Cloudbase Sensor Now Supports SBOM Collection and Vulnerability Visualization for PHP Packages

Cloudbase Inc. (Headquarters: Minato-ku, Tokyo; CEO: Koya Iwasa) has announced that it has expanded the functionality of its domestic security platform, "Cloudbase," by adding a new PHP package scanning feature to its Cloudbase Sensor.

With this feature, environments that have deployed Cloudbase Sensor can now automatically collect package information used in PHP applications as an SBOM (Software Bill of Materials) and continuously visualize related vulnerabilities.

## Development Background

Interest in software supply chain risk has been growing in recent years. Consequently, the importance of continuously tracking and managing the vulnerabilities of OSS packages and libraries in use is increasing. In the PHP ecosystem, which is widely used in Web application development, dependency management using Composer is common, making the tracking of library vulnerabilities a critical challenge in security operations.

Furthermore, customers have expressed a need to "visualize OSS usage status in PHP applications" and "perform integrated vulnerability management."

Against this backdrop, we have added automated PHP package information collection to Cloudbase Sensor, enabling vulnerability management utilizing SBOM.

## Update Details

In this update, Cloudbase Sensor can now automatically scan PHP package metadata on target systems and collect it as an SBOM.

This allows for the visualization of library information used in Composer-based PHP applications, and related vulnerabilities can be managed continuously on Cloudbase.

Collected SBOM information integrates with the vulnerability management and risk prioritization features provided by Cloudbase, allowing centralized confirmation of vulnerability impact and response priority.

Information collected:
- Package name
- Version
- License information
- Dependency relationships between packages
- PURL (Package URL)
- Package location path
- PHP-related package vulnerabilities display
- Software tab in resource details

## Expected Effects

By integrating with Cloudbase's vulnerability management and risk prioritization features, efficient operations based on response priority can be realized.

- Automatically collect OSS package information used in PHP applications as an SBOM and continuously visualize it
- Centrally manage vulnerabilities in Composer-based PHP applications
- Quickly identify affected packages and systems when vulnerabilities are discovered, reducing investigation and response man-hours

Furthermore, because it can integrally manage SBOM and vulnerability information across multi-language environments including Java, Python, PHP, and Node.js, it supports continuous risk management against software supply chain risks.

Cloudbase will continue to realize integrated asset and vulnerability management across cloud and on-premise environments, contributing to the strengthening of security governance for the entire organization.