPubspecLockCataloger(),
+		dotnet.NewDotnetDepsCataloger(),
 	}
 }
 
@@ -83,5 +86,6 @@ func AllCatalogers(cfg Config) []Cataloger {
 		golang.NewGoModFileCataloger(),
 		rust.NewCargoLockCataloger(),
 		dart.NewPubspecLockCataloger(),
+		dotnet.NewDotnetDepsCataloger(),
 	}
 }

syft/pkg/cataloger/dotnet/cataloger.go

@@ -0,0 +1,14 @@
+package dotnet
+
+import (
+	"github.com/anchore/syft/syft/pkg/cataloger/common"
+)
+
+// NewDotnetDepsCataloger returns a new Dotnet cataloger object base on deps json files.
+func NewDotnetDepsCataloger() *common.GenericCataloger {
+	globParsers := map[string]common.ParserFn{
+		"**/*.deps.json": parseDotnetDeps,
+	}
+
+	return common.NewGenericCataloger(nil, globParsers, "dotnet-deps-cataloger")
+}

syft/pkg/cataloger/dotnet/parse_dotnet_deps.go

@@ -0,0 +1,72 @@
+package dotnet
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/anchore/syft/syft/artifact"
+	"github.com/anchore/syft/syft/pkg"
+	"github.com/anchore/syft/syft/pkg/cataloger/common"
+)
+
+// integrity check
+var _ common.ParserFn = parseDotnetDeps
+
+type dotnetDeps struct {
+	Libraries map[string]dotnetDepsLibrary `json:"libraries"`
+}
+
+type dotnetDepsLibrary struct {
+	Type     string `json:"type"`
+	Path     string `json:"path"`
+	Sha512   string `json:"sha512"`
+	HashPath string `json:"hashPath"`
+}
+
+func parseDotnetDeps(path string, reader io.Reader) ([]*pkg.Package, []artifact.Relationship, error) {
+	var packages []*pkg.Package
+
+	dec := json.NewDecoder(reader)
+
+	var p dotnetDeps
+	if err := dec.Decode(&p); err != nil {
+		return nil, nil, fmt.Errorf("failed to parse deps.json file: %w", err)
+	}
+
+	for nameVersion, lib := range p.Libraries {
+		dotnetPkg := newDotnetDepsPackage(nameVersion, lib)
+
+		if dotnetPkg != nil {
+			packages = append(packages, dotnetPkg)
+		}
+	}
+
+	return packages, nil, nil
+}
+
+func newDotnetDepsPackage(nameVersion string, lib dotnetDepsLibrary) *pkg.Package {
+	if lib.Type != "package" {
+		return nil
+	}
+
+	splitted := strings.Split(nameVersion, "/")
+	name := splitted[0]
+	version := splitted[1]
+
+	return &pkg.Package{
+		Name:         name,
+		Version:      version,
+		Language:     pkg.Dotnet,
+		Type:         pkg.DotnetPkg,
+		MetadataType: pkg.DotnetDepsMetadataType,
+		Metadata: &pkg.DotnetDepsMetadata{
+			Name:     name,
+			Version:  version,
+			Path:     lib.Path,
+			Sha512:   lib.Sha512,
+			HashPath: lib.HashPath,
+		},
+	}
+}

