This WordPress plugin will scan the plugins and themes on your site, construct a dependency tree, and produce an SDPX or CycloneDX SBOM report that can be used with existing tooling for software supply chain security analysis, inventory management, legal and compliance, auditing, software licensing, and change management.
This is being developed during the 2025 CloudFest Hackathon along with a variety of SBOM tooling for the WordPress, TYPO3, and wider open source CMS ecosystems.
