Download the PHP package sbominator/transformatron without Composer
On this page you can find all versions of the php package sbominator/transformatron. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download sbominator/transformatron
More information about sbominator/transformatron
Files in sbominator/transformatron
Package transformatron
Short Description A PHP library to transforms SBOMs between SPDX and CycloneDX formats
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package transformatron
SBOMinator Transformatron
A PHP library for transforming Software Bill of Materials (SBOM) between SPDX and CycloneDX formats.
Installation
Install via Composer:
Requirements
- PHP 8.0 or higher
- ext-json extension
Basic Usage
The library provides simple methods for converting between SPDX and CycloneDX formats:
CLI Usage
Transformatron can be used directly on the CLI:
The CLI tool supports the ability to automatically detect source and target versions, but they can also be specified manually:
Advanced Usage
Auto-detecting Format
The library can automatically detect the source format and convert to the specified target format:
Accessing Conversion Details
The ConversionResult object provides detailed information about the conversion:
Specialized Converters
If you need more control, you can work with the specialized converters directly:
Using the Converter
The Converter class is designed to be simple to use with sensible defaults:
Features
- Convert between SPDX 2.3 and CycloneDX 1.4 JSON formats
- Auto-detection of source formats
- Comprehensive field mapping:
- Document metadata and creation information
- Packages/Components with detailed properties
- Dependencies and relationships
- License information with support for expressions
- Hash/checksum data with multiple algorithms
- Detailed validation with warnings and errors
- Exception handling for validation and conversion errors
Supported Field Mappings
SPDX to CycloneDX
spdxVersion→specVersiondataLicense→licensename→nameSPDXID→serialNumberdocumentNamespace→documentNamespacecreationInfo→metadatapackages→componentsrelationships→dependencies
CycloneDX to SPDX
bomFormat→ (no direct mapping)specVersion→spdxVersionversion→ (no direct mapping)serialNumber→SPDXIDname→namemetadata→creationInfocomponents→packagesdependencies→relationships
Running Tests
To run the test suite:
Error Handling
The library provides two main exception types:
ValidationException: Thrown when the input JSON is invalid or required fields are missingConversionException: Thrown when the conversion process fails due to errors
Additionally, the ConversionResult class collects warnings and non-critical errors during the conversion process.
License
MIT License
Contributing
please see CONTRIBUTING.md for more information.
All versions of transformatron with dependencies
ext-json Version *