Yocto Project Summit 2024.12

SBOM generation for Yocto-based systems
2024-12-05 , kirkstone

A Software Bill of Materials (SBOM) is an inventory of all software components and dependencies in a system, essential for vulnerability management, risk assessment, and ensuring timely updates.

This conference will focus on practical strategies and tools for generating SBOMs in systems built with the Yocto Project, highlighting the latest improvements brought by the Scarthgap release. Participants will gain insights into both automated SBOM generation tools tailored for Yocto environments.


In this conference, we will dive deeper into practical methods for generating the Software Bill of Materials (SBOMs) of Yocto-based systems, with a specific focus on the latest Scarthgap release.

Attendees will learn how to:
✅ utilize automated SBOM generation tools as well as manual tracking methods, both designed specifically for Yocto environments
✅ manage open-source and third-party components,
✅ improve vulnerability management processes,
✅ and secure the software supply chain for embedded systems.

See also:

Pierre GAL has been supporting equipment manufacturers with Witekio for 20 years, starting as an embedded software developer. He is now leading The Embedded Kit, a software product brand which aims at giving OEMs all the tools and knowledge they need to build, connect, test, and secure their embedded Linux systems without vendor lock-in.