From SBOMs to AI BOMs: Why SPDX 3.0 Matters

Wednesday, June 10, 2026 at 12:00 PM UTC·Source: Sonatype (Maven/npm)

Updated: Wednesday, June 10, 2026 at 01:02 PM UTC

Executive Summary

</d

Analysis

Software bill of materials (SBOM) strategies are rapidly evolving. What began as a way to track open source components for compliance and vulnerability management is quickly expanding into something much larger: a broader effort to understand, secure, and govern modern software supply chains.

Indicators of Compromise (4)

URL (3)

https://www.sonatype.com/blog/from-sboms-to-ai-boms-why-spdx-3.0-matters

VirusTotal URLhaus

https://www.sonatype.com/hubfs/blog_ai_bom.png

VirusTotal URLhaus

https://www.sonatype.com/resources/articles/what-is-software-bill-of-materials

VirusTotal URLhaus

Domain (1)

www.sonatype.com

VirusTotal URLhaus

Source Attribution

Originally published by Sonatype (Maven/npm) on Jun 10, 2026.

Related Threats

MEDIUMSupply Chain

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]

4h agoBleepingComputer

MEDIUMSupply Chain

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]

5h agoBleepingComputer

MEDIUMSupply Chain

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.

1d agoDark Reading