syft/pkg/cataloger/dotnet/parse_dotnet_deps_test.go

@@ -0,0 +1,199 @@
+package dotnet
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/anchore/syft/syft/pkg"
+)
+
+func assertPackagesEqual(t *testing.T, actual []*pkg.Package, expected map[string]*pkg.Package) {
+	assert.Len(t, actual, len(expected))
+}
+
+func TestParseDotnetDeps(t *testing.T) {
+	expected := map[string]*pkg.Package{
+		"AWSSDK.Core": {
+			Name:         "AWSSDK.Core",
+			Version:      "3.7.10.6",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "AWSSDK.Core",
+				Version:  "3.7.10.6",
+				Sha512:   "sha512-kHBB+QmosVaG6DpngXQ8OlLVVNMzltNITfsRr68Z90qO7dSqJ2EHNd8dtBU1u3AQQLqqFHOY0lfmbpexeH6Pew==",
+				Path:     "awssdk.core/3.7.10.6",
+				HashPath: "awssdk.core.3.7.10.6.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.DependencyInjection": {
+			Name:         "Microsoft.Extensions.DependencyInjection",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.DependencyInjection",
+				Version:  "6.0.0",
+				Sha512:   "sha512-k6PWQMuoBDGGHOQTtyois2u4AwyVcIwL2LaSLlTZQm2CYcJ1pxbt6jfAnpWmzENA/wfrYRI/X9DTLoUkE4AsLw==",
+				Path:     "microsoft.extensions.dependencyinjection/6.0.0",
+				HashPath: "microsoft.extensions.dependencyinjection.6.0.0.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.DependencyInjection.Abstractions": {
+			Name:         "Microsoft.Extensions.DependencyInjection.Abstractions",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.DependencyInjection",
+				Version:  "6.0.0",
+				Sha512:   "sha512-xlzi2IYREJH3/m6+lUrQlujzX8wDitm4QGnUu6kUXTQAWPuZY8i+ticFJbzfqaetLA6KR/rO6Ew/HuYD+bxifg==",
+				Path:     "microsoft.extensions.dependencyinjection.abstractions/6.0.0",
+				HashPath: "microsoft.extensions.dependencyinjection.abstractions.6.0.0.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.Logging": {
+			Name:         "Microsoft.Extensions.Logging",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.Logging",
+				Version:  "6.0.0",
+				Sha512:   "sha512-eIbyj40QDg1NDz0HBW0S5f3wrLVnKWnDJ/JtZ+yJDFnDj90VoPuoPmFkeaXrtu+0cKm5GRAwoDf+dBWXK0TUdg==",
+				Path:     "microsoft.extensions.logging/6.0.0",
+				HashPath: "microsoft.extensions.logging.6.0.0.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.Logging.Abstractions": {
+			Name:         "Microsoft.Extensions.Logging.Abstractions",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.Logging",
+				Version:  "6.0.0",
+				Sha512:   "sha512-/HggWBbTwy8TgebGSX5DBZ24ndhzi93sHUBDvP1IxbZD7FDokYzdAr6+vbWGjw2XAfR2EJ1sfKUotpjHnFWPxA==",
+				Path:     "microsoft.extensions.logging.abstractions/6.0.0",
+				HashPath: "microsoft.extensions.logging.abstractions.6.0.0.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.Options": {
+			Name:         "Microsoft.Extensions.Options",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.Options",
+				Version:  "6.0.0",
+				Sha512:   "sha512-dzXN0+V1AyjOe2xcJ86Qbo233KHuLEY0njf/P2Kw8SfJU+d45HNS2ctJdnEnrWbM9Ye2eFgaC5Mj9otRMU6IsQ==",
+				Path:     "microsoft.extensions.options/6.0.0",
+				HashPath: "microsoft.extensions.options.6.0.0.nupkg.sha512",
+			},
+		},
+		"Microsoft.Extensions.Primitives": {
+			Name:         "Microsoft.Extensions.Primitives",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Microsoft.Extensions.Primitives",
+				Version:  "6.0.0",
+				Sha512:   "sha512-9+PnzmQFfEFNR9J2aDTfJGGupShHjOuGw4VUv+JB044biSHrnmCIMD+mJHmb2H7YryrfBEXDurxQ47gJZdCKNQ==",
+				Path:     "microsoft.extensions.primitives/6.0.0",
+				HashPath: "microsoft.extensions.primitives.6.0.0.nupkg.sha512",
+			},
+		},
+		"Newtonsoft.Json": {
+			Name:         "Newtonsoft.Json",
+			Version:      "13.0.1",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Newtonsoft.Json",
+				Version:  "13.0.1",
+				Sha512:   "sha512-ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==",
+				Path:     "newtonsoft.json/13.0.1",
+				HashPath: "newtonsoft.json.13.0.1.nupkg.sha512",
+			},
+		},
+		"Serilog": {
+			Name:         "Serilog",
+			Version:      "2.10.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Serilog",
+				Version:  "2.10.0",
+				Sha512:   "sha512-+QX0hmf37a0/OZLxM3wL7V6/ADvC1XihXN4Kq/p6d8lCPfgkRdiuhbWlMaFjR9Av0dy5F0+MBeDmDdRZN/YwQA==",
+				Path:     "serilog/2.10.0",
+				HashPath: "serilog.2.10.0.nupkg.sha512",
+			},
+		},
+		"Serilog.Sinks.Console": {
+			Name:         "Serilog.Sinks.Console",
+			Version:      "4.0.1",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "Serilog.Sinks.Console",
+				Version:  "4.0.1",
+				Sha512:   "sha512-apLOvSJQLlIbKlbx+Y2UDHSP05kJsV7mou+fvJoRGs/iR+jC22r8cuFVMjjfVxz/AD4B2UCltFhE1naRLXwKNw==",
+				Path:     "serilog.sinks.console/4.0.1",
+				HashPath: "serilog.sinks.console.4.0.1.nupkg.sha512",
+			},
+		},
+		"System.Diagnostics.DiagnosticSource": {
+			Name:         "System.Diagnostics.DiagnosticSource",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "System.Diagnostics.DiagnosticSource",
+				Version:  "6.0.0",
+				Sha512:   "sha512-frQDfv0rl209cKm1lnwTgFPzNigy2EKk1BS3uAvHvlBVKe5cymGyHO+Sj+NLv5VF/AhHsqPIUUwya5oV4CHMUw==",
+				Path:     "system.diagnostics.diagnosticsource/6.0.0",
+				HashPath: "system.diagnostics.diagnosticsource.6.0.0.nupkg.sha512",
+			},
+		},
+		"System.Runtime.CompilerServices.Unsafe": {
+			Name:         "System.Runtime.CompilerServices.Unsafe",
+			Version:      "6.0.0",
+			Language:     pkg.Dotnet,
+			Type:         pkg.DotnetPkg,
+			MetadataType: pkg.DotnetDepsMetadataType,
+			Metadata: pkg.DotnetDepsMetadata{
+				Name:     "System.Runtime.CompilerServices.Unsafe",
+				Version:  "6.0.0",
+				Sha512:   "sha512-/iUeP3tq1S0XdNNoMz5C9twLSrM/TH+qElHkXWaPvuNOt+99G75NrV0OS2EqHx5wMN7popYjpc8oTjC1y16DLg==",
+				Path:     "system.runtime.compilerservices.unsafe/6.0.0",
+				HashPath: "system.runtime.compilerservices.unsafe.6.0.0.nupkg.sha512",
+			},
+		},
+	}
+
+	fixture, err := os.Open("test-fixtures/TestLibrary.deps.json")
+	if err != nil {
+		t.Fatalf("failed to open fixture: %+v", err)
+	}
+
+	actual, _, err := parseDotnetDeps(fixture.Name(), fixture)
+	if err != nil {
+		t.Fatalf("failed to parse deps.json: %+v", err)
+	}
+
+	assertPackagesEqual(t, actual, expected)
+}

