Download the PHP package cyclonedx/cyclonedx-php-composer without Composer
On this page you can find all versions of the php package cyclonedx/cyclonedx-php-composer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download cyclonedx/cyclonedx-php-composer
More information about cyclonedx/cyclonedx-php-composer
Files in cyclonedx/cyclonedx-php-composer
Package cyclonedx-php-composer
Short Description Creates CycloneDX Software Bill-of-Materials (SBOM) from PHP Composer projects
License Apache-2.0
Homepage https://github.com/CycloneDX/cyclonedx-php-composer/#readme
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package cyclonedx-php-composer
CycloneDX PHP Composer Plugin
A plugin for PHP's Composer that generates Software Bill of Materials (SBOM) in CycloneDX format.
Based on OWASP Software Component Verification Standard for Software Bill of Materials's criteria, this tool is capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
The resulting SBOM documents follow official specifications and standards,
and might have properties following cdx:composer Namespace Taxonomy
.
Requirements
- PHP
^8.1 - Composer
^2.3
However, there are older versions of this plugin available, which
support PHP ^5.5||^7.0||^8.0
with Composer ^1.0||^2.0
.
Installation
As a global Composer plugin:
As a development dependency of the current project:
Usage
After successful installation, the Composer command CycloneDX:make-sbom is available.
Demo
For a demo of cyclonedx-php-composer see the demo projects.
How it works
This tool utilizes composer itself, to collect evidence for installed composer packages.
In terms of evidence collection, actually installed setups are preferred over pure lock file analysis.
Required evidence:
- composer config/manifest file (e.g.
composer.jsonfile) - any of:
- an actual composer setup (the result after running
composer install [...]on your project) - a working composer lock file (e.g.
composer.lockfile)
- an actual composer setup (the result after running
Internals
This tool utilizes the CycloneDX PHP library to generate the actual data structures, normalize/serializ them and validate the SBOM result.
This tool does not expose any additional public API or classes - all code is marked as @internal and might change without any notice during version upgrades.
Contributing
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details, and how to run/setup locally.
License
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
All versions of cyclonedx-php-composer with dependencies
composer-plugin-api Version ^2.3
cyclonedx/cyclonedx-library Version ^3.3
package-url/packageurl-php Version ^1.0