History: SBOM
Source of version: 7 (current)
Copy to clipboard
! Introduction A Software Bill of Materials (SBOM) is a detailed list of all the components, libraries, and dependencies used within a software project. In Tiki, generating an SBOM improves __security__, __compliance__, and __transparency__, by helping administrators and developers to know exactly what makes up their installation. ! Why SBOM is important for Tiki There are several reasons why generating and maintaining an SBOM is valuable: * __Security__: Quickly identify vulnerabilities in third-party dependencies when new CVEs (security advisories) are published. * __Compliance__: Ensure that all open-source licenses used within Tiki are compatible with your project’s legal requirements. * __Transparency__: Provides a clear picture of all components included in a Tiki installation for audits or enterprise use. * __Maintenance__: Helps developers track dependency changes across upgrades and patches. ! How to generate SBOM in Tiki Tiki provides a built-in command to generate an SBOM. Run the following from the root of your Tiki installation: {CODE()} php console.php sbom:generate {CODE} !!# Authentication When you run this command, Tiki will ask you to enter your local credentials. Use your __localhost Tiki administrator username and password__. Once authenticated, the process will begin and Tiki will analyze all installed components. !!# Output After completion, a ''.json'' file will be generated in your Tiki directory. * The file will contain a structured Software Bill of Materials (SBOM). * All logs from the process will also be recorded in the output file. * By default, the format is JSON and can be validated or imported into SBOM tools such as SPDX or CycloneDX. __Example output file__: ''sbom-output.json'' ! Next steps After generating your SBOM, you can: ~tc~ (alias(sbom)) ~/tc~