Ability to upload nuget package with build info to the JFrog artifactory | Feature Requests | harness

Ability to upload nuget package with build info to the JFrog artifactory

pending feedback

Purple Lungfish

We are building various nuget packages using the Microsoft .Net 6.0,7.0 and 8.0. The package is pushed via JFrog connector that doesn't contain the nuget build info. This is a critical requirement for the Jfrog Xray SCA scan.
Here are the build info details that provided by the JFrog. We need to pass along the build info while running and uploading to Artifactory. Build info is JFrog source to identify dependencies. Xray will request for the build-info, which contains the list of artifacts and dependencies to scan. Using this information, whatever the build info is able to pick up during the build process, Xray can attempt to match "transitive dependencies" and include it in the analysis. You can find more information on it below:
https://www.buildinfo.org/
And an npm/donet example of build passing the build info:
https://github.com/jfrog/project-examples/tree/master/npm-example
https://github.com/jfrog/project-examples/tree/master/msbuild-example

June 12, 2025

Nofar Bluestein

marked this post as

pending feedback

Nofar Bluestein

Hey, 
we have support for publishing build info such as build_name, build_number and  targetProps. is this what you are looking for?
Please see documentation :  
https://developer.harness.io/docs/continuous-integration/use-ci/build-and-upload-artifacts/upload-artifacts/upload-artifacts-to-jfrog/#publish-build-metadata-to-jfrog-artifactory-artifact
Regards, 
Nofar Bluestein 
CI product team