How to Generate SBOM for PHP Projects

Can Özkan
2 min readJan 10, 2024

In the dynamic realm of PHP development, where libraries and dependencies are rather complex, the need for transparency and security has never been more critical. Enter the Software Bill of Materials (SBOM), a powerful tool that unveils the composition of PHP projects, laying bare the elements that contribute to their functionality. I’ll discuss generating SBOM files for PHP projects in this blog post.


First, make sure that PHP is installed.

Then, we install the plugin.

Check whether the plugin is installed properly.

Navigate to the project folder for which you want to generate SBOM.

The plugin required a composer.lock file to run. In case you do not have a composer.lock file, then run the following command to generate one.

Upon generating the composer.lock file, we are ready to generate an SBOM file for the project.

This work has been supported in part by the Energy Transition Fund of the FPS Economy of Belgium through the CYPRESS project, and in part by the VLAIO COOCK program through the IIoT-SBOM project.

Thanks for reading.

Can Özkan



Can Özkan

Security Researcher, Penetration Tester, and Reverse Engineer