Work with Software Bill of Materials (SBoM) in CycloneDX format.

The branch "master" is currently in the transition to next major version: v2. See the progress in the milestone "v2"

Code of v1 is in branch "1.x"

• Provide a general purpose php-implementation of CycloneDX.
• Provide phpDoc- & psalm-typing for said implementation, so developers and dev-tools can rely on it.
• Provide data models to work with CycloneDX.
• Provide a JSON- and an XML-normalizer, that...
  • supports all shipped data models.
  • respects any injected CycloneDX Specification and generates valid output according to it.
  • can prepare data structures for JSON- and XML-serialization.
• Serialization:
  • Provide a JSON-serializer.
  • Provide a XML-serializer.
• Validation against CycloneDX Specification:
  • Provide a JSON-serializer.
  • Provide a XML-validator.
• Provide composer-based autoloading for downstream usage.

• Enums for the following use cases:
  • Classification aka ComponentType
  • ExternalReferenceType
  • HashAlgorithm
• Data models for the following use cases:
  • Bom
  • BomRef, BomRefRepository
  • Component, ComponentRepository
  • ExternalReference, ExternalReferenceRepository
  • HashDictionary
  • LicenseExpression, DisjunctiveLicenseWithName aka NamedLicense, DisjunctiveLicenseWithId aka SpdxLicense, DisjunctiveLicenseRepository
  • Metadata
  • Tool, ToolRepository
• Factories for the following use cases:
  • Create data models from any license descriptor string
• Implementation of the CycloneDX Specification for the following versions:
  • 1.4
  • 1.3
  • 1.2
  • 1.1
• Normalizers that convert data models to JSON structures
• Normalizers that convert data models to XML structures
• Serializer that converts Bom data models to JSON string
• Serializer that converts Bom data models to XML string
• Validator that checks JSON against CycloneDX Specification
• Validator that checks XML against CycloneDX Specification

Install via composer:

composer require cyclonedx/cyclonedx-library

See extended examples.

$bom = new \CycloneDX\Core\Models\Bom(); $bom->getComponents()->addItems( new \CycloneDX\Core\Models\Component( \CycloneDX\Core\Enums\Classification::LIBRARY, 'myComponent' ) );

Due to the fact that this library was split out of /src/Core of cyclonedx-php-composer (346e6200fb2f5086061b15c2ee44f540893ce97d)
it will conflict with its original source: cyclonedx/cyclonedx-php-composer:<3.5.

Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.