SBOM Play

Analyze Software Bill of Materials from GitHub organizations, users, and repositories to understand dependency patterns and usage. Supports direct GitHub URLs for easy analysis.

Privacy Assured: All analysis happens in your browser. No data is sent to any server.

Resume Analysis

You have a pending analysis that was interrupted by a rate limit. You can resume it now.

Enter a GitHub organization, username, repository, or URL to analyze^*

Drag & drop SBOM files here

or click to select files (multiple files supported)

Supported: SPDX JSON, CycloneDX JSON

Remove Rate Limit by GitHub Authentication (Optional)

Analysis Progress

Initializing analysis...

Statistics Dashboard

Loading statistics...

SBOM Quality Assessment

Top 5 Most Commonly Used Dependencies

Top 5 Dependencies with Version Sprawl

License Distribution

Help & Tips

Getting Started:

Enter a GitHub organization name, username, repository, or full GitHub URL
Optionally add a GitHub token for higher rate limits
Click "Start Analysis" and wait for processing
View results and export data as needed

Input Formats:

Organization: microsoft (analyzes all public repos in the organization)
User: torvalds (analyzes all public repos for the user)
Single Repository: microsoft/vscode (analyzes only that specific repository)
Repository URL: https://github.com/cyfinoid/sbomplay (analyzes that specific repository)
Organization URL: https://github.com/cyfinoid/ (analyzes all repos in the organization)

Rate Limits:

Without token: 60 requests/hour
With token: 5,000 requests/hour
The tool will automatically wait for rate limit resets
Analysis state is preserved during rate limit waits
Note: GitHub tokens are not saved and must be provided each session

Data Storage:

All data is stored in your browser's local storage
Data persists between browser sessions
You can clear data using browser settings