syft/pkg/cataloger/dotnet/test-fixtures/TestLibrary.deps.json

@@ -0,0 +1,235 @@
+{
+  "runtimeTarget": {
+    "name": ".NETCoreApp,Version=v6.0",
+    "signature": ""
+  },
+  "compilationOptions": {},
+  "targets": {
+    ".NETCoreApp,Version=v6.0": {
+      "TestLibrary/1.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection": "6.0.0",
+          "Microsoft.Extensions.Logging": "6.0.0",
+          "Newtonsoft.Json": "13.0.1",
+          "Serilog": "2.10.0",
+          "Serilog.Sinks.Console": "4.0.1",
+          "TestCommon": "1.0.0"
+        },
+        "runtime": {
+          "TestLibrary.dll": {}
+        }
+      },
+      "AWSSDK.Core/3.7.10.6": {
+        "runtime": {
+          "lib/netcoreapp3.1/AWSSDK.Core.dll": {
+            "assemblyVersion": "3.3.0.0",
+            "fileVersion": "3.7.10.6"
+          }
+        }
+      },
+      "Microsoft.Extensions.DependencyInjection/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        },
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.DependencyInjection.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.DependencyInjection.Abstractions/6.0.0": {
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.DependencyInjection.Abstractions.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Logging/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection": "6.0.0",
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Logging.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Options": "6.0.0",
+          "System.Diagnostics.DiagnosticSource": "6.0.0"
+        },
+        "runtime": {
+          "lib/netstandard2.1/Microsoft.Extensions.Logging.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Logging.Abstractions/6.0.0": {
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.Logging.Abstractions.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Options/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Primitives": "6.0.0"
+        },
+        "runtime": {
+          "lib/netstandard2.1/Microsoft.Extensions.Options.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Primitives/6.0.0": {
+        "dependencies": {
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        },
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.Primitives.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Newtonsoft.Json/13.0.1": {
+        "runtime": {
+          "lib/netstandard2.0/Newtonsoft.Json.dll": {
+            "assemblyVersion": "13.0.0.0",
+            "fileVersion": "13.0.1.25517"
+          }
+        }
+      },
+      "Serilog/2.10.0": {
+        "runtime": {
+          "lib/netstandard2.1/Serilog.dll": {
+            "assemblyVersion": "2.0.0.0",
+            "fileVersion": "2.10.0.0"
+          }
+        }
+      },
+      "Serilog.Sinks.Console/4.0.1": {
+        "dependencies": {
+          "Serilog": "2.10.0"
+        },
+        "runtime": {
+          "lib/net5.0/Serilog.Sinks.Console.dll": {
+            "assemblyVersion": "4.0.1.0",
+            "fileVersion": "4.0.1.0"
+          }
+        }
+      },
+      "System.Diagnostics.DiagnosticSource/6.0.0": {
+        "dependencies": {
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        }
+      },
+      "System.Runtime.CompilerServices.Unsafe/6.0.0": {},
+      "TestCommon/1.0.0": {
+        "dependencies": {
+          "AWSSDK.Core": "3.7.10.6"
+        },
+        "runtime": {
+          "TestCommon.dll": {}
+        }
+      }
+    }
+  },
+  "libraries": {
+    "TestLibrary/1.0.0": {
+      "type": "project",
+      "serviceable": false,
+      "sha512": ""
+    },
+    "AWSSDK.Core/3.7.10.6": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-kHBB+QmosVaG6DpngXQ8OlLVVNMzltNITfsRr68Z90qO7dSqJ2EHNd8dtBU1u3AQQLqqFHOY0lfmbpexeH6Pew==",
