SBOM Play

Analyze Software Bill of Materials from GitHub organizations, users, and repositories to understand dependency patterns and usage. Supports direct GitHub URLs for easy analysis.

Resume Analysis

You have a pending analysis that was interrupted by a rate limit. You can resume it now.

Analyze GitHub Organization or User
Remove Rate Limit by GitHub Authentication (Optional)
Note: GitHub tokens are not saved or persisted. You will need to provide your token each time you use the application.
Analysis Progress
0%
Initializing analysis...
Started:
Elapsed: 0s
Finished:
Total Time:
Analysis Results
Statistics Dashboard

Loading statistics...

SBOM Quality Assessment
Top 5 Most Commonly Used Dependencies
Top 5 Dependencies with Version Sprawl
License Distribution
Help & Tips
Getting Started:
  1. Enter a GitHub organization name, username, repository, or full GitHub URL
  2. Optionally add a GitHub token for higher rate limits
  3. Click "Start Analysis" and wait for processing
  4. View results and export data as needed
Input Formats:
  • Organization: microsoft (analyzes all public repos in the organization)
  • User: torvalds (analyzes all public repos for the user)
  • Single Repository: microsoft/vscode (analyzes only that specific repository)
  • Repository URL: https://github.com/cyfinoid/sbomplay (analyzes that specific repository)
  • Organization URL: https://github.com/cyfinoid/ (analyzes all repos in the organization)
Rate Limits:
  • Without token: 60 requests/hour
  • With token: 5,000 requests/hour
  • The tool will automatically wait for rate limit resets
  • Analysis state is preserved during rate limit waits
  • Note: GitHub tokens are not saved and must be provided each session
Data Storage:
  • All data is stored in your browser's local storage
  • Data persists between browser sessions
  • You can clear data using browser settings