diff --git a/meta/classes/sbom-cve-check-recipe.bbclass b/meta/classes/sbom-cve-check-recipe.bbclass
new file mode 100644
index 0000000000..904ce57f5c
--- /dev/null
+++ b/meta/classes/sbom-cve-check-recipe.bbclass
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: MIT
+
+# Perform CVE analysis on recipe SBOMs using sbom-cve-check.
+#
+# This will analyse the entire SBOM for the recipe, so the recipe itself and
+# all of the dependencies. It is expected that for most purposes
+# sbom-cve-check.bbclass is preferred as that will analyse what is deployed
+# in an image.
+
+inherit sbom-cve-check-common
+
+python do_sbom_cve_check_recipe() {
+    """
+    Task: Run sbom-cve-check analysis on a recipe SBOM.
+    """
+    sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${SPDX_RECIPE_SBOM_NAME}.spdx.json")
+    recipe = d.getVar("SPDX_RECIPE_SBOM_NAME")
+    run_sbom_cve_check(d, sbom_path, recipe)
+}
+
+addtask do_sbom_cve_check_recipe after do_create_recipe_sbom
+
+SSTATETASKS += "do_sbom_cve_check_recipe"
+do_sbom_cve_check_recipe[cleandirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}"
+do_sbom_cve_check_recipe[sstate-inputdirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}"
+do_sbom_cve_check_recipe[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}"
+do_sbom_cve_check_recipe[depends] += " \
+    python3-sbom-cve-check-native:do_populate_sysroot \
+    ${SBOM_CVE_CHECK_UPDATE_DB_DEPENDENCIES} \
+"
+
+python do_sbom_cve_check_recipe_setscene() {
+    sstate_setscene(d)
+}
+addtask do_sbom_cve_check_recipe_setscene