sbominator / scaninator
Requires
- google/apiclient: ^2.18
- nikic/php-parser: ^5.4
This package is auto-updated.
Last update: 2025-03-17 10:11:23 UTC
README
A PHP dependency scanner that analyzes PHP files to extract and resolve all include/require statements. This tool can scan both local files and PHP files from GitHub repositories.
Requirements
- PHP 7.0 or later
- Composer
- Git (for GitHub repository scanning)
- PHP Tokenizer extension
Installation
-
Clone the repository:
git clone https://github.com/sbominator/scaninator.git cd scaninator
-
Install dependencies with Composer:
composer install
Usage
Command Line Interface
The simplest way to use Scaninator is through the command line:
php cli.php <filename or GitHub URL>
Examples
Scan a local file:
php cli.php path/to/file.php
Scan a file from a GitHub repository:
php cli.php https://github.com/owner/repo/blob/main/path/to/file.php
Programmatic Usage
You can also use Scaninator in your own PHP scripts:
<?php require 'vendor/autoload.php'; $scanner = new \Scaninator\Scaninator('path/to/file.php'); $dependencies = $scanner->get_dependencies(); print_r($dependencies);
Retrieving SBOM Data
For GitHub repositories, you can retrieve the Software Bill of Materials (SBOM) without performing a full scan:
<?php require 'vendor/autoload.php'; $scanner = new \Scaninator\Scaninator('https://github.com/owner/repo'); $sbom = $scanner->get_sbom(); print_r($sbom);
This will fetch the dependency graph SBOM directly from GitHub's API without cloning or scanning the repository.
Features
- Scans PHP files for
require
,require_once
,include
, andinclude_once
statements - Resolves paths of dependencies (handles relative paths,
__DIR__
, etc.) - Recursively analyzes dependencies to build a complete dependency tree
- Support for scanning files directly from GitHub repositories
- Retrieve SBOM data directly from GitHub repositories
Contributing
please see CONTRIBUTING.md for more information.
License
This project is open source and available under the MIT License.