Software Bill of Materials (SBOM)

What is an SBOM?
TinyBell platform components
Backend (PHP 8.2)
Frontend (JavaScript)
Pixel script (loaded on hotel websites)
External APIs (free, no authentication)
SBOM format
Update policy
Vulnerability monitoring

What is an SBOM?

A Software Bill of Materials is a formal inventory of all software components, libraries, and dependencies used in a product. Under the EU Cyber Resilience Act (CRA), manufacturers of products with digital elements must maintain and provide an SBOM.

TinyBell platform components

Backend (PHP 8.2)

Component	Version	License	Purpose
PHP	8.2.x	PHP License	Server-side runtime
Apache	2.4.x	Apache 2.0	Web server
MySQL	8.0.x	GPL 2.0	Database
PHPMailer	6.x	LGPL 2.1	Email delivery
Guzzle HTTP	7.x	MIT	HTTP client
Stripe PHP	Latest	MIT	Payment processing
HTMLPurifier	4.x	LGPL 2.1	Input sanitization
SVG Sanitizer	0.x	MIT	SVG file validation
MaxMind GeoIP2	2.x	Apache 2.0	IP geolocation (local DB)
QR Code Generator	Various	MIT	QR code generation
Web Push	Latest	MIT	Browser push notifications
Two Factor Auth	Latest	MIT	2FA support

Frontend (JavaScript)

Component	Version	License	Purpose
jQuery	3.x	MIT	DOM manipulation
Bootstrap	4.6.x	MIT	UI framework
Chart.js	3.x	MIT	Statistics charts
Pickr	Latest	MIT	Color picker
CookieConsent	Latest	MIT	Cookie consent banner
EditorJS	Latest	Apache 2.0	Content editor

Pixel script (loaded on hotel websites)

Component	Version	License	Purpose
pixel-header.js	Custom	Proprietary	Notification display engine
pixel.css	Custom	Proprietary	Notification styling

The pixel script has zero external dependencies. It is a self-contained JavaScript file that does not load any third-party libraries on hotel websites.

External APIs (free, no authentication)

Service	Purpose	Data sent	Privacy policy
Nager.Date	Public holiday detection	Country code only	nager.at/privacy
Open-Meteo	Weather data	Latitude/longitude of hotel (not visitor)	open-meteo.com/terms

SBOM format

This SBOM follows the CycloneDX standard recommendations. A machine-readable version in CycloneDX JSON format is available upon request at info@thetinybell.com.

Update policy

This SBOM is updated with every major release of the TinyBell platform. Last update: April 2026.

Vulnerability monitoring

We monitor all listed dependencies for known vulnerabilities using automated tools. When a vulnerability is discovered in a dependency:

We assess the impact on TinyBell within 24 hours
We apply patches or mitigations within 7 days for critical issues
We notify affected customers if their data may have been at risk

Liability & Responsibility

⌘I

Security & Compliance

​What is an SBOM?

​TinyBell platform components

​Backend (PHP 8.2)

​Frontend (JavaScript)

​Pixel script (loaded on hotel websites)

​External APIs (free, no authentication)

​SBOM format

​Update policy

​Vulnerability monitoring

What is an SBOM?

TinyBell platform components

Backend (PHP 8.2)

Frontend (JavaScript)

Pixel script (loaded on hotel websites)

External APIs (free, no authentication)

SBOM format

Update policy

Vulnerability monitoring