Codenotary has expanded its free SBOM.sh service to include AI applications, treating datasets as key software supply chain artifacts to boost visibility, security, and compliance.
Quick Intel
Codenotary, a leader in software supply chain protection, announced enhancements to its free SBOM.sh service that extend support to AI applications. By treating datasets as essential software supply chain artifacts, the update evolves SBOM practices to match modern AI-driven system development, deployment, and operations. This closes a significant gap in security and compliance for organizations relying on AI technologies.
Traditional SBOM tools primarily focus on source code dependencies, leaving critical data components in AI applications unexamined. As Moshe Bar, CEO and co-founder, Codenotary, stated: “Traditional SBOM tools were built for an earlier era – focusing primarily on source code to improve visibility into the software supply chain. Security teams are swimming in SBOMs, but they’re not getting the actionable clarity they need — especially as AI transforms software with AI applications built on datasets which are entirely ignored by traditional SBOMs.”
SBOM.sh has demonstrated strong adoption over three years, processing more than 100 million SBOMs at an average of 3 million API requests per week. Each analyzed SBOM typically reveals 21 vulnerabilities, underscoring persistent risks in software supply chains.
The enhanced service introduces targeted capabilities to strengthen AI governance and compliance. These include documentation of dataset sources, licensing terms, and governance controls to improve audit readiness and reduce compliance risks. It also captures model lineage details such as base-model origins, fine-tuning history, version identifiers, and update pathways for greater training transparency. Additional visibility covers inference endpoints, access controls, runtime integrations, and monitoring mechanisms. Ownership, approval, and accountability details are embedded throughout AI artifacts to support accountability.
SBOM.sh remains a straightforward, free tool for uploading, analyzing, and sharing both traditional SBOMs and AI software supply chain information, making advanced visibility accessible to developers, DevOps teams, and security organizations.
This update positions SBOM.sh as a vital resource for teams building AI-native applications, enabling better risk management, regulatory adherence, and overall trust in AI-powered software ecosystems.
About Codenotary
Used by hundreds of customers worldwide – including the world’s leading banks, governments, and defense organizations – Codenotary delivers technology that protects the entire software development lifecycle. Codenotary brings easy-to-use trust and integrity into modern software pipelines through advanced AI models that recognize attack patterns instantaneously. Codenotary can be deployed in minutes and integrates with modern CI/CD platforms.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.