SBoM Play

SBOM Play Anant Shrivastava Cyfinoid Research #BHEU @BlackHatEvents

SBOM Play • SBOM Exploration and intelligence extraction platform • IN-Browser • Fully client side

Creation Idea • SBOM is just an inventory • Using SBOM in non-infosec scenarios • Showing is better then talking

One Field : As simple as it can get

SBoM Play: Input • A Github organization / user / repository • Either in shortform user/repo or org/repo or username or org • Or full github url https://github.com/cyfinoid/sbomplay • P.S. We just need Dependency Graph enabled on repositories.

Under the Hood

Nested SBOM Creation

Dashboard : 10K Feet view

Dependency View

Vulnerability View

Repository View

License Compliance

License Change

Author Details

Geographical View

Version Sprawl

Beyond Vulnerabilities

SBOM Play in 1 Image

Thanks you for listening • anant@cyfinoid.com • @anantshri • https://cyfinoid.github.io/sbomplay/ • https://github.com/cyfinoid/sbomplay/ Live URL