diff --git a/cve_bin_tool/sbom_manager/generate.py b/cve_bin_tool/sbom_manager/generate.py
index aa377bfb21..fea94c3a87 100644
--- a/cve_bin_tool/sbom_manager/generate.py
+++ b/cve_bin_tool/sbom_manager/generate.py
@@ -1,6 +1,7 @@
 # Copyright (C) 2024 Intel Corporation
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import hashlib
 from logging import Logger
 from pathlib import Path
 from typing import Optional
@@ -113,6 +114,10 @@ def generate_sbom(self) -> None:
                     product_data
                 ].get("paths"):
                     for path in self.all_cve_data[product_data]["paths"]:
+                        with open(path.split()[0], "rb") as f:
+                            file_data = f.read()
+                        sha256_hash = hashlib.sha256(file_data)
+                        my_package.set_checksum("SHA256", sha256_hash.hexdigest())
                         if self.strip_scan_dir:
                             evidence = strip_path(path, self.sbom_root)
                         else: