PHPackages cyclonedx/cyclonedx-library - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. cyclonedx/cyclonedx-library ActiveLibrary[Validation & Sanitization](/categories/validation) cyclonedx/cyclonedx-library =========================== Work with CycloneDX documents. v4.0.0(3mo ago)131.6M↑20.2%[15 issues](https://github.com/CycloneDX/cyclonedx-php-library/issues)[8 PRs](https://github.com/CycloneDX/cyclonedx-php-library/pulls)4Apache-2.0PHPPHP ^8.1CI failing Since Oct 7Pushed 1mo ago3 watchersCompare [ Source](https://github.com/CycloneDX/cyclonedx-php-library)[ Packagist](https://packagist.org/packages/cyclonedx/cyclonedx-library)[ Docs](https://github.com/CycloneDX/cyclonedx-php-library/#readme)[ Fund](https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX)[ RSS](/packages/cyclonedx-cyclonedx-library/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (69)Used By (4) CycloneDX PHP Library ===================== [](#cyclonedx-php-library) [![shield_packagist-version](https://camo.githubusercontent.com/c5058eb5f52e735e0774e80ae2e118dc3f5a9969ac497c36d9275dbb2c13c1fe/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6379636c6f6e6564782f6379636c6f6e6564782d6c6962726172793f6c6f676f3d5061636b6167697374266c6f676f436f6c6f723d7768697465 "packagist")](https://packagist.org/packages/cyclonedx/cyclonedx-library)[![shield_rtfd](https://camo.githubusercontent.com/328ad217c49af6807e2000ec299082434dcc5d115cdbe47ecde14fd6fa8f7cae/68747470733a2f2f696d672e736869656c64732e696f2f72656164746865646f63732f6379636c6f6e6564782d7068702d6c6962726172793f6c6f676f3d72656164746865646f6373266c6f676f436f6c6f723d7768697465 "Read the Docs")](https://cyclonedx-php-library.readthedocs.io)[![shield_gh-workflow-test](https://camo.githubusercontent.com/a90f71dbe100062dbf0600b281eb68f04b2e16fdc9d87846bdbcf38beb07f979/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f4379636c6f6e6544582f6379636c6f6e6564782d7068702d6c6962726172792f7068702e796d6c3f6272616e63683d6d6173746572266c6f676f3d476974487562266c6f676f436f6c6f723d7768697465 "build")](https://github.com/CycloneDX/cyclonedx-php-library/actions/workflows/php.yml?query=branch%3Amaster)[![shield_coverage](https://camo.githubusercontent.com/5b98a1160e6047e96a03d4575fe030eb71c57fd1d7b08be014d2f7a765715ce6/68747470733a2f2f696d672e736869656c64732e696f2f636f646163792f636f7665726167652f37653536313062656533316134633939623162386566623065656162396537333f6c6f676f3d436f64616379266c6f676f436f6c6f723d7768697465 "test coverage")](https://app.codacy.com/gh/CycloneDX/cyclonedx-php-library)[![shield_shepherd](https://camo.githubusercontent.com/93bd49c8d3d59cd7679ddeb0b7aa8badac449a62d44308ed072ebeb17a908e75/68747470733a2f2f73686570686572642e6465762f6769746875622f4379636c6f6e6544582f6379636c6f6e6564782d7068702d6c6962726172792f636f7665726167652e737667 "type coverage")](https://shepherd.dev/github/CycloneDX/cyclonedx-php-library)[![shield_ossf-best-practices](https://camo.githubusercontent.com/574e806a6c45b9498df81a2aef2eec1fe76c8851f72bc8450acfd3aa1e0083d3/68747470733a2f2f696d672e736869656c64732e696f2f6369692f70657263656e746167652f373935353f6c6162656c3d4f70656e53534625323062657374253230707261637469636573 "OpenSSF best practices")](https://www.bestpractices.dev/projects/7955)[![shield_license](https://camo.githubusercontent.com/9667d4e2d76720ed17d409d34923fda372b9273d14871e92a83167b44b47eb51/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f4379636c6f6e6544582f6379636c6f6e6564782d7068702d6c6962726172793f6c6f676f3d6f70656e253230736f75726365253230696e6974696174697665266c6f676f436f6c6f723d7768697465 "license")](https://github.com/CycloneDX/cyclonedx-php-library/blob/master/LICENSE) [![shield_website](https://camo.githubusercontent.com/9905fa5ea81557b29cc02ac0400c299db5288cf953546628b6fa51a3668f234c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f68747470733a2f2f2d6379636c6f6e6564782e6f72672d626c75652e737667 "homepage")](https://cyclonedx.org/)[![shield_slack](https://camo.githubusercontent.com/29cd2597d61476e11f9bd9cd6f3603f8b78404f39706fc83c9c4a77d7c2322c5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f736c61636b2d6a6f696e2d626c75653f6c6f676f3d536c61636b266c6f676f436f6c6f723d7768697465 "slack join")](https://cyclonedx.org/slack/invite)[![shield_groups](https://camo.githubusercontent.com/76fae4f6b8172052f9331d39e5d0a47e4efa0e9c1e3480d79ccbfb70b4bf2808/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f64697363757373696f6e2d67726f7570732e696f2d626c75652e737667 "groups discussion")](https://groups.io/g/CycloneDX)[![shield_twitter-follow](https://camo.githubusercontent.com/011306690785b8ba83a328009cb8a5144db3e718ae7c6bb4955d01edde82c00a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f547769747465722d666f6c6c6f772d626c75653f6c6f676f3d54776974746572266c6f676f436f6c6f723d7768697465 "twitter follow")](https://twitter.com/CycloneDX_Spec) --- Work with [CycloneDX](https://cyclonedx.org/) documents. OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. Note This package is a software library not intended for standalone use. For generating Software Bill of Materials (SBOM), check out [CycloneDX PHP Composer Plugin](https://github.com/CycloneDX/cyclonedx-php-composer). Responsibilities ---------------- [](#responsibilities) - Provide a general purpose *php*-implementation of [*CycloneDX*](https://cyclonedx.org/). - Provide [*phpDoc3*](https://phpdoc.org/)- & [*psalm*](https://psalm.dev/)-compatible annotations for said implementation, so developers and dev-tools can rely on it. - Provide data models to work with *CycloneDX*. - Provide a JSON- and an XML-normalizer, that... - supports all shipped data models. - respects any injected [*CycloneDX* Specification](https://github.com/CycloneDX/specification/tree/master#readme) and generates valid output according to it. - can prepare data structures for JSON- and XML-serialization. - Serialization: - Provide a JSON-serializer. - Provide an XML-serializer. - Validation against *CycloneDX* Specification: - Provide a JSON-validator. - Provide an XML-validator. - Provide [*composer*-based autoloading](https://getcomposer.org/doc/01-basic-usage.md#autoloading) for downstream usage. Capabilities ------------ [](#capabilities) - Enums for the following use cases: - `ComponentType` - `ExternalReferenceType` - `HashAlgorithm` - `LicenseAcknowledgement` - Data models for the following use cases: - `Bom` - `BomRef`, `BomRefRepository` - `Component`, `ComponentRepository`, `ComponentEvidence` - `ExternalReference`, `ExternalReferenceRepository` - `HashDictionary` - `LicenseExpression`, `NamedLicense`, `SpdxLicense`, `LicenseRepository` - `Metadata` - `Property`, `PropertyRepository` - `Tool`, `ToolRepository` - Utilities for the following use cases: - Generate valid random SerialNumbers for `Bom.serialNumber` - Factories for the following use cases: - Create data models from any license descriptor string - Implementation of the [*CycloneDX* Specification](https://github.com/CycloneDX/specification/tree/master#readme) for the following versions: - `1.7` - `1.6` - `1.5` - `1.4` - `1.3` - `1.2` - `1.1` - Normalizers that convert data models to JSON structures - Normalizers that convert data models to XML structures - Serializer that converts `Bom` data models to JSON string - Serializer that converts `Bom` data models to XML string - Validator that checks JSON against *CycloneDX* Specification - Validator that checks XML against *CycloneDX* Specification Installation ------------ [](#installation) Install via composer: ``` composer require cyclonedx/cyclonedx-library ``` Usage ----- [](#usage) See extended [examples](https://github.com/CycloneDX/cyclonedx-php-library/tree/master/examples). ``` $bom = new \CycloneDX\Core\Models\Bom(); $bom->getComponents()->addItems( new \CycloneDX\Core\Models\Component( \CycloneDX\Core\Enums\ComponentType::Library, 'myComponent' ) ); ``` API Documentation ----------------- [](#api-documentation) We ship code annotations, so that your IDE and tools may pick up the documentation when you use this library downstream. There are also pre-rendered documentations hosted on [readthedocs](https://cyclonedx-php-library.readthedocs.io). Additionally, there is a prepared config for [*phpDoc3*](https://docs.phpdoc.org/guide/getting-started/index.html)that you can use to generate the docs for yourself. Conflicts --------- [](#conflicts) Due to the fact that this library was split out of [`/src/Core` of cyclonedx-php-composer (346e6200fb2f5086061b15c2ee44f540893ce97d)](https://github.com/CycloneDX/cyclonedx-php-composer/tree/346e6200fb2f5086061b15c2ee44f540893ce97d/src/Core)it will conflict with its original source: `cyclonedx/cyclonedx-php-composer: