cyclonedx / cyclonedx-library
Work with CycloneDX documents.
Fund package maintenance!
Other
Installs: 810 457
Dependents: 3
Suggesters: 0
Security: 0
Stars: 7
Watchers: 5
Forks: 0
Open Issues: 16
Requires
- php: ^8.1
- ext-dom: *
- ext-json: *
- ext-libxml: *
- composer/spdx-licenses: ^1.5
- opis/json-schema: ^2.0
- package-url/packageurl-php: ^1.0
Requires (Dev)
- ext-simplexml: *
- roave/security-advisories: dev-latest
- dev-master / 3.x-dev
- v3.5.0
- v3.4.2
- v3.4.1
- v3.4.0
- v3.3.1
- v3.3.0
- v3.2.0
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.2
- v3.0.1
- v3.0.0
- 2.x-dev
- v2.3.0
- v2.2.0
- v2.1.2
- v2.1.1
- v2.1.0
- v2.0.0
- v2.0.0-RC1
- 1.x-dev
- v1.6.3
- v1.6.2
- v1.6.1
- v1.6.0
- v1.5.0
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.1
- v1.3.0
- v1.2.0
- v1.1.0
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0
- dev-dependabot/composer/tools/phpmd/symfony/config-lt-8
- dev-feat/cdx1.6.1
- dev-ci/move-coverage
- dev-readonly-public-access-no-getter
- dev-readonly-prop
- dev-copy-paste-detection
- dev-json-normalizer-no-AssocArray-but-stdClass
This package is auto-updated.
Last update: 2024-11-18 09:01:06 UTC
README
Work with CycloneDX documents.
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard
that provides advanced supply chain capabilities for cyber risk reduction.
Responsibilities
- Provide a general purpose php-implementation of CycloneDX.
- Provide phpDoc3- & psalm-compatible annotations for said implementation, so developers and dev-tools can rely on it.
- Provide data models to work with CycloneDX.
- Provide a JSON- and an XML-normalizer, that...
- supports all shipped data models.
- respects any injected CycloneDX Specification and generates valid output according to it.
- can prepare data structures for JSON- and XML-serialization.
- Serialization:
- Provide a JSON-serializer.
- Provide an XML-serializer.
- Validation against CycloneDX Specification:
- Provide a JSON-validator.
- Provide an XML-validator.
- Provide composer-based autoloading for downstream usage.
Capabilities
- Enums for the following use cases:
ComponentType
ExternalReferenceType
HashAlgorithm
LicenseAcknowledgement
- Data models for the following use cases:
Bom
BomRef
,BomRefRepository
Component
,ComponentRepository
,ComponentEvidence
ExternalReference
,ExternalReferenceRepository
HashDictionary
LicenseExpression
,NamedLicense
,SpdxLicense
,LicenseRepository
Metadata
Property
,PropertyRepository
Tool
,ToolRepository
- Utilities for the following use cases:
- Generate valid random SerialNumbers for
Bom.serialNumber
- Generate valid random SerialNumbers for
- Factories for the following use cases:
- Create data models from any license descriptor string
- Implementation of the CycloneDX Specification for the following versions:
1.6
1.5
1.4
1.3
1.2
1.1
- Normalizers that convert data models to JSON structures
- Normalizers that convert data models to XML structures
- Serializer that converts
Bom
data models to JSON string - Serializer that converts
Bom
data models to XML string - Validator that checks JSON against CycloneDX Specification
- Validator that checks XML against CycloneDX Specification
Installation
Install via composer:
composer require cyclonedx/cyclonedx-library
Usage
See extended examples.
$bom = new \CycloneDX\Core\Models\Bom(); $bom->getComponents()->addItems( new \CycloneDX\Core\Models\Component( \CycloneDX\Core\Enums\ComponentType::Library, 'myComponent' ) );
API Documentation
We ship code annotations, so that your IDE and tools may pick up the documentation when you use this library downstream.
There are also pre-rendered documentations hosted on readthedocs.
Additionally, there is a prepared config for phpDoc3 that you can use to generate the docs for yourself.
Conflicts
Due to the fact that this library was split out of /src/Core
of cyclonedx-php-composer (346e6200fb2f5086061b15c2ee44f540893ce97d)
it will conflict with its original source: cyclonedx/cyclonedx-php-composer:<3.5
.
Contributing
Feel free to open issues, bug reports or pull requests.
See the CONTRIBUTING file for details.
License
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.