Step 1: Create a Bucket

The first step in creating an SBOM is to define a bucket. A bucket is a “bag of parts”, where the “bag” represents an entity composed of or containing software. For example, the entity can represent an application, a device containing software, a sub-module of an application, a large OSS component (such as Linux), or a suite of applications. The “parts” represent the open-source, third-party, and commercial software components used by the entity.

A bucket can be nested under another bucket to form a hierarchy. For example, if the bucket you are creating represents a sub-module of an application, you can select the application’s bucket as the parent of the sub-module bucket. This hierarchy establishes relationships between buckets, enabling you to create and manage an SBOM for a software entity and all its sub-entities. Although this walk-through does not set up a hierarchy, you can find more information in Managing Buckets.

To create a bucket:

1.

Open the Manage Buckets page (SBOM Management > Manage Buckets).

2.

Click the Create Bucket button to open the Create Bucket slideout.

3.

From the Type dropdown list, select the type of entity for which you are creating an SBOM. (In other words, select the type of entity or context in which the open-source, third-party, or commercial software components to be collected in the bucket are used.)

For example, select Application if you are creating an SBOM for a software application. Or select Container if you are creating an SBOM for files in a software container such as a Docker container. For a detailed description of the various bucket types, see Managing Buckets.

4.

In the Name field, provide a name for the bucket that is unique within the SBOM Management Organization to which you belong.

5.

(Optional) Enter Description content for the bucket.

6.

Click Save to save the bucket and add it to the grid on the Manage Buckets page.

You can now add SBOM parts to the bucket. See Step 2: Add SBOM Parts to the Bucket.