I used STM32F103 in a mix configuration of bare-metal&HAL supplied by STM32CubeMX. I'm not sure ST can provide the documentation that can be referenced to generate the SBOM for cybersecurity purpose. Is there any recommended tool to scan the firmware project folder. If ST is yet to provide a way to auto-generate SBOM for cybersecurity requirement, possible to use manually curated SPDX-based JSON format for machine processing. If anyone had gone through similar process for regulatory review, can you please share the experience? Any inputs/advise would be greatly appreciated. Thank you.
