PHPackages mteu/sbom-parser - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. mteu/sbom-parser ActivePackage mteu/sbom-parser ================ 0.2.0(8mo ago)0112↓100%[2 PRs](https://github.com/mteu/sbom-parser/pulls)GPL-3.0-or-laterPHPPHP ~8.3.0 || ~8.4.0CI passing Since Aug 12Pushed 1mo agoCompare [ Source](https://github.com/mteu/sbom-parser)[ Packagist](https://packagist.org/packages/mteu/sbom-parser)[ RSS](/packages/mteu-sbom-parser/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (12)Versions (7)Used By (0) [![CGL](https://github.com/mteu/sbom-parser/actions/workflows/cgl.yaml/badge.svg)](https://github.com/mteu/sbom-parser/actions/workflows/cgl.yaml)[![Tests](https://github.com/mteu/sbom-parser/actions/workflows/tests.yaml/badge.svg?branch=main)](https://github.com/mteu/sbom-parser/actions/workflows/tests.yaml)[![Coverage](https://camo.githubusercontent.com/1e8a87b554e9de2d3027d9b0cc4cc246e24198cf8572368bfd8abdb925c02ef7/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f6d7465752f73626f6d2d7061727365722f62616467652e7376673f6272616e63683d6d61696e)](https://coveralls.io/github/mteu/sbom-parser?branch=main)[![Maintainability](https://camo.githubusercontent.com/6c3c18845526f51e03e1473d1779c6ada3ca2abacf9b8e21b1825f32b18e4e60/68747470733a2f2f716c74792e73682f67682f6d7465752f70726f6a656374732f73626f6d2d7061727365722f6d61696e7461696e6162696c6974792e737667)](https://qlty.sh/gh/mteu/projects/sbom-parser)[![PHP Version Require](https://camo.githubusercontent.com/34de20027eb7772ef559242a128ca45b64d9e4f6bab0ed4722724b574bae771e/68747470733a2f2f706f7365722e707567782e6f72672f6d7465752f73626f6d2d7061727365722f726571756972652f706870)](https://packagist.org/packages/mteu/sbom-parser) CycloneDX SBOM Parser ===================== [](#cyclonedx-sbom-parser) CycloneDX SBOM (Software Bill of Materials) parser for PHP 8.3+. Supports [CycloneDX 1.4+ specifications](https://github.com/CycloneDX/specification) including components, vulnerabilities, and metadata with full immutable entity design using Valinor for type mapping. ⚡️ Quick Start -------------- [](#️-quick-start) ``` use mteu\SbomParser\Parser\CycloneDxParser; $parser = new CycloneDxParser(); $bom = $parser->parseFromFile('/path/to/sbom.json'); // Access components and vulnerabilities $components = $bom->getAllComponents(); $vulnerabilities = $bom->vulnerabilities; ``` See [detailed documentation](docs/cyclonedx-parser.md) for complete usage examples and API reference. 🤝 Contributing -------------- [](#-contributing) Contributions are very welcome! Please have a look at the [Contribution Guide](CONTRIBUTING.md). It lays out the workflow of submitting new features or bugfixes. 🔒 Security ---------- [](#-security) Please refer to our [security policy](SECURITY.md) if you discover a security vulnerability in this extension. Be warned, though. I cannot afford bounty. This is private project. ⭐ License --------- [](#-license) This extension is licensed under the [GPL-3.0-or-later](LICENSE) license. 💬 Support --------- [](#-support) For issues and feature requests, please use the [GitHub issue tracker](https://github.com/mteu/sbom-parser/issues). ### Health Score 38 — LowBetter than 85% of packages Maintenance76 Regular maintenance activity Popularity11 Limited adoption so far Community8 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 62.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 2 Last Release 264d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/876091a683280d445656ba977b7923a3824059a2808749a851e104ba14ac85bd?d=identicon)[mteu](/maintainers/mteu) --- Top Contributors [![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (121 commits)")[![mteu](https://avatars.githubusercontent.com/u/2636487?v=4)](https://github.com/mteu "mteu (72 commits)") --- Tags cyclonedxcyclonedx-sbomsbom ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/mteu-sbom-parser/health.svg) ``` [![Health](https://phpackages.com/badges/mteu-sbom-parser/health.svg)](https://phpackages.com/packages/mteu-sbom-parser) ``` ### Alternatives [kreait/firebase-php Firebase Admin SDK 2.4k39.7M72](/packages/kreait-firebase-php)[cuyz/valinor-bundle Symfony integration of `cuyz/valinor` — a library that helps to map any input into a strongly-typed value object structure. 51215.0k2](/packages/cuyz-valinor-bundle)[eliashaeussler/cache-warmup Composer package to warm up website caches, based on a given XML sitemap 73387.5k5](/packages/eliashaeussler-cache-warmup)[n1ebieski/ksef-php-client PHP API client that allows you to interact with the API Krajowego Systemu e-Faktur 7228.4k](/packages/n1ebieski-ksef-php-client)[eliashaeussler/typo3-warming Warming - Warms up Frontend caches based on an XML sitemap. Cache warmup can be triggered via TYPO3 backend or using a console command. Supports multiple languages and custom crawler implementations. 20229.9k](/packages/eliashaeussler-typo3-warming)[integer-net/magento2-sansec-watch Sansec Watch integration for Magento 2 35161.2k](/packages/integer-net-magento2-sansec-watch) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)