Mapping SBOMs for Fun and Profit

Official Website link

• Mapping SBOMs for Fun and Profit – Security Days Fall 2026

WS3-03 | March 26 (Thu) 10:00-11:30 | 5F | Workshop | Consecutive Translation

Workshop Overview

Everyone’s talking about SBOMs for vulnerabilities, but few are using them for what they really are: inventories. This session is a guided, hands-on exploration of SBOMs using SBOMPlay — showing how to aggregate, compare, and visualize dependency patterns across repositories and orgs, identify license issues, and unlock strategic insights.

Learning Outcomes

• Read and interpret SBOMs beyond just CVEs
• Visualize dependencies across multiple repositories
• Identify licensing conflicts and stale components
• Leverage SBOMPlay in your own dev or security workflow

Audience Level

Beginner — The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.

Prerequisites

1. Personal Laptop with unrestricted internet access
2. Google Account with Access to Google Cloud Console & Cloud Shell (reference)
3. Personal GitHub Account
4. Discord Account for support

Due to the short duration of the workshop, dedicated troubleshooting support is not provided. If your system does not work, the recommended approach is to observe how others are progressing and try again after the workshop.

Tools Used

• SBOMPlay: Browser-first, privacy-aware SBOM visualization and enrichment tool
• Multi-repository dependency analysis
• License management and compliance checks

Event Information

• Event: Security Days Fall 2026 (Tokyo)
• Session Code: WS3-03
• Date & Time: March 26, 2026 (Thu) 10:00-11:30
• Venue: Tokyo Venue (5F)
• Format: Workshop
• Translation: Consecutive translation available
• Instructor: Anant Shrivastava | Founder, Cyfinoid Research
• Official Site: Security Days Fall 2026