WpBom Plugin

This package is compatible with WordPress Coding Standards, PSR-4.

WordPress integration with OWASP CycloneDX and Dependency Track

Features:

• Automatic BOM submission to OWASP Dependency Track
• Manual BOM submission to OWASP Dependency Track
• Download BOM JSON in OWASP CycloneDX format

This project uses PHP and Composer.

$ cd wp-content/plugins/
$ git clone https://gitlab.com/sepbit/wpbom.git
$ cd wpbom
$ composer update –no-dev

1. 

   See option page

Add CPE from BOM

add_filter( 'wpbom_bom', function( $bom ) { foreach ( $bom['components'] as $key => $component ) { if ( 'woocommerce' === $component['name'] ) { $bom['components'][ $key ]['cpe'] = 'cpe:2.3:a:woocommerce:woocommerce:' . $component['version'] . ':*:*:*:*:wordpress:*:*'; } } return $bom; } ); 

We are building a feature to automate this

Remove component from BOM

add_filter( 'wpbom_bom', function( $bom ) { foreach ( $bom['components'] as $key => $component ) { if ( 'woocommerce' === $component['name'] ) { unset( $bom['components'][ $key ] ); } } return $bom; } ); 

Add component from BOM

add_filter( 'wpbom_bom', function( $bom ) { global $wpdb; $db_server_info = explode( '-', $wpdb->db_server_info() ); $bom['components'][] = array( 'type' => 'application', 'bom-ref' => 'pkg:deb/debian/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1], 'name' => strtolower( $db_server_info[2] ), 'version' => $db_server_info[1], 'purl' => 'pkg:deb/debian/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1], 'licenses' => array( array( 'license' => array( 'id' => 'GPL-2.0-or-later', ), ), ), ); return $bom; } ); 

1.2.0

• Add WordPress as component
• Fix some bugs

1.1.0

• Add CPE example
• Fix Copyright
• Remove purl

1.0.2

• Add icon

1.0.0

• First release!