+      "path": "awssdk.core/3.7.10.6",
+      "hashPath": "awssdk.core.3.7.10.6.nupkg.sha512"
+    },
+    "Microsoft.Extensions.DependencyInjection/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-k6PWQMuoBDGGHOQTtyois2u4AwyVcIwL2LaSLlTZQm2CYcJ1pxbt6jfAnpWmzENA/wfrYRI/X9DTLoUkE4AsLw==",
+      "path": "microsoft.extensions.dependencyinjection/6.0.0",
+      "hashPath": "microsoft.extensions.dependencyinjection.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.DependencyInjection.Abstractions/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-xlzi2IYREJH3/m6+lUrQlujzX8wDitm4QGnUu6kUXTQAWPuZY8i+ticFJbzfqaetLA6KR/rO6Ew/HuYD+bxifg==",
+      "path": "microsoft.extensions.dependencyinjection.abstractions/6.0.0",
+      "hashPath": "microsoft.extensions.dependencyinjection.abstractions.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Logging/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-eIbyj40QDg1NDz0HBW0S5f3wrLVnKWnDJ/JtZ+yJDFnDj90VoPuoPmFkeaXrtu+0cKm5GRAwoDf+dBWXK0TUdg==",
+      "path": "microsoft.extensions.logging/6.0.0",
+      "hashPath": "microsoft.extensions.logging.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Logging.Abstractions/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-/HggWBbTwy8TgebGSX5DBZ24ndhzi93sHUBDvP1IxbZD7FDokYzdAr6+vbWGjw2XAfR2EJ1sfKUotpjHnFWPxA==",
+      "path": "microsoft.extensions.logging.abstractions/6.0.0",
+      "hashPath": "microsoft.extensions.logging.abstractions.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Options/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-dzXN0+V1AyjOe2xcJ86Qbo233KHuLEY0njf/P2Kw8SfJU+d45HNS2ctJdnEnrWbM9Ye2eFgaC5Mj9otRMU6IsQ==",
+      "path": "microsoft.extensions.options/6.0.0",
+      "hashPath": "microsoft.extensions.options.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Primitives/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-9+PnzmQFfEFNR9J2aDTfJGGupShHjOuGw4VUv+JB044biSHrnmCIMD+mJHmb2H7YryrfBEXDurxQ47gJZdCKNQ==",
+      "path": "microsoft.extensions.primitives/6.0.0",
+      "hashPath": "microsoft.extensions.primitives.6.0.0.nupkg.sha512"
+    },
+    "Newtonsoft.Json/13.0.1": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==",
+      "path": "newtonsoft.json/13.0.1",
+      "hashPath": "newtonsoft.json.13.0.1.nupkg.sha512"
+    },
+    "Serilog/2.10.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-+QX0hmf37a0/OZLxM3wL7V6/ADvC1XihXN4Kq/p6d8lCPfgkRdiuhbWlMaFjR9Av0dy5F0+MBeDmDdRZN/YwQA==",
+      "path": "serilog/2.10.0",
+      "hashPath": "serilog.2.10.0.nupkg.sha512"
+    },
+    "Serilog.Sinks.Console/4.0.1": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-apLOvSJQLlIbKlbx+Y2UDHSP05kJsV7mou+fvJoRGs/iR+jC22r8cuFVMjjfVxz/AD4B2UCltFhE1naRLXwKNw==",
+      "path": "serilog.sinks.console/4.0.1",
+      "hashPath": "serilog.sinks.console.4.0.1.nupkg.sha512"
+    },
+    "System.Diagnostics.DiagnosticSource/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-frQDfv0rl209cKm1lnwTgFPzNigy2EKk1BS3uAvHvlBVKe5cymGyHO+Sj+NLv5VF/AhHsqPIUUwya5oV4CHMUw==",
+      "path": "system.diagnostics.diagnosticsource/6.0.0",
+      "hashPath": "system.diagnostics.diagnosticsource.6.0.0.nupkg.sha512"
+    },
+    "System.Runtime.CompilerServices.Unsafe/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-/iUeP3tq1S0XdNNoMz5C9twLSrM/TH+qElHkXWaPvuNOt+99G75NrV0OS2EqHx5wMN7popYjpc8oTjC1y16DLg==",
+      "path": "system.runtime.compilerservices.unsafe/6.0.0",
+      "hashPath": "system.runtime.compilerservices.unsafe.6.0.0.nupkg.sha512"
+    },
+    "TestCommon/1.0.0": {
+      "type": "project",
+      "serviceable": false,
+      "sha512": ""
+    }
+  }
+}

syft/pkg/dotnet_deps_metadata.go

@@ -0,0 +1,27 @@
+package pkg
+
+import (
+	"github.com/anchore/packageurl-go"
+	"github.com/anchore/syft/syft/linux"
+)
+
+type DotnetDepsMetadata struct {
+	Name     string `mapstructure:"name" json:"name"`
+	Version  string `mapstructure:"version" json:"version"`
+	Path     string `mapstructure:"path" json:"path"`
+	Sha512   string `mapstructure:"sha512" json:"sha512"`
+	HashPath string `mapstructure:"hashPath" json:"hashPath"`
+}
+
+func (m DotnetDepsMetadata) PackageURL(_ *linux.Release) string {
+	var qualifiers packageurl.Qualifiers
+
+	return packageurl.NewPackageURL(
+		packageurl.TypeDotnet,
+		"",
+		m.Name,
+		m.Version,
+		qualifiers,
+		"",
+	).ToString()
+}

syft/pkg/language.go

@@ -20,6 +20,7 @@ const (
 	Go              Language = "go"
 	Rust            Language = "rust"
 	Dart            Language = "dart"
+	Dotnet          Language = "dotnet"
 )
 
 // AllLanguages is a set of all programming languages detected by syft.
@@ -32,6 +33,7 @@ var AllLanguages = []Language{
 	Go,
 	Rust,
 	Dart,
+	Dotnet,
 }
 
 // String returns the string representation of the language.
@@ -66,6 +68,8 @@ func LanguageByName(name string) Language {
 		return Rust
 	case packageurl.TypePub, string(Dart):
 		return Dart
+	case packageurl.TypeDotnet:
+		return Dotnet
 	default:
 		return UnknownLanguage
 	}

syft/pkg/language_test.go

@@ -34,6 +34,10 @@ func TestLanguageFromPURL(t *testing.T) {
 			purl: "pkg:pub/util@1.2.34",
 			want: Dart,
 		},
+		{
+			purl: "pkg:dotnet/Microsoft.CodeAnalysis.Razor@2.2.0",
+			want: Dotnet,
+		},
 		{
 			purl: "pkg:cargo/clap@2.33.0",
 			want: Rust,

syft/pkg/metadata.go

@@ -18,6 +18,7 @@ const (
 	NpmPackageJSONMetadataType   MetadataType = "NpmPackageJsonMetadata"
 	RpmdbMetadataType            MetadataType = "RpmdbMetadata"
 	DartPubMetadataType          MetadataType = "DartPubMetadata"
+	DotnetDepsMetadataType       MetadataType = "DotnetDepsMetadata"
 	PythonPackageMetadataType    MetadataType = "PythonPackageMetadata"
 	RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata"
 	KbPackageMetadataType        MetadataType = "KbPackageMetadata"
@@ -33,6 +34,7 @@ var AllMetadataTypes = []MetadataType{
 	NpmPackageJSONMetadataType,
 	RpmdbMetadataType,
 	DartPubMetadataType,
+	DotnetDepsMetadataType,
 	PythonPackageMetadataType,
 	RustCargoPackageMetadataType,
 	KbPackageMetadataType,
@@ -48,6 +50,7 @@ var MetadataTypeByName = map[MetadataType]reflect.Type{
 	NpmPackageJSONMetadataType:   reflect.TypeOf(NpmPackageJSONMetadata{}),
 	RpmdbMetadataType:            reflect.TypeOf(RpmdbMetadata{}),
 	DartPubMetadataType:          reflect.TypeOf(DartPubMetadata{}),
+	DotnetDepsMetadataType:       reflect.TypeOf(DotnetDepsMetadata{}),
 	PythonPackageMetadataType:    reflect.TypeOf(PythonPackageMetadata{}),
 	RustCargoPackageMetadataType: reflect.TypeOf(CargoMetadata{}),
 	KbPackageMetadataType:        reflect.TypeOf(KbPackageMetadata{}),

syft/pkg/type.go

@@ -21,6 +21,7 @@ const (
 	RustPkg          Type = "rust-crate"
 	KbPkg            Type = "msrc-kb"
 	DartPubPkg       Type = "dart-pub"
+	DotnetPkg        Type = "dotnet"
 )
 
