FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does ST provide a software bill of materials (SBOM) for code generated by STM32CubeMX ?

JPetr.1
Associate

‎2022-08-17 10:17 AM - last edited on ‎2025-04-15 11:59 AM by

I'm using STM32F2xx, STM32F4xx, STM32F7xx and STM32L0xx firmware supplied by STM32CubeMX. I need to generate an SBOM for cybersecurity purposes. Can ST provide that or provide documentaiton that can be referenced to generate the SBOM?

Labels:
10 REPLIES 10
Pavel A.
Evangelist III

‎2025-04-15 2:20 PM - edited ‎2025-04-15 2:25 PM

OK so now we have a nice bot-generated manifest of components in the "cube" package. The file for STM32CubeU3

In that, we can find the IDs assigned to the CMSIS, BSPs for Nucleos, original and modified ThreadX libraries.... so much. Some 3rd party commercial libraries there are "evaluation version".

Will this stuff go into a real product firmware? Else, how much this BOM is going to help? Any patch or change or your own will invalidate the manifest reference.

The only genuine component there maybe are the ST device CMSIS files.

0 Kudos
Top