sbominator/sbom-lib
Composer 安装命令:
composer require sbominator/sbom-lib
包简介
SBOMinator Library
README 文档
README
What it is
This library can be used as a multi-channel dependency tracker. It can parse the following files:
- Composer Lockfiles
- NPM Lockfiles
- CycloneDX SBOMs
- SPDX SBOMs
How it works
The library uses a parser interface to parse the files. You can then use the parser to get the dependency tree of the file. Dependencies are represented as a tree structure, with each node containing the name of the dependency and its version.
How to use it
Installation
Run composer require sbominator/sbom-lib to install the library.
With ddev
For easier development across machines, you can use ddev to run the project locally. You can install ddev by following the instructions at https://ddev.readthedocs.io/en/stable/#installation.
After checking out the project, you can run ddev start to start the project. Use ddev ssh to get a shell in the running container. You can then run composer install in the shell to install the dependencies.
Usage
Using the generator
Load up the generator of your choice and generate from a dependency tree.
$generator = new SpdxSBOMGenerator($dependencies); $SBOMstring = $generator->generate();
Using the scanner
Load up the scanner of your choice.
use SBOMinator\Lib\Scanner\FileScanner; /* * You can pass the maximum depth of the subdirectories to scan (default is 10) * and an array of file extensions to scan for. (If you want to work with all available parsers, you can use the default ['json', 'lock']) */ $fileScanner = new FileScanner(10, ['json', 'lock']);
Scan a directory
Use the scanForDependencies() method to scan a directory for files that the scanner supports.
$dependencies = $fileScanner->scanForDependencies(getcwd());
Using the parser
Load up the parser of your choice.
use SBOMinator\Parser\ComposerParser; $parser = new ComposerParser(); // You can omit dev packages if you want by calling withoutDevPackages() on the parser. $parser = (new ComposerParser())->withoutDevPackages();
Parse a file that the parser supports
You can pass a file path to the parser:
$parser->loadFromFile('composer.lock');
You can also pass the contents of a file as string to the parser:
$parser->loadFromString(file_get_contents('composer.lock'));
Retrieve the Dependency Tree
$dependencyTree = $parser->parseDependencies();
Contributing
please see CONTRIBUTING.md for more information.
sbominator/sbom-lib 适用场景与选型建议
sbominator/sbom-lib 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 586 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 03 月 16 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「SBOM」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 sbominator/sbom-lib 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 sbominator/sbom-lib 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 sbominator/sbom-lib 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Work with CycloneDX documents.
Creates CycloneDX Software Bill-of-Materials (SBOM) from PHP Composer projects
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Contao CMS integrity check for some files
A PHP security linter to detect insecure functions like var_dump, print_r, and other dangerous functions in your codebase
统计信息
- 总下载量: 586
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 18
- 依赖项目数: 3
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-03-16