PHPackages sbominator/laravel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. sbominator/laravel ActiveLibrary[Utility & Helpers](/categories/utility) sbominator/laravel ================== Integrate SBOMinator with your Laravel application v0.1.0(1y ago)235↓100%1MITPHPPHP ^8.0CI passing Since Mar 17Pushed 1y ago2 watchersCompare [ Source](https://github.com/sbominator/laravel)[ Packagist](https://packagist.org/packages/sbominator/laravel)[ RSS](/packages/sbominator-laravel/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (5)Used By (0) SBOMinator for Laravel ====================== [](#sbominator-for-laravel) A Laravel package to easily generate Software Bill of Materials (SBOM) for your Laravel applications. This package provides a convenient Artisan command that automatically analyzes your project dependencies and generates a standards-compliant SBOM file in either CycloneDX or SPDX format. What is an SBOM? ---------------- [](#what-is-an-sbom) A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of all components and dependencies used in your application. SBOMs are becoming increasingly important for: - Security and vulnerability management - Software supply chain transparency - Regulatory and compliance requirements - Open source license management Features -------- [](#features) - 🔄 Generates standards-compliant SBOM files (CycloneDX or SPDX format) - 📦 Automatically parses both Composer and NPM dependencies - 🛠️ Simple integration via Laravel's service provider system - ⚡ Convenient Artisan command interface Installation ------------ [](#installation) You can install the package via composer: ``` composer require sbominator/laravel ``` The package will automatically register its service provider if you're using Laravel's package auto-discovery. If you're not using auto-discovery, add the service provider to your `config/app.php` file: ``` 'providers' => [ // ... SBOMinator\Laravel\SBOMinatorServiceProvider::class, ], ``` Usage ----- [](#usage) To generate an SBOM for your Laravel application with default settings (CycloneDX format), run: ``` php artisan sbominator:generate ``` By default, this will create a CycloneDX SBOM file called `sbom.json` in your project's base directory. ### Choose Output Format [](#choose-output-format) You can specify the output format using the `--format` option: ``` # Generate in CycloneDX format (default) php artisan sbominator:generate --format=cyclonedx # Generate in SPDX format php artisan sbominator:generate --format=spdx ``` ### Custom Output Path [](#custom-output-path) You can specify a custom output path using the `--output` option: ``` php artisan sbominator:generate --output=storage/sbom/my-app-sbom.json ``` You can combine both options: ``` php artisan sbominator:generate --format=spdx --output=storage/sbom/my-app-spdx.json ``` ### Dependencies Analyzed [](#dependencies-analyzed) The package analyzes the following dependency sources: - **Composer dependencies** (using `composer.lock`) - **NPM dependencies** (using `package-lock.json`, if present) Requirements ------------ [](#requirements) - PHP 8.2 or higher - Laravel 9.0 or higher - Composer lock file (`composer.lock`) must be present and readable How It Works ------------ [](#how-it-works) The `sbominator:generate` command: 1. Locates and parses your `composer.lock` file to extract PHP dependencies 2. If present, parses your `package-lock.json` file to extract NPM dependencies 3. Combines these dependencies into a standardized format 4. Generates a standards-compliant SBOM file in your chosen format at the specified location Example Output -------------- [](#example-output) ### CycloneDX Format [](#cyclonedx-format) ``` { "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:...", "version": 1, "metadata": { "timestamp": "2025-03-17T12:00:00Z", "tools": [ { "vendor": "SBOMinator", "name": "Generator", "version": "0.4.1" } ] }, "components": [ { "type": "library", "name": "laravel/framework", "version": "10.0.0", "purl": "pkg:composer/laravel/framework@10.0.0", "licenses": [ { "license": { "id": "MIT" } } ] }, // Additional dependencies... ] } ``` ### SPDX Format [](#spdx-format) ``` { "spdxVersion": "SPDX-2.3", "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "app-sbom", "documentNamespace": "http://spdx.org/spdxdocs/app-sbom", "creationInfo": { "created": "2025-03-17T12:00:00Z", "creators": [ "Tool: SBOMinator-0.4.1" ] }, "packages": [ { "name": "laravel/framework", "SPDXID": "SPDXRef-Package-laravel-framework", "versionInfo": "10.0.0", "downloadLocation": "https://github.com/laravel/framework.git", "licenseConcluded": "MIT", "licenseDeclared": "MIT" }, // Additional dependencies... ] } ``` Why Use SBOMinator? ------------------- [](#why-use-sbominator) - **Security**: Identify vulnerable components quickly when new CVEs are published - **Compliance**: Meet regulatory requirements for software transparency - **Flexibility**: Generate SBOMs in different formats based on your needs - **Auditability**: Maintain accurate records of dependencies for each release - **Simplicity**: Generate SBOMs with a single command Testing ------- [](#testing) ``` composer test ``` Contributing ------------ [](#contributing) please see [CONTRIBUTING.md](CONTRIBUTING.md) for more information. License ------- [](#license) This project is open source and available under the MIT License. ### Health Score 28 — LowBetter than 54% of packages Maintenance46 Moderate activity, may be stable Popularity13 Limited adoption so far Community11 Small or concentrated contributor base Maturity35 Early-stage or recently created project Bus Factor1 Top contributor holds 75% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 419d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d7d443c422d11308c5b1fdf7020c15dbf3a1b80a2e15c846383f0594f6c0bb1c?d=identicon)[sbominator](/maintainers/sbominator) --- Top Contributors [![patricebender](https://avatars.githubusercontent.com/u/23496018?v=4)](https://github.com/patricebender "patricebender (3 commits)")[![carlalexander](https://avatars.githubusercontent.com/u/654684?v=4)](https://github.com/carlalexander "carlalexander (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/sbominator-laravel/health.svg) ``` [![Health](https://phpackages.com/badges/sbominator-laravel/health.svg)](https://phpackages.com/packages/sbominator-laravel) ``` ### Alternatives [barryvdh/laravel-ide-helper Laravel IDE Helper, generates correct PHPDocs for all Facade classes, to improve auto-completion. 14.9k123.0M684](/packages/barryvdh-laravel-ide-helper)[orchestra/canvas Code Generators for Laravel Applications and Packages 21017.2M157](/packages/orchestra-canvas)[illuminate/pipeline The Illuminate Pipeline package. 9446.6M210](/packages/illuminate-pipeline)[illuminate/pagination The Illuminate Pagination package. 10532.5M858](/packages/illuminate-pagination)[spatie/laravel-pjax A pjax middleware for Laravel 5 513371.8k11](/packages/spatie-laravel-pjax)[spatie/laravel-mix-preload Add preload and prefetch links based your Mix manifest 169176.0k2](/packages/spatie-laravel-mix-preload) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)