 // AllPkgs represents all supported package types
@@ -38,6 +39,7 @@ var AllPkgs = []Type{
 	RustPkg,
 	KbPkg,
 	DartPubPkg,
+	DotnetPkg,
 }
 
 // PackageURLType returns the PURL package type for the current package.
@@ -65,6 +67,8 @@ func (t Type) PackageURLType() string {
 		return "cargo"
 	case DartPubPkg:
 		return packageurl.TypePub
+	case DotnetPkg:
+		return packageurl.TypeDotnet
 	default:
 		// TODO: should this be a "generic" purl type instead?
 		return ""
@@ -104,6 +108,8 @@ func TypeByName(name string) Type {
 		return RustPkg
 	case packageurl.TypePub:
 		return DartPubPkg
+	case packageurl.TypeDotnet:
+		return DotnetPkg
 	default:
 		return UnknownPkg
 	}

syft/pkg/type_test.go

@@ -51,6 +51,11 @@ func TestTypeFromPURL(t *testing.T) {
 			purl:     "pkg:pub/util@1.2.34?hosted_url=pub.hosted.org",
 			expected: DartPubPkg,
 		},
+
+		{
+			purl:     "pkg:dotnet/Microsoft.CodeAnalysis.Razor@2.2.0",
+			expected: DotnetPkg,
+		},
 		{
 			purl:     "pkg:composer/laravel/laravel@5.5.0",
 			expected: PhpComposerPkg,

syft/pkg/url_test.go

@@ -39,6 +39,20 @@ func TestPackageURL(t *testing.T) {
 			},
 			expected: "pkg:pub/name@0.2.0?hosted_url=pub.hosted.org",
 		},
+
+		{
+			name: "dotnet",
+			pkg: Package{
+				Name:    "Microsoft.CodeAnalysis.Razor",
+				Version: "2.2.0",
+				Type:    DotnetPkg,
+				Metadata: DotnetDepsMetadata{
+					Name:    "Microsoft.CodeAnalysis.Razor",
+					Version: "2.2.0",
+				},
+			},
+			expected: "pkg:dotnet/Microsoft.CodeAnalysis.Razor@2.2.0",
+		},
 		{
 			name: "python",
 			pkg: Package{

test/cli/packages_cmd_test.go

@@ -96,7 +96,7 @@ func TestPackagesCmdFlags(t *testing.T) {
 			name: "squashed-scope-flag",
 			args: []string{"packages", "-o", "json", "-s", "squashed", coverageImage},
 			assertions: []traitAssertion{
-				assertPackageCount(20),
+				assertPackageCount(32),
 				assertSuccessfulReturnCode,
 			},
 		},

test/integration/catalog_packages_cases_test.go

@@ -199,6 +199,25 @@ var dirOnlyTestCases = []testCase{
 			"analyzer":   "0.40.7",
 		},
 	},
+	{
+		name:        "find dotnet packages",
+		pkgType:     pkg.DotnetPkg,
+		pkgLanguage: pkg.Dotnet,
+		pkgInfo: map[string]string{
+			"AWSSDK.Core": "3.7.10.6",
+			"Microsoft.Extensions.DependencyInjection":              "6.0.0",
+			"Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+			"Microsoft.Extensions.Logging":                          "6.0.0",
+			"Microsoft.Extensions.Logging.Abstractions":             "6.0.0",
+			"Microsoft.Extensions.Options":                          "6.0.0",
+			"Microsoft.Extensions.Primitives":                       "6.0.0",
+			"Newtonsoft.Json":                                       "13.0.1",
+			"Serilog":                                               "2.10.0",
+			"Serilog.Sinks.Console":                                 "4.0.1",
+			"System.Diagnostics.DiagnosticSource":                   "6.0.0",
+			"System.Runtime.CompilerServices.Unsafe":                "6.0.0",
+		},
+	},
 }
 
 var commonTestCases = []testCase{

test/integration/catalog_packages_test.go

@@ -66,6 +66,7 @@ func TestPkgCoverageImage(t *testing.T) {
 	definedLanguages.Remove(pkg.Go.String())
 	definedLanguages.Remove(pkg.Rust.String())
 	definedLanguages.Remove(pkg.Dart.String())
+	definedLanguages.Remove(pkg.Dotnet.String())
 
 	observedPkgs := internal.NewStringSet()
 	definedPkgs := internal.NewStringSet()
@@ -78,6 +79,7 @@ func TestPkgCoverageImage(t *testing.T) {
 	definedPkgs.Remove(string(pkg.GoModulePkg))
 	definedPkgs.Remove(string(pkg.RustPkg))
 	definedPkgs.Remove(string(pkg.DartPubPkg))
+	definedPkgs.Remove(string(pkg.DotnetPkg))
 
 	var cases []testCase
 	cases = append(cases, commonTestCases...)

