SBOMPlay is a browser-first, privacy-aware SBOM exploration tool built to make SBOMs usable without extra setup or backend overhead. Most teams get stuck with heavyweight tooling or custom scripts just to explore what an SBOM contains. SBOMPlay avoids that by running entirely in the browser—no server, no uploads, just instant visibility into your software inventory.
The tool can extract SBOMs from GitHub repos, enrich them using osv.dev, deps.dev, ecosyste.ms, and offer a cross-org, cross-repo view to identify redundant packages, tech debt, license issues, and more. It is designed for developers, security engineers, and decision-makers who need fast answers about their dependencies without friction.
Key features include vulnerability mapping, version drift detection, license breakdowns, SBOM quality audits, benchmarking against standards (CISA, BSI, CERT-In), and spotting single points of failure via maintainer aggregation.
Comments (1)
SBoMPlay brings the joy and inteligence of agregating sbom and then extracting insights.