What Is a Bucket?

Today’s software applications are made up of many components that do not originate with the organization that created the application. These include open-source, third-party, or commercial software components that make up ingredients in an application that are not part of the application’s proprietary code. The following topics describe how SBOM Management uses buckets to organize these software components.

The Bucket Concept

In SBOM Management, a bucket is used to store a collection of parts, each part representing one of these open-source, third-party, or commercial software components. The bucket represents the entity or context in which the collection of parts is used in your organization—for example, in a top-level application or in one of its elements, such as module, container, or library. In essence, a bucket is a collection of parts for a given context.

Bucket Hierarchy

Buckets can be nested under other buckets to form a hierarchy. For example, if the bucket you are creating represents a sub-module of an application, you can select the application’s bucket as the parent of the sub-module bucket. This hierarchy establishes relationships between buckets, enabling you to reflect the complexity of a software entity and manage its SBOM both at the top level and at its sub-levels.

Parts From Different Sources in a Bucket

A bucket can contain any combination of the following:

•

Parts that are added directly through an import

•

Parts that are added directly through manual creation

•

Parts that are indirectly associated through child buckets