From 061f73cd636f8d2618f6fdfe187323de96eb18af Mon Sep 17 00:00:00 2001
From: Malcolm Nixon <Malcolm.nixon@gmail.com>
Date: Tue, 3 Mar 2026 10:50:01 -0500
Subject: [PATCH] Implement AdditionalComponentDetectorArgs for
 Microsoft.Sbom.Targets.

---
 src/Microsoft.Sbom.Targets/GenerateSbom.cs    |  8 ++++++
 .../GenerateSbomTask.cs                       |  1 +
 .../Microsoft.Sbom.Targets.targets            |  1 +
 src/Microsoft.Sbom.Targets/README.md          |  1 +
 src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs |  5 ++++
 .../AbstractGenerateSbomTaskTests.cs          | 27 +++++++++++++++++++
 6 files changed, 43 insertions(+)

diff --git a/src/Microsoft.Sbom.Targets/GenerateSbom.cs b/src/Microsoft.Sbom.Targets/GenerateSbom.cs
index 648f6162c..cd3d692b2 100644
--- a/src/Microsoft.Sbom.Targets/GenerateSbom.cs
+++ b/src/Microsoft.Sbom.Targets/GenerateSbom.cs
@@ -92,6 +92,14 @@ public partial class GenerateSbom
     /// </summary>
     public string ManifestDirPath { get; set; }
 
+    /// <summary>
+    /// Gets or sets additional arguments to pass to the Component Detector tool.
+    /// An appropriate usage of this would be a space-delimited list of `--key value` pairs, representing
+    /// command-line arguments. See the component-detection repository for a list of valid arguments
+    /// (https://github.com/microsoft/component-detection/blob/main/docs/detector-arguments.md).
+    /// </summary>
+    public string AdditionalComponentDetectorArgs { get; set; }
+
     /// <summary>
     /// Gets or sets the path to the SBOM CLI tool
     /// </summary>
diff --git a/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs b/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs
index 25a172e73..c30e994af 100644
--- a/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs
+++ b/src/Microsoft.Sbom.Targets/GenerateSbomTask.cs
@@ -89,6 +89,7 @@ public override bool Execute()
                 NamespaceUriUniquePart = this.NamespaceUriUniquePart,
                 DeleteManifestDirectoryIfPresent = this.DeleteManifestDirIfPresent,
                 Verbosity = ValidateAndAssignVerbosity(),
+                AdditionComponentDetectorArgs = this.AdditionalComponentDetectorArgs,
             };
 #pragma warning disable VSTHRD002 // Avoid problematic synchronous waits
             var result = System.Threading.Tasks.Task.Run(() => this.Generator.GenerateSbomAsync(
diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
index a3c547d1f..389edfbd7 100644
--- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
+++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
@@ -68,6 +68,7 @@
         Verbosity="$(SbomGenerationVerbosity)"
         ManifestInfo="$(SbomGenerationManifestInfo)"
         DeleteManifestDirIfPresent="$(SbomGenerationDeleteManifestDirIfPresent)"
+        AdditionalComponentDetectorArgs="$(SbomGenerationAdditionalComponentDetectorArgs)"
         SbomToolPath="$(SbomToolPath)"
         ContinueOnError="ErrorAndContinue">
     </GenerateSbom>
diff --git a/src/Microsoft.Sbom.Targets/README.md b/src/Microsoft.Sbom.Targets/README.md
index 11382a2ed..542a94481 100644
--- a/src/Microsoft.Sbom.Targets/README.md
+++ b/src/Microsoft.Sbom.Targets/README.md
@@ -41,6 +41,7 @@ The custom MSBuild task accepts most of the arguments available for the [SBOM CL
 | `<SbomGenerationVerbosity>`                         | `Information` | No |
 | `<SbomGenerationManifestInfo>`                      | `SPDX:2.2` | No |
 | `<SbomGenerationDeleteManifestDirIfPresent>`        | `true` | No |
+| `<SbomGenerationAdditionalComponentDetectorArgs>`   | N/A | No |
 
 ## Local SBOM Generation Workflow
 
diff --git a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
index a810c7480..6368fca2e 100644
--- a/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
+++ b/src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs
@@ -62,6 +62,11 @@ protected override string GenerateCommandLineCommands()
             builder.AppendSwitchIfNotNull("-ManifestInfo ", this.ManifestInfo);
         }
 
+        if (!string.IsNullOrWhiteSpace(this.AdditionalComponentDetectorArgs))
+        {
+            builder.AppendSwitchIfNotNull("-AdditionalComponentDetectorArgs ", this.AdditionalComponentDetectorArgs);
+        }
+
         return builder.ToString();
     }
 
diff --git a/test/Microsoft.Sbom.Targets.Tests/AbstractGenerateSbomTaskTests.cs b/test/Microsoft.Sbom.Targets.Tests/AbstractGenerateSbomTaskTests.cs
index 7fbbc1964..256c67216 100644
--- a/test/Microsoft.Sbom.Targets.Tests/AbstractGenerateSbomTaskTests.cs
+++ b/test/Microsoft.Sbom.Targets.Tests/AbstractGenerateSbomTaskTests.cs
@@ -355,6 +355,33 @@ public void Sbom_Generation_Fails_With_NotFound_ManifestDirPath()
         Assert.IsFalse(Directory.Exists(DefaultManifestDirectory));
     }
 
+    [TestMethod]
+    public void Sbom_Is_Successfully_Generated_With_AdditionalComponentDetectorArgs()
+    {
+        // Arrange
+        var task = new GenerateSbom
+        {
+            BuildDropPath = TestBuildDropPath,
+            PackageSupplier = PackageSupplier,
+            PackageName = PackageName,
+            PackageVersion = PackageVersion,
+            NamespaceBaseUri = NamespaceBaseUri,
+            AdditionalComponentDetectorArgs = "--DirectoryExclusionList **/test/**",
+            BuildEngine = this.BuildEngine.Object,
+            ManifestInfo = this.SbomSpecification,
+#if NET472
+            SbomToolPath = SbomToolPath,
+#endif
+        };
+
+        // Act
+        var result = task.Execute();
+
+        // Assert
+        Assert.IsTrue(result);
+        this.GeneratedSbomValidator.AssertSbomIsValid(this.ManifestPath, TestBuildDropPath, PackageName, PackageVersion, PackageSupplier, NamespaceBaseUri);
+    }
+
     [TestMethod]
     public void Sbom_Is_Successfully_Generated_With_Component_Path()
     {