SBoM Play

A presentation at Black Hat Europe 2025 in December 2025 in London, UK by Anant Shrivastava

Slide 1

Slide 1

SBOM Play Anant Shrivastava Cyfinoid Research #BHEU @BlackHatEvents

Slide 2

Slide 2

SBOM Play • SBOM Exploration and intelligence extraction platform • IN-Browser • Fully client side

Slide 3

Slide 3

Creation Idea • SBOM is just an inventory • Using SBOM in non-infosec scenarios • Showing is better then talking

Slide 4

Slide 4

One Field : As simple as it can get

Slide 5

Slide 5

SBoM Play: Input • A Github organization / user / repository • Either in shortform user/repo or org/repo or username or org • Or full github url https://github.com/cyfinoid/sbomplay • P.S. We just need Dependency Graph enabled on repositories.

Slide 6

Slide 6

Under the Hood

Slide 7

Slide 7

Nested SBOM Creation

Slide 8

Slide 8

Dashboard : 10K Feet view

Slide 9

Slide 9

Dependency View

Slide 10

Slide 10

Vulnerability View

Slide 11

Slide 11

Repository View

Slide 12

Slide 12

License Compliance

Slide 13

Slide 13

License Change

Slide 14

Slide 14

Author Details

Slide 15

Slide 15

Geographical View

Slide 16

Slide 16

Version Sprawl

Slide 17

Slide 17

Beyond Vulnerabilities

Slide 18

Slide 18

SBOM Play in 1 Image

Slide 19

Slide 19

Thanks you for listening • anant@cyfinoid.com • @anantshri • https://cyfinoid.github.io/sbomplay/ • https://github.com/cyfinoid/sbomplay/ Live URL

Slide 20

Slide 20