CycloneDX SBOM (Software Bill of Materials) parser for PHP 8.3+. Supports CycloneDX 1.4+ specifications including components, vulnerabilities, and metadata with full immutable entity design using Valinor for type mapping.
use mteu\SbomParser\Parser\CycloneDxParser;
$parser = new CycloneDxParser();
$bom = $parser->parseFromFile('/path/to/sbom.json');
// Access components and vulnerabilities
$components = $bom->getAllComponents();
$vulnerabilities = $bom->vulnerabilities;See detailed documentation for complete usage examples and API reference.
Contributions are very welcome! Please have a look at the Contribution Guide. It lays out the workflow of submitting new features or bugfixes.
Please refer to our security policy if you discover a security vulnerability in this extension. Be warned, though. I cannot afford bounty. This is private project.
This extension is licensed under the GPL-3.0-or-later license.
For issues and feature requests, please use the GitHub issue tracker.