{"id":151387,"date":"2021-12-20T23:23:53","date_gmt":"2021-12-20T23:23:53","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wpbom\/"},"modified":"2025-01-09T21:31:42","modified_gmt":"2025-01-09T21:31:42","slug":"wpbom","status":"publish","type":"plugin","link":"https:\/\/tw.wordpress.org\/plugins\/wpbom\/","author":18374405,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.0","stable_tag":"1.4.0","tested":"6.7.5","requires":"6.0","requires_php":"8.2","requires_plugins":null,"header_name":"WpBom","header_author":"Vitor Guia","header_description":"WordPress integration with OWASP CycloneDX and Dependency Track","assets_banners_color":"ffffff","last_updated":"2025-01-09 21:31:42","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/liberapay.com\/vitoranguia\/","header_plugin_uri":"https:\/\/gitlab.com\/sepbit\/wpbom","header_author_uri":"https:\/\/vitor.guia.nom.br","rating":0,"author_block_rating":0,"active_installs":70,"downloads":2923,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"vitoranguia","date":"2021-12-20 23:23:27"},"1.0.1":{"tag":"1.0.1","author":"vitoranguia","date":"2021-12-20 23:28:40"},"1.0.2":{"tag":"1.0.2","author":"vitoranguia","date":"2021-12-26 19:09:22"},"1.1.0":{"tag":"1.1.0","author":"vitoranguia","date":"2022-05-29 22:11:47"},"1.2.0":{"tag":"1.2.0","author":"vitoranguia","date":"2023-07-26 18:56:35"},"1.2.1":{"tag":"1.2.1","author":"vitoranguia","date":"2024-03-08 23:57:07"},"1.4.0":{"tag":"1.4.0","author":"vitoranguia","date":"2025-01-09 21:31:42"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2647055,"resolution":"128x128","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":2647290,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.1","1.4.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":2647290,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"See option page"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[206066,206067,206068],"plugin_category":[],"plugin_contributors":[201654],"plugin_business_model":[],"class_list":["post-151387","plugin","type-plugin","status-publish","hentry","plugin_tags-bom","plugin_tags-cyclonedx","plugin_tags-dependency-track","plugin_contributors-vitoranguia","plugin_committers-vitoranguia"],"banners":{"banner":"https:\/\/ps.w.org\/wpbom\/assets\/banner-772x250.png?rev=2647290","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wpbom\/assets\/icon-128x128.png?rev=2647055","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/wpbom\/assets\/screenshot-1.png?rev=2647290","caption":"See option page"}],"raw_content":"<!--section=description-->\n<p>This package is compatible with <a href=\"https:\/\/github.com\/WordPress\/WordPress-Coding-Standards\">WordPress Coding Standards<\/a>, <a href=\"https:\/\/www.php-fig.org\/psr\/psr-4\">PSR-4<\/a>.<\/p>\n\n<p>WordPress integration with OWASP <a href=\"https:\/\/cyclonedx.org\">CycloneDX<\/a> and <a href=\"https:\/\/dependencytrack.org\">Dependency Track<\/a><\/p>\n\n<p>Features:<\/p>\n\n<ul>\n<li>Automatic BOM submission to OWASP Dependency Track<\/li>\n<li>Manual BOM submission to OWASP Dependency Track<\/li>\n<li>Download BOM JSON in OWASP CycloneDX format<\/li>\n<\/ul>\n\n<!--section=installation-->\n<p>This project uses <a href=\"https:\/\/php.net\">PHP<\/a> and <a href=\"https:\/\/getcomposer.org\">Composer<\/a>.<\/p>\n\n<p>$ cd wp-content\/plugins\/\n$ git clone https:\/\/gitlab.com\/sepbit\/wpbom.git\n$ cd wpbom\n$ composer update --no-dev<\/p>\n\n<!--section=faq-->\n<p>Add <a href=\"https:\/\/nvd.nist.gov\/products\/cpe\">CPE<\/a> from BOM<\/p>\n\n<pre><code>add_filter(\n    'wpbom_bom',\n    function( $bom ) {\n        foreach ( $bom['components'] as $key =&gt; $component ) {\n            if ( 'woocommerce' === $component['name'] ) {\n                $bom['components'][ $key ]['cpe'] = 'cpe:2.3:a:woocommerce:woocommerce:' . $component['version'] . ':*:*:*:*:wordpress:*:*';\n            }\n        }\n        return $bom;\n    }\n);\n<\/code><\/pre>\n\n<p>We are building a feature to automate this<\/p>\n\n<p>Remove component from BOM<\/p>\n\n<pre><code>add_filter(\n    'wpbom_bom',\n    function( $bom ) {\n        foreach ( $bom['components'] as $key =&gt; $component ) {\n            if ( 'woocommerce' === $component['name'] ) {\n                unset( $bom['components'][ $key ] );\n            }\n        }\n        return $bom;\n    }\n);\n<\/code><\/pre>\n\n<p>Add component from BOM<\/p>\n\n<pre><code>add_filter(\n    'wpbom_bom',\n    function( $bom ) {\n        global $wpdb;\n        $db_server_info      = explode( '-', $wpdb-&gt;db_server_info() );\n        $bom['components'][] = array(\n            'type'     =&gt; 'application',\n            'bom-ref'  =&gt; 'pkg:deb\/debian\/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1],\n            'name'     =&gt; strtolower( $db_server_info[2] ),\n            'version'  =&gt; $db_server_info[1],\n            'purl'     =&gt; 'pkg:deb\/debian\/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1],\n            'licenses' =&gt; array(\n                array(\n                    'license' =&gt; array(\n                        'id' =&gt; 'GPL-2.0-or-later',\n                    ),\n                ),\n            ),\n        );\n        return $bom;\n    }\n);\n<\/code><\/pre>\n\n<!--section=changelog-->\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Add PHP 8.4<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Add WordPress as component<\/li>\n<li>Fix some bugs<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Add CPE example<\/li>\n<li>Fix Copyright<\/li>\n<li>Remove purl<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Add icon<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>First release!<\/li>\n<\/ul>","raw_excerpt":"WordPress integration with OWASP CycloneDX and Dependency Track","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/151387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=151387"}],"author":[{"embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/vitoranguia"}],"wp:attachment":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=151387"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=151387"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=151387"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=151387"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=151387"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=151387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}