WordPress integration with OWASP CycloneDX and Dependency Track
This package is compatible with WordPress Coding Standards, PSR-4.
WordPress integration with OWASP CycloneDX and Dependency Track
Features:
- Automatic BOM submission to OWASP Dependency Track
- Manual BOM submission to OWASP Dependency Track
- Download BOM JSON in OWASP CycloneDX format
Screenshots
See option page
FAQ
Add CPE from BOM
add_filter(
'wpbom_bom',
function( $bom ) {
foreach ( $bom['components'] as $key => $component ) {
if ( 'woocommerce' === $component['name'] ) {
$bom['components'][ $key ]['cpe'] = 'cpe:2.3:a:woocommerce:woocommerce:' . $component['version'] . ':*:*:*:*:wordpress:*:*';
}
}
return $bom;
}
);
We are building a feature to automate this
Remove component from BOM
add_filter(
'wpbom_bom',
function( $bom ) {
foreach ( $bom['components'] as $key => $component ) {
if ( 'woocommerce' === $component['name'] ) {
unset( $bom['components'][ $key ] );
}
}
return $bom;
}
);
Add component from BOM
add_filter(
'wpbom_bom',
function( $bom ) {
global $wpdb;
$db_server_info = explode( '-', $wpdb->db_server_info() );
$bom['components'][] = array(
'type' => 'application',
'bom-ref' => 'pkg:deb/debian/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1],
'name' => strtolower( $db_server_info[2] ),
'version' => $db_server_info[1],
'purl' => 'pkg:deb/debian/' . strtolower( $db_server_info[2] ) . '@' . $db_server_info[1],
'licenses' => array(
array(
'license' => array(
'id' => 'GPL-2.0-or-later',
),
),
),
);
return $bom;
}
);
ChangeLog
1.2.0
- Add WordPress as component
- Fix some bugs
1.1.0
- Add CPE example
- Fix Copyright
- Remove purl
1.0.2
1.0.0