Introducing sbommage - A friendly SBOM viewer
Hi everyone! I wanted to share a little weekend project I’ve been working on - sbommage (SBOM + rummage).
The name is similar to grummage - my Grype vulnerability viewer. They share a similar look and ethos.
It’s a terminal-based SBOM viewer built with Python and the Textual library, aimed at making it easy to explore SBOMs in various formats (SPDX, CycloneDX, and of course Syft). While I’ve tested it most extensively with Syft-generated SBOMs, I’d love feedback on how it handles other formats.
The interface is split-pane, letting you navigate the SBOM contents on the left while viewing details on the right. You can pivot the view by:
- Package name
- Package type
- License
- Supplier
Here’s what it looks like in action:
I created this because I often find myself needing to quickly explore SBOMs, and wanted something more interactive than JSON viewers or grep. While it’s a personal project and definitely has room for improvement, I hope others might find it useful too.
The code is available in my personal GitHub repo for sbommage, distributed under the MIT license.
If you try it out, I’d love to hear:
- How it works with different SBOM formats
- Any features you’d find helpful
- Bug reports or other feedback via GitHub issues
Looking forward to hearing your thoughts!