Introduction
A Software Bill of Materials (SBOM) is a detailed list of all the components, libraries, and dependencies used within a software project.
In Tiki, generating an SBOM improves security, compliance, and transparency, by helping administrators and developers to know exactly what makes up their installation.
Why SBOM is important for Tiki
There are several reasons why generating and maintaining an SBOM is valuable:
- Security: Quickly identify vulnerabilities in third-party dependencies when new CVEs (security advisories) are published.
- Compliance: Ensure that all open-source licenses used within Tiki are compatible with your project’s legal requirements.
- Transparency: Provides a clear picture of all components included in a Tiki installation for audits or enterprise use.
- Maintenance: Helps developers track dependency changes across upgrades and patches.
How to generate SBOM in Tiki
Tiki provides a built-in command to generate an SBOM.
Run the following from the root of your Tiki installation:
php console.php sbom:generate
1.1. Authentication
When you run this command, Tiki will ask you to enter your local credentials.
Use your localhost Tiki administrator username and password.
Once authenticated, the process will begin and Tiki will analyze all installed components.
1.2. Output
After completion, a .json file will be generated in your Tiki directory.
- The file will contain a structured Software Bill of Materials (SBOM).
- All logs from the process will also be recorded in the output file.
- By default, the format is JSON and can be validated or imported into SBOM tools such as SPDX or CycloneDX.
Example output file:
sbom-output.json
Next steps
After generating your SBOM, you can: