Integrate the CycloneDX PHP Composer plugin with Vulnetix. Generate a CycloneDX SBOM from your PHP Composer project and upload to Vulnetix.
CLI toolCycloneDX
Install & scan
$ composer require --dev cyclonedx/cyclonedx-php-composer $ composer CycloneDX:make-sbom --output-format=JSON --output-file=bom.json
Run CycloneDX PHP Composer in CI
Scan on every push and upload the results to Vulnetix:
- name: Install PHP dependencies run: composer install --no-dev - name: Generate CycloneDX SBOM run: composer CycloneDX:make-sbom --omit=dev --output-format=JSON --output-file=bom.json - name: Upload to Vulnetix run: vulnetix upload --file bom.json
Centralise CycloneDX PHP Composer results in Vulnetix
Upload CycloneDX PHP Composer CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.
CycloneDX PHP Composer documentation ↗ · Source repository ↗