Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Since the announcement, we have announced a number of updates and new releases, but work has continued, and we have several new updates to share about sbom-cve-check.
Tag: yocto
Yocto Wrynose released, Bootlin contributions inside
Yocto Wrynose 6.0 is now released. This is the new Long Term Support release of the Yocto Project and will be maintained until 2030. Bootlin is a very active contributor to the Yocto Project, most notably with Antonin Godard being the official Yocto Project documentation maintainer, and Mathieu Dubois-Briand being a core member of the Yocto SWAT team, but also with other Bootlin engineers who use and deploy Yocto to create optimized and long-term maintainable Linux systems for the embedded devices of our customers. This 6.0 release was no exception, and we were again very active in this release cycle, with over 300 commits authored by Bootlin engineers.
Continue reading “Yocto Wrynose released, Bootlin contributions inside”
sbom-cve-check updates: new release, meta-sbom-cve-check, possible Yocto integration, FOSDEM talk
Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).
Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.
meta-kiss: updates to our simple Yocto layer
Yocto is often seen as fairly complex, and at Bootlin we believe one reason for this perception is the unnecessary complexity of the BSP layers provided by silicon or board vendors, each of which often includes highly custom logic that isn’t needed. That’s why, back in 2023, we released meta-kiss, an example layer demonstrating how simple it can be to support various hardware platforms with Yocto, without relying on any vendor-provided BSP layer.
Since then, we’ve kept this layer up-to-date and added several new features. In this blog post, we’d like to highlight recent significant updates: an upgrade to Yocto Scarthgap, support for the i.MX93 FRDM platform, and the ability to build OP-TEE for the previously supported STM32MP1 platform.
Continue reading “meta-kiss: updates to our simple Yocto layer”
Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM
Today, we are happy to announce the first release of a brand new open-source project: sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Written in Python, with minimal dependencies, and a very simple workflow in mind, sbom-cve-check will parse your SBOM (SPDX v2.2 or SPDX v3.0 currently supported), and using publicly available databases of security vulnerabilities, will generate a report of known security vulnerabilities affecting the software components listed in your SBOM.
This tool will be presented tomorrow, on December 2 at 3:40 PM during the Yocto Project Virtual Summit 2025.12 during a talk titled sbom-cve-check: Lightweight Python tooling for out-of-build CVE analysis of SPDX3 SBOMs, presented by Bootlin engineers Benjamin Robin and Olivier Benjamin.
Continue reading “Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM”
Support for Yocto buildtools added to upstream Kas
Bootlin has recently contributed to the Kas project by adding support for Yocto Project’s Buildtools. In this blog post, we will give an overview of what Kas is, what Buildtools are, why an integration of Buildtools was deemed useful and relevant, and how to use it.
Continue reading “Support for Yocto buildtools added to upstream Kas”
Bootlin Gears Up for ELCE 2025 with 25 Engineers and 8 Talks
This year’s edition of the Embedded Linux Conference Europe will take place as part of the broader Open Source Summit Europe, on August 25–27 in Amsterdam, Netherlands.
As usual, Bootlin will have a strong presence at this major event in the Embedded Linux ecosystem. This year, however, our presence will be especially significant, with no fewer than 25 of our engineers attending and 8 talks given by our team. We’ll also be taking part in several co-located events.
Continue reading “Bootlin Gears Up for ELCE 2025 with 25 Engineers and 8 Talks”
Bootlin talk at Embedded Recipes: “Yocto Project and OpenEmbedded: Recent Changes and Future Directions”
As we previously announced, Bootlin is proud to be a Chef Sponsor of Embedded Recipes 2025. A large part of our team will be attending the event, which takes place on May 14–15 in Nice, France.
We’re also excited to share that Bootlin engineer Antonin Godard will be giving a talk titled Yocto Project and OpenEmbedded: Recent Changes and Future Directions. As the official maintainer of the Yocto Project documentation, Antonin brings a unique perspective on the latest developments and upcoming changes in Yocto/OpenEmbedded. Here is the full abstract of his talk:
The Yocto Project and OpenEmbedded form the foundation of many embedded Linux systems, providing a powerful and flexible build system for custom distributions. In this talk, Antonin Godard, embedded Linux engineer at Bootlin and Yocto Project documentation maintainer, will explore recent developments in the project, including key changes in the latest releases, improvements in tooling. Attendees will gain insights into the future roadmap of Yocto/OpenEmbedded and how these changes impact developers and system integrators. Whether you’re a long-time Yocto user or just getting started, this session will help you stay up to date with the latest advancements in the ecosystem.
There’s still time to secure your seat at Embedded Recipes—don’t miss this unique single-track conference that fosters deep technical exchange and networking. And of course, take advantage of the beautiful spring weather in Nice while you’re there!
Linux kernel driver and Yocto training courses now on BeaglePlay
Last summer, we announced the availability of our Embedded Linux course on the BeaglePlay platform.
Today, we are happy to announce the publication of our Linux kernel driver development and Yocto Project/OpenEmbedded system development courses also ported on the BeaglePlay platform.
Continue reading “Linux kernel driver and Yocto training courses now on BeaglePlay”
Yocto 5.0 Scarthgap released, Bootlin contributions inside
The latest release of the Yocto Project, version 5.0, code named Scarthgap has been published a few days ago. The release notes provide the best summary of what’s new in this release. Being a Long Term Support (LTS) release, it will be maintained during 4 years with bug fixes and security updates, which makes this release particularly important for a large number of embedded Linux projects and products.
At Bootlin, we are using Yocto for a large fraction of the Linux Board Support Packages that we develop, maintain and upgrade for our customers. But we’re not only users of Yocto: we’re also contributors and maintainers. In this blog post, we’ll highlight our contributions to this release, which take various forms.
Continue reading “Yocto 5.0 Scarthgap released, Bootlin contributions inside”