OWASP Global AppSec EU 2026 Vienna

OWASP Demo Lab - Hands-On Workshop / Small Group Session
Zone 3
 
Ever looked at a CycloneDX file and thought, there’s gotta be a better way to read this? You're not alone. In late December 2024 OWASP CycloneDX unveiled a brand new SBOM visualization tool called Sunshine - a first-of-its-kind visualization tool that transforms static CycloneDX SBOM files into intuitive, interactive experiences.

Sunshine lets you explore software components, dependencies, vulnerabilities, and licenses like never before. As an open-source tool under the Apache 2.0 license, it's accessible to everyone. Designed with a privacy-first approach, all processing happens client-side, ensuring your SBOM data remains entirely within your browser.

Presented for the first time at OWASP AppSec EU 2025, since then many new features have been released and will be showcased at OWASP AppSec EU 2026:
- Advanced filters, to let you focus and prioritize according to your own personal criteria
- Ability to easily identify and analyse n-tier dependencies within the SBOM
- "Query my SBOM" feature: an integrated full fledged SQL engine to let you literally query your SBOM in a powerful yet simple way - and export results in CSV
- Thanks to the invaluable community feedback and support, compatibility and stability have been largely improved, now being able to seamlessly analyze big and complex SBOMs
- Last but not least: during the conference a brand new exciting feature will be presented: "Chat with my SBOM", a privacy-first LLM-based AI chatbot entirely running in your browser (no server side components involved), that will empower you to get information from your SBOM in a convenient conversational way.

Join us for a hands-on walkthrough of Sunshine, where you’ll get to see it in action — not just slides. You will see how Sunshine helps developers, security pros, and even less-technical stakeholders actually understand what's in a software bill of materials.