Loading...
 
Skip to main content

History: SBOM

Source of version: 7 (current)

Copy to clipboard
            ! Introduction
A Software Bill of Materials (SBOM) is a detailed list of all the components, libraries, and dependencies used within a software project.  
In Tiki, generating an SBOM improves __security__, __compliance__, and __transparency__, by helping administrators and developers to know exactly what makes up their installation.  

! Why SBOM is important for Tiki
There are several reasons why generating and maintaining an SBOM is valuable:
* __Security__: Quickly identify vulnerabilities in third-party dependencies when new CVEs (security advisories) are published.  
* __Compliance__: Ensure that all open-source licenses used within Tiki are compatible with your project’s legal requirements.  
* __Transparency__: Provides a clear picture of all components included in a Tiki installation for audits or enterprise use.  
* __Maintenance__: Helps developers track dependency changes across upgrades and patches.  

! How to generate SBOM in Tiki
Tiki provides a built-in command to generate an SBOM.  
Run the following from the root of your Tiki installation:

{CODE()}
php console.php sbom:generate
{CODE}

!!# Authentication
When you run this command, Tiki will ask you to enter your local credentials.  
Use your __localhost Tiki administrator username and password__.  

Once authenticated, the process will begin and Tiki will analyze all installed components.  

!!# Output
After completion, a ''.json'' file will be generated in your Tiki directory.  

* The file will contain a structured Software Bill of Materials (SBOM).  
* All logs from the process will also be recorded in the output file.  
* By default, the format is JSON and can be validated or imported into SBOM tools such as SPDX or CycloneDX.  

__Example output file__:  
''sbom-output.json''

! Next steps
After generating your SBOM, you can:
 
~tc~ (alias(sbom)) ~/tc~