Generate CycloneDX BOM

[mterron]

Can you add a feature to generate a CycloneDX compatible BOM to composer?

Here's the spec: https://cyclonedx.org/docs/1.1/

All the information is already in composer so shouldn't be too hard.

[Seldaek]

I have no idea what you are talking about, nor what cyclonedx is, nor why I should spend time figuring out any of this.. So unless you spend some effort at least explaining I'd say no :)

[mterron]

CycloneDX is the std format for software composition management software to consume.

See OWASP DependencyTrack as an example.

To get PHP supported by DependencyTrack a way to generate a compliant BOM is needed.

[Seldaek]

Ok.. we can keep this open as a way to track it, but tbh this isn't gonna be high on the priority list at the moment.

[jakoch]

There is a plugin for this feature request: https://github.com/CycloneDX/cyclonedx-php-composer

[Seldaek]

Ah very nice, closing this then. Definitely better handled as a third party package as I don't think we want to maintain this.