Codenotary Expands SBOM.sh to Track AI Datasets, Addressing Supply Chain Blind Spots
Event summary
- Codenotary updated its free SBOM.sh service to analyze AI software supply chains, treating datasets as artifacts.
- The service now tracks data provenance, model lineage, inference operations, and ownership for AI applications.
- SBOM.sh processes 3 million API requests weekly and has analyzed over 100 million SBOMs, averaging 21 vulnerabilities per SBOM.
- The update aims to close security and compliance gaps ignored by traditional SBOM tools focused on source code.
The big picture
Codenotary's update reflects the growing need for AI-specific security tools as datasets become critical supply chain components. The move aligns with broader industry shifts toward data provenance and model transparency amid rising regulatory scrutiny. With over 100 million SBOMs analyzed, the company is positioning itself as a leader in addressing AI's unique security challenges.
What we're watching
- Adoption Pace
- Whether enterprises will widely adopt dataset tracking in SBOMs to meet evolving AI security needs.
- Regulatory Impact
- How new data governance requirements may accelerate demand for AI-specific SBOM capabilities.
- Competitive Response
- If traditional SBOM providers will expand into AI supply chain analysis to match Codenotary's offering.
Related topics