SBOMPLAY
Abstract
SBOMPlay is a browser-first, privacy-aware SBOM visualization and enrichment tool designed to showcase the real potential of SBOMs beyond just vulnerability tracking. Instead of relying on server-side infrastructure or custom scripts, SBOMPlay runs entirely in the browser. It enables users to extract SBOMs from GitHub repositories, enrich them with data from osv.dev, and analyze dependencies across repositories and organizations in a unified view. Whether reducing tech debt, surfacing redundant packages, or evaluating license compliance, SBOMPlay makes software inventory exploration accessible to developers, security engineers, and decision-makers alike.
Presented at Black Hat Europe 2025 Arsenal, December 8-11, London. Track: Vulnerability Assessment.