Skip to main content
Z
Zainulabedeen
Associate III
November 5, 2025
Solved

Generating SBOM for STM32 firmware projects

  • November 5, 2025
  • 3 replies
  • 254 views

I want to generate an SBOM (Software Bill of Materials) for my STM32 firmware project, specifically targeting the STM32H733 microcontroller. I have tried searching for guides or examples of how others have done this for similar projects, but I haven’t been able to find any detailed resources. Any guidance or references on generating an SBOM for my firmware project would be greatly appreciated.

Best answer by Dor_RH

Hello @Zainulabedeen

The SBOM for STM32CubeH7 firmware package version 1.12.1, which supports the STM32H733 microcontroller, is available now on GitHub. You can access it here: https://github.com/STMicroelectronics/STM32CubeH7

I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

Thank you for your contribution.

Best regards,
Dor_RH

3 replies

Andrew Neil
Andrew Neil
Super User
November 5, 2025

Does this help?

STM32Cube software is ready for automated SBOM & security processes with Black Duck tools.

A complex system that works is invariably found to have evolved from a simple system that worked.A complex system designed from scratch never works and cannot be patched up to make it work.
Z
ZainulabedeenAuthor
Associate III
November 5, 2025

I am currently looking for a solution that works now, as I believe the link you shared refers to a planned feature that isn’t yet implemented for STM32H7. I’m interested in learning what approaches others have used—either currently or in the past—to generate an SBOM for their STM32-based firmware projects ?

D
Dor_RHBest answer
ST Employee
November 11, 2025

Hello @Zainulabedeen

The SBOM for STM32CubeH7 firmware package version 1.12.1, which supports the STM32H733 microcontroller, is available now on GitHub. You can access it here: https://github.com/STMicroelectronics/STM32CubeH7

I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

Thank you for your contribution.

Best regards,
Dor_RH

    YahyaYozo
    YahyaYozo
    Associate
    March 4, 2026

    Hello @Dor_RH 

    I'm new to SBOM generation, and I need some help. In what way should I use the SBOM of the ST firmware package? Does it mean if I'm using Freertos in my project, I need to copy the freertos component from ST cube SBOM manually?

    BR,
    Yahya

    Separate thread with the same question: Best practices for generating SBOM

    D
    Dor_RH
    ST Employee
    March 5, 2026

    Hello @YahyaYozo,

    The SBOM provided with the STM32Cube firmware describes all the components in the package, including third‑party components included in the ST package (FreeRTOS, FatFS, lwIP, etc.).

    For your own product, you should maintain your own SBOM that lists all components you actually use. If you are using FreeRTOS (or any other middleware) as delivered in the STM32Cube package, then:

    • Yes, FreeRTOS should appear as a component in your project SBOM.
    • You can reuse the information from ST’s SBOM (component name, version, license, origin) instead of recreating it.
    • Depending on your tooling, this can be done by importing/merging the ST SBOM, or by manually adding the relevant entries once.

    In shortthe ST SBOM is a reference that helps you accurately describe ST‑provided components; it does not replace your project SBOM.

    I hope my answer has been helpful. When your question is resolved, please mark this topic as the solution. This will help others find the answer more quickly.

    Thank you for your contribution.

    Best regards,
    Dor_RH

      Terms & ConditionsAccessibility statement