cyclonedx-php-composer
cyclonedx-php-composer copied to clipboard
CycloneDX
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
## background CycloneDX supports "tags" - These "tags" are the equivalent of composer's "keywords" - ## request poppulate `components[].tags` based on composer manifest's `keywords`.
## Is your feature request related to a problem? Please describe. Per CycloneDX specification, the components' scope means - "required": The component is required for runtime - "optional": The component...
Extraneous dependencies and platform requirements should be marked as such. Relevant CycloneDX specification: https://github.com/CycloneDX/specification/issues/321 How this is specified in composer: > The following types of platform packages exist and can...
how is the dependency graph with "virtual packages" or dependency to capabilities? see https://getcomposer.org/doc/04-schema.md#provide these relations should result in a relation in the dependency graph. example: package `A` depends on...
:mag_right: track the effort of integrating CycloneDX SBOM in `composer` - initial feature request: 1. https://github.com/composer/composer/issues/8251 1. https://github.com/composer/composer/issues/11693 - possible implementation: TBD - released via: TBD
## Is your feature request related to a problem? Please describe. on CI, i always need to have a php composer available in order to create an SBOM of a...
**:mega: please discuss the options and expectations in the comments below** ---- ## Is your feature request related to a problem? Please describe. CycloneDX spec 1.5 brought `metadata.lifecycles`, with allowes...
## Is your feature request related to a problem? Please describe. If a BOM was generated as reproducible, this should be easily visible from the BOM. Therefore, https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/70 exists ##...
currently the code of `CycloneDX\Composer\Plugin` is not integration-testable in a good way, and needs some love. since the whole code is marked as `@internal` a refactoring can be done without...
the project: https://app.codacy.com/gh/CycloneDX/cyclonedx-php-composer/dashboard generate coverge on demo runner tests upload test results upload test coverge on pullrequest on tag "v*"