test/integration/test-fixtures/image-pkg-coverage/pkgs/dotnet/TestLibrary.deps.json

@@ -0,0 +1,235 @@
+{
+  "runtimeTarget": {
+    "name": ".NETCoreApp,Version=v6.0",
+    "signature": ""
+  },
+  "compilationOptions": {},
+  "targets": {
+    ".NETCoreApp,Version=v6.0": {
+      "TestLibrary/1.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection": "6.0.0",
+          "Microsoft.Extensions.Logging": "6.0.0",
+          "Newtonsoft.Json": "13.0.1",
+          "Serilog": "2.10.0",
+          "Serilog.Sinks.Console": "4.0.1",
+          "TestCommon": "1.0.0"
+        },
+        "runtime": {
+          "TestLibrary.dll": {}
+        }
+      },
+      "AWSSDK.Core/3.7.10.6": {
+        "runtime": {
+          "lib/netcoreapp3.1/AWSSDK.Core.dll": {
+            "assemblyVersion": "3.3.0.0",
+            "fileVersion": "3.7.10.6"
+          }
+        }
+      },
+      "Microsoft.Extensions.DependencyInjection/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        },
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.DependencyInjection.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.DependencyInjection.Abstractions/6.0.0": {
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.DependencyInjection.Abstractions.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Logging/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection": "6.0.0",
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Logging.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Options": "6.0.0",
+          "System.Diagnostics.DiagnosticSource": "6.0.0"
+        },
+        "runtime": {
+          "lib/netstandard2.1/Microsoft.Extensions.Logging.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Logging.Abstractions/6.0.0": {
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.Logging.Abstractions.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Options/6.0.0": {
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "6.0.0",
+          "Microsoft.Extensions.Primitives": "6.0.0"
+        },
+        "runtime": {
+          "lib/netstandard2.1/Microsoft.Extensions.Options.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Microsoft.Extensions.Primitives/6.0.0": {
+        "dependencies": {
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        },
+        "runtime": {
+          "lib/net6.0/Microsoft.Extensions.Primitives.dll": {
+            "assemblyVersion": "6.0.0.0",
+            "fileVersion": "6.0.21.52210"
+          }
+        }
+      },
+      "Newtonsoft.Json/13.0.1": {
+        "runtime": {
+          "lib/netstandard2.0/Newtonsoft.Json.dll": {
+            "assemblyVersion": "13.0.0.0",
+            "fileVersion": "13.0.1.25517"
+          }
+        }
+      },
+      "Serilog/2.10.0": {
+        "runtime": {
+          "lib/netstandard2.1/Serilog.dll": {
+            "assemblyVersion": "2.0.0.0",
+            "fileVersion": "2.10.0.0"
+          }
+        }
+      },
+      "Serilog.Sinks.Console/4.0.1": {
+        "dependencies": {
+          "Serilog": "2.10.0"
+        },
+        "runtime": {
+          "lib/net5.0/Serilog.Sinks.Console.dll": {
+            "assemblyVersion": "4.0.1.0",
+            "fileVersion": "4.0.1.0"
+          }
+        }
+      },
+      "System.Diagnostics.DiagnosticSource/6.0.0": {
+        "dependencies": {
+          "System.Runtime.CompilerServices.Unsafe": "6.0.0"
+        }
+      },
+      "System.Runtime.CompilerServices.Unsafe/6.0.0": {},
+      "TestCommon/1.0.0": {
+        "dependencies": {
+          "AWSSDK.Core": "3.7.10.6"
+        },
+        "runtime": {
+          "TestCommon.dll": {}
+        }
+      }
+    }
+  },
+  "libraries": {
+    "TestLibrary/1.0.0": {
+      "type": "project",
+      "serviceable": false,
+      "sha512": ""
+    },
