SCIO: Detect frozen .NuGet dependencies locked with deplock

[pombredanne]

We need to collect frozen .NuGet dependencies locked with the deplock command that will be created with:

• Create .Net lock file with dotnet restore and other built in commands dependency-inspector#11

This should use the NuGet inspector that need to be bundled in the ScanCode.io Docker image and should run as part of the inspect package pipeline

[pombredanne]

There are two ways to approach this:

• just parse the lockfile that was generated by deplock and use "built-in" dependency resolution as for npm. See for example https://github.com/nexB/nuget-inspector/blob/main/tests/data/project-json/packages.lock.json1/GenericHostConsoleApp/packages.lock.json and other data in https://github.com/nexB/nuget-inspector/tree/main/tests/data
• or use the nuget-inspector instead to get a tree

[pombredanne]

@TG1999 any update? Is this completed in ScanCode.io?

[AyanSinhaMahapatra]

This is done with:

• SCTK update: Add handler for packages.lock.json in nuget scancode-toolkit#3825 from @TG1999 and Update scancode-toolkit to v32.2.1 #1305
• SCIO update: Resolve dependencies from lockfiles #1244
• deplock update: Support lockfile generation for NuGet project dependency-inspector#21 from @keshav-space
  This is also added as a test at https://github.com/nexB/scancode.io/blob/main/scanpipe/tests/data/dependencies/resolved_dependencies_nuget.json
  Closing!