Codenotary Extends Free SBOM.sh Service to Examine AI Software Supply Chain

SAN FRANCISCO--(BUSINESS WIRE)--Codenotary, leaders in software supply chain protection, today announced new capabilities for its free SBOM.sh service – supporting AI applications by treating datasets as software supply chain artifacts.

The update represents a necessary evolution of SBOMs that reflects how modern systems are actually built, deployed, and operated, helping to close a critical gap in security and compliance.

“Traditional SBOM tools were built for an earlier era – focusing primarily on source code to improve visibility into the software supply chain,” said Moshe Bar, CEO and co-founder, Codenotary. “Security teams are swimming in SBOMs, but they’re not getting the actionable clarity they need — especially as AI transforms software with AI applications built on datasets which are entirely ignored by traditional SBOMs.”

The SBOM.sh service operates at massive scale averaging 3 million API requests per week. Over its 3-year history, the service has proven to be enormously popular and has analyzed more than 100 million SBOMs. On average, each SBOM analyzed contains 21 vulnerabilities demonstrating the security gap in software supply chains.

Now, SBOM.sh delivers the following capabilities to help enforce data governance, avoid license violations, and demonstrate provenance during audits or regulatory reviews.

• Data Provenance and Governance - Documentation of dataset sources, licensing terms, and governance controls – strengthening audit readiness and reducing data-driven compliance exposure.
• Model Lineage and Training Transparency - SBOM.sh captures lineage metadata including base-model origins, fine-tuning history, version identifiers, and update pathways.
• Inference Operations and Integrations - Visibility into inference endpoints, access controls, runtime integrations, and monitoring hooks.
• Ownership, Approval, and Accountability - Ownership and approval context is embedded across AI artifacts.

Free, Simple SBOM Analysis and Sharing at Scale

SBOM.sh is available as an easy-to-use service that enables developers, DevOps teams, and security organizations to upload, analyze, and share SBOMs, as well as their AI software supply chain.

About Codenotary

Used by hundreds of customers worldwide – including the world’s leading banks, governments, and defense organizations – Codenotary delivers technology that protects the entire software development lifecycle. Codenotary brings easy-to-use trust and integrity into modern software pipelines through advanced AI models that recognize attack patterns instantaneously. Codenotary can be deployed in minutes and integrates with modern CI/CD platforms. For more information, visit https://www.codenotary.com.