Add composer.json as source for component detection #977
Labels
status:requirements
Full requirements are not yet known, so implementation should not be started
type:feature
Feature (new functionality)
Comments
|
I think I will create a PR for you soon. |
cobya
added
status:requirements
|
Composer is a supported ecosystem by the GitHub Advisory Database so this would be an awesome opportunity to support PHP with Advanced Security for Azure DevOps! |
|
I didn't continue working on that, because I had to look into CycloneDX, which supports almost all platforms to create SBOMs. I had the requirement to evaluate a dependency tracker, that checks for vulnerabilities against CVE databases like the GitHub Advisory Database. This is why I stumbled upon this repo and CyclonDX... However, I will finish the Composer PR within the next two weeks. It is basically a clone of the NPM version. Nothing special. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I initially created the issue here microsoft/sbom-tool#478, but it seemed to be the wrong repo.
Composer is a dependency manager for PHP: https://getcomposer.org/
It would be cool to also create an SBOM out of composer.json files. That's why I ask you to add composer.json as a source for component detection. I would also be happy to help if needed.
Thanks,
Juergen
AB#2140410
The text was updated successfully, but these errors were encountered: