Codenotary is adding new capabilities to its SBOM.sh service, which provides free analysis of software bills of materials (SBOMs).
According to the company, the updates were made in consideration of AI applications, and the tool now treats datasets as software supply chain artifacts.
“Traditional SBOM tools were built for an earlier era – focusing primarily on source code to improve visibility into the software supply chain,” said Moshe Bar, CEO and co-founder of Codenotary. “Security teams are swimming in SBOMs, but they’re not getting the actionable clarity they need — especially as AI transforms software with AI applications are built on datasets which are entirely ignored by traditional SBOMs.”
It now provides documentation of dataset sources, licensing terms, and governance controls, which helps organizations be more audit-ready.
SBOM.sh also now captures lineage metadata, such as base-model origins, fine-tuning history, version identifiers, and update pathways.
Additionally, for monitoring and observability purposes, it offers visibility into inference endpoints, access controls, runtime integrations, and monitoring hooks.
And finally, the tool now embeds ownership and approval context into AI artifacts.
