GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CycloneDX → cyclonedx-php-composer

CycloneDX / cyclonedx-php-composer

Licence: Apache-2.0 license
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

composerowaspbomcomposer-pluginvexspdxbill-of-materialssoftware-bill-of-materialspurlpackage-urlsbomcyclonedxsbom-generatorobommbomsaasbom

Projects that are alternatives of or similar to cyclonedx-php-composer

cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (+450%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (+670%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-python
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.
Stars: ✭ 78 (+290%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-maven-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Stars: ✭ 103 (+415%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
specification
Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
Stars: ✭ 129 (+545%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, sbom, cyclonedx, obom, mbom, saasbom
cyclonedx-gomod
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Stars: ✭ 27 (+35%)
Mutual labels:  owasp, bom, vex, bill-of-materials, software-bill-of-materials, sbom, sbom-generator, obom, mbom, saasbom
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Stars: ✭ 66 (+230%)
Mutual labels:  spdx, purl, package-url, cyclonedx
cyclonedx-node-module
creates CycloneDX Software Bill of Materials (SBOM) from node-based projects
Stars: ✭ 104 (+420%)
Mutual labels:  bom, software-bill-of-materials, sbom, cyclonedx
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+1630%)
Mutual labels:  vex, sbom, cyclonedx
awesome-sbom
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
Stars: ✭ 164 (+720%)
Mutual labels:  software-bill-of-materials, sbom, sbom-generator
SBOM
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
Stars: ✭ 38 (+90%)
Mutual labels:  bill-of-materials, sbom, sbom-generator
cdxgen
Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.
Stars: ✭ 75 (+275%)
Mutual labels:  bom, sbom, cyclonedx
Composer Patches
Applies a patch from a local or remote file to any package that is part of a given composer project. Patches can be defined both on project and on package level. Optional support for patch versioning, sequencing, custom patch applier configuration and composer command for testing/troubleshooting patches.
Stars: ✭ 196 (+880%)
Mutual labels:  composer, composer-plugin
Composer Preload
Preload your sweet sweet code to opcache with a composer command, making your code faster to run.
Stars: ✭ 173 (+765%)
Mutual labels:  composer, composer-plugin
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+6205%)
Mutual labels:  sbom, sbom-generator
Private Composer Installer
Composer install helper outsourcing sensitive keys from the package URL into environment variables
Stars: ✭ 168 (+740%)
Mutual labels:  composer, composer-plugin
packageurl-swift
Swift implementation of the package url spec
Stars: ✭ 21 (+5%)
Mutual labels:  purl, package-url
composer-velocita
Velocita - Composer plugin for transparent caching
Stars: ✭ 26 (+30%)
Mutual labels:  composer, composer-plugin
composer-repl
A REPL for PHP built into Composer (using PsySH)
Stars: ✭ 81 (+305%)
Mutual labels:  composer, composer-plugin
composer-patches-plugin
Plugin for composer to apply patches onto dependencies.
Stars: ✭ 75 (+275%)
Mutual labels:  composer, composer-plugin
View All Similar Projects ➔

shield_gh-workflow-test shield_packagist-version shield_license
shield_website shield_slack shield_groups shield_twitter-follow

CycloneDX PHP Composer Plugin

A plugin for PHP's Composer that generates Software Bill of Materials (SBoM) in CycloneDX format.

Requirements

The latest version of this plugin supports PHP ^7.3||^8.0 with Composer ^2.0 .

There are older versions of this plugin available, which support PHP ^5.5||^7.0||^8.0 with Composer ^1.0||^2.0 .

Installation

Install via composer:

composer require --dev cyclonedx/cyclonedx-php-composer

Usage

After successful installation, the composer command make-bom is available.

$ composer make-bom -h
Usage:
  make-bom [options] [--] [<composer-file>]

Arguments:
  composer-file                      Path to composer config file.
                                     Defaults to "composer.json" file in working directory.

Options:
      --output-format=OUTPUT-FORMAT  Which output format to use.
                                     Values: "XML", "JSON" [default: "XML"]
      --output-file=OUTPUT-FILE      Path to the output file.
                                     Set to "-" to write to STDOUT.
                                     Depending on the output-format, default is one of: "bom.xml", "bom.json"
      --exclude-dev                  Exclude dev dependencies
      --exclude-plugins              Exclude composer plugins
      --spec-version=SPEC-VERSION    Which version of CycloneDX spec to use.
                                     Values: "1.1", "1.2", "1.3" [default: "1.3"]
      --no-validate                  Don't validate the resulting output
      --mc-version=MC-VERSION        Version of the main component.
                                     This will override auto-detection.
      --no-version-normalization     Don't normalize component version strings.
                                     Per default this plugin will normalize version strings by stripping leading "v".
                                     This is a compatibility-switch. The next major-version of this plugin will not modify component versions.
  -h, --help                         Display this help message
  -q, --quiet                        Do not output any message
  -V, --version                      Display this application version
      --ansi                         Force ANSI output
      --no-ansi                      Disable ANSI output
  -n, --no-interaction               Do not ask any interactive question
      --profile                      Display timing and memory usage information
      --no-plugins                   Whether to disable plugins.
  -d, --working-dir=WORKING-DIR      If specified, use the given directory as working directory.
      --no-cache                     Prevent use of the cache
  -v|vv|vvv, --verbose               Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Help:
  Generate a CycloneDX Bill of Materials

Demo

For a demo of cyclonedx-php-composer see the demo project.

Internals

This Composer-Plugin utilizes the CycloneDX library to generate the actual data structures.

This Composer-Plugin does not expose any additional public api or classes - all code is marked as @internal and might change without any notice during version upgrades.

Contributing

Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].