+    "AWSSDK.Core/3.7.10.6": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-kHBB+QmosVaG6DpngXQ8OlLVVNMzltNITfsRr68Z90qO7dSqJ2EHNd8dtBU1u3AQQLqqFHOY0lfmbpexeH6Pew==",
+      "path": "awssdk.core/3.7.10.6",
+      "hashPath": "awssdk.core.3.7.10.6.nupkg.sha512"
+    },
+    "Microsoft.Extensions.DependencyInjection/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-k6PWQMuoBDGGHOQTtyois2u4AwyVcIwL2LaSLlTZQm2CYcJ1pxbt6jfAnpWmzENA/wfrYRI/X9DTLoUkE4AsLw==",
+      "path": "microsoft.extensions.dependencyinjection/6.0.0",
+      "hashPath": "microsoft.extensions.dependencyinjection.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.DependencyInjection.Abstractions/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-xlzi2IYREJH3/m6+lUrQlujzX8wDitm4QGnUu6kUXTQAWPuZY8i+ticFJbzfqaetLA6KR/rO6Ew/HuYD+bxifg==",
+      "path": "microsoft.extensions.dependencyinjection.abstractions/6.0.0",
+      "hashPath": "microsoft.extensions.dependencyinjection.abstractions.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Logging/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-eIbyj40QDg1NDz0HBW0S5f3wrLVnKWnDJ/JtZ+yJDFnDj90VoPuoPmFkeaXrtu+0cKm5GRAwoDf+dBWXK0TUdg==",
+      "path": "microsoft.extensions.logging/6.0.0",
+      "hashPath": "microsoft.extensions.logging.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Logging.Abstractions/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-/HggWBbTwy8TgebGSX5DBZ24ndhzi93sHUBDvP1IxbZD7FDokYzdAr6+vbWGjw2XAfR2EJ1sfKUotpjHnFWPxA==",
+      "path": "microsoft.extensions.logging.abstractions/6.0.0",
+      "hashPath": "microsoft.extensions.logging.abstractions.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Options/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-dzXN0+V1AyjOe2xcJ86Qbo233KHuLEY0njf/P2Kw8SfJU+d45HNS2ctJdnEnrWbM9Ye2eFgaC5Mj9otRMU6IsQ==",
+      "path": "microsoft.extensions.options/6.0.0",
+      "hashPath": "microsoft.extensions.options.6.0.0.nupkg.sha512"
+    },
+    "Microsoft.Extensions.Primitives/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-9+PnzmQFfEFNR9J2aDTfJGGupShHjOuGw4VUv+JB044biSHrnmCIMD+mJHmb2H7YryrfBEXDurxQ47gJZdCKNQ==",
+      "path": "microsoft.extensions.primitives/6.0.0",
+      "hashPath": "microsoft.extensions.primitives.6.0.0.nupkg.sha512"
+    },
+    "Newtonsoft.Json/13.0.1": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A==",
+      "path": "newtonsoft.json/13.0.1",
+      "hashPath": "newtonsoft.json.13.0.1.nupkg.sha512"
+    },
+    "Serilog/2.10.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-+QX0hmf37a0/OZLxM3wL7V6/ADvC1XihXN4Kq/p6d8lCPfgkRdiuhbWlMaFjR9Av0dy5F0+MBeDmDdRZN/YwQA==",
+      "path": "serilog/2.10.0",
+      "hashPath": "serilog.2.10.0.nupkg.sha512"
+    },
+    "Serilog.Sinks.Console/4.0.1": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-apLOvSJQLlIbKlbx+Y2UDHSP05kJsV7mou+fvJoRGs/iR+jC22r8cuFVMjjfVxz/AD4B2UCltFhE1naRLXwKNw==",
+      "path": "serilog.sinks.console/4.0.1",
+      "hashPath": "serilog.sinks.console.4.0.1.nupkg.sha512"
+    },
+    "System.Diagnostics.DiagnosticSource/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-frQDfv0rl209cKm1lnwTgFPzNigy2EKk1BS3uAvHvlBVKe5cymGyHO+Sj+NLv5VF/AhHsqPIUUwya5oV4CHMUw==",
+      "path": "system.diagnostics.diagnosticsource/6.0.0",
+      "hashPath": "system.diagnostics.diagnosticsource.6.0.0.nupkg.sha512"
+    },
+    "System.Runtime.CompilerServices.Unsafe/6.0.0": {
+      "type": "package",
+      "serviceable": true,
+      "sha512": "sha512-/iUeP3tq1S0XdNNoMz5C9twLSrM/TH+qElHkXWaPvuNOt+99G75NrV0OS2EqHx5wMN7popYjpc8oTjC1y16DLg==",
+      "path": "system.runtime.compilerservices.unsafe/6.0.0",
+      "hashPath": "system.runtime.compilerservices.unsafe.6.0.0.nupkg.sha512"
+    },
+    "TestCommon/1.0.0": {
+      "type": "project",
+      "serviceable": false,
+      "sha512": ""
+    }
+  }
+}