FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Generating SBOM for STM32 firmware projects

Go to solution
Zainulabedeen
Associate III

‎2025-11-05 2:19 AM

I want to generate an SBOM (Software Bill of Materials) for my STM32 firmware project, specifically targeting the STM32H733 microcontroller. I have tried searching for guides or examples of how others have done this for similar projects, but I haven’t been able to find any detailed resources. Any guidance or references on generating an SBOM for my firmware project would be greatly appreciated.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Dor_RH
ST Employee

‎2025-11-11 2:01 AM

Hello @Zainulabedeen

The SBOM for STM32CubeH7 firmware package version 1.12.1, which supports the STM32H733 microcontroller, is available now on GitHub. You can access it here: https://github.com/STMicroelectronics/STM32CubeH7

I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

Thank you for your contribution.

Best regards,
Dor_RH

View solution in original post

5 REPLIES 5
Go to solution
Andrew Neil
Super User

‎2025-11-05 2:24 AM

Does this help?

STM32Cube software is ready for automated SBOM & security processes with Black Duck tools.

A complex system that works is invariably found to have evolved from a simple system that worked.
A complex system designed from scratch never works and cannot be patched up to make it work.
0 Kudos
Go to solution
Zainulabedeen
Associate III
In response to Andrew Neil

‎2025-11-05 2:30 AM - edited ‎2025-11-05 2:33 AM

I am currently looking for a solution that works now, as I believe the link you shared refers to a planned feature that isn’t yet implemented for STM32H7. I’m interested in learning what approaches others have used—either currently or in the past—to generate an SBOM for their STM32-based firmware projects ?

0 Kudos
Go to solution
Dor_RH
ST Employee

‎2025-11-11 2:01 AM

Hello @Zainulabedeen

The SBOM for STM32CubeH7 firmware package version 1.12.1, which supports the STM32H733 microcontroller, is available now on GitHub. You can access it here: https://github.com/STMicroelectronics/STM32CubeH7

I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

Thank you for your contribution.

Best regards,
Dor_RH

Go to solution
YahyaYozo
Associate II

‎2026-03-04 3:08 AM - last edited on ‎2026-03-04 3:38 AM by

Hello @Dor_RH 

I'm new to SBOM generation, and I need some help. In what way should I use the SBOM of the ST firmware package? Does it mean if I'm using Freertos in my project, I need to copy the freertos component from ST cube SBOM manually?

BR,
Yahya

Separate thread with the same question: Best practices for generating SBOM

0 Kudos
Go to solution
Dor_RH
ST Employee
In response to YahyaYozo

‎2026-03-05 1:00 AM - edited ‎2026-03-05 1:00 AM

Hello @YahyaYozo,

The SBOM provided with the STM32Cube firmware describes all the components in the package, including third‑party components included in the ST package (FreeRTOS, FatFS, lwIP, etc.).

For your own product, you should maintain your own SBOM that lists all components you actually use. If you are using FreeRTOS (or any other middleware) as delivered in the STM32Cube package, then:

  • Yes, FreeRTOS should appear as a component in your project SBOM.
  • You can reuse the information from ST’s SBOM (component name, version, license, origin) instead of recreating it.
  • Depending on your tooling, this can be done by importing/merging the ST SBOM, or by manually adding the relevant entries once.

In shortthe ST SBOM is a reference that helps you accurately describe ST‑provided components; it does not replace your project SBOM.

I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

Thank you for your contribution.

Best regards,
Dor_RH

Top