diff --git a/components/newlib/sbom.yml b/components/newlib/sbom.yml
new file mode 100644
index 0000000000..f0fee87255
--- /dev/null
+++ b/components/newlib/sbom.yml
@@ -0,0 +1,6 @@
+name: 'newlib'
+version: '4.3.0'
+cpe: cpe:2.3:a:newlib_project:newlib:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: Red Hat Incorporated'
+description: An open-source C standard library implementation with additional features and patches from Espressif.
diff --git a/components/newlib/test_apps/newlib/pytest_newlib.py b/components/newlib/test_apps/newlib/pytest_newlib.py
index 5fd6c062c5..4569c93f08 100644
--- a/components/newlib/test_apps/newlib/pytest_newlib.py
+++ b/components/newlib/test_apps/newlib/pytest_newlib.py
@@ -1,10 +1,36 @@
 # SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: CC0-1.0
 
+import subprocess
+from os import path
+
 import pytest
+import yaml
 from pytest_embedded import Dut
 
 
+def validate_sbom(dut: Dut) -> None:
+    dirname = path.dirname(path.abspath(__file__))
+    sbom_file = path.join(path.dirname(path.dirname(dirname)), 'sbom.yml')
+    gcc_input_file = path.join(dirname, 'test_sbom', 'newlib_version.c')
+    gcc = 'riscv32-esp-elf-gcc'
+    if dut.target in dut.XTENSA_TARGETS:
+        gcc = f'xtensa-{dut.target}-elf-gcc'
+    gcc_process = subprocess.run(f'{gcc} -E {gcc_input_file}',
+                                 shell=True,
+                                 stdout=subprocess.PIPE,
+                                 stderr=subprocess.PIPE,
+                                 text=True,
+                                 check=True)
+    output_lines = gcc_process.stdout.splitlines()
+    assert output_lines, 'Can not get newlib version'
+    toolchain_newlib_version = output_lines[-1].replace(' ', '.')
+    with open(sbom_file, 'r', encoding='utf-8') as yaml_file:
+        sbom_newlib_version = yaml.safe_load(yaml_file).get('version')
+        assert sbom_newlib_version, 'Can not get newlib version from sbom.yml'
+        assert toolchain_newlib_version == sbom_newlib_version, 'toolchain_newlib_version != sbom_newlib_version'
+
+
 @pytest.mark.generic
 @pytest.mark.parametrize(
     'config',
@@ -19,4 +45,5 @@ from pytest_embedded import Dut
     indirect=True
 )
 def test_newlib(dut: Dut) -> None:
+    validate_sbom(dut)
     dut.run_all_single_board_cases()
diff --git a/components/newlib/test_apps/newlib/test_sbom/newlib_version.c b/components/newlib/test_apps/newlib/test_sbom/newlib_version.c
new file mode 100644
index 0000000000..18c2290fbc
--- /dev/null
+++ b/components/newlib/test_apps/newlib/test_sbom/newlib_version.c
@@ -0,0 +1,7 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense OR CC0-1.0
+ */
+#include <_newlib_version.h>
+__NEWLIB__ __NEWLIB_MINOR__ __NEWLIB_PATCHLEVEL__