SBOMPLAY
Abstract
SBOMPlay is a browser-first, privacy-aware SBOM exploration tool built to make SBOMs usable without extra setup or backend overhead. Most teams get stuck with heavyweight tooling or custom scripts just to make sense of their SBOMs. SBOMPlay flips that by running everything in the browser, supporting CycloneDX and SPDX formats, and giving you both visual and tabular views of dependencies, versions, licenses, and security data.
The tool can extract SBOMs from GitHub repos, enrich them using osv.dev, deps.dev, ecosyste.ms, and offer a cross-org, cross-repo view to identify redundant packages, tech debt, license issues, and more.
Key features include vulnerability mapping, version drift detection, license breakdowns, SBOM quality audits, benchmarking against standards (CISA, BSI, CERT-In), and spotting single points of failure in the supply chain. It also generates a security dashboard with severity distributions, exploitability analysis, and per-component risk scoring.