What Is an SBOM Part?

Buckets are a collection of SBOM parts, which represent the open-source, third-party, and commercial ingredients in a software application. An SBOM part can represent entities such as the following and more:

•

An operating system, such as Linux, containing over 60K files

•

An individual file

•

A single binary

•

A source bundle for an open-source component

•

A fragment of code

Methods for Adding Parts to Buckets

In SBOM Management, you add SBOM parts to a bucket by importing them from one or more SBOM data sources or by manually creating parts for the bucket. Manually creating and editing SBOM parts for a bucket enable you to refine your SBOM.

Linked or Related Parts

Parts within an SBOM, and even across multiple SBOMs, can be related to each other through links of various types, including dependencies, “related to” or “found inside” relationships, and other relationship types. When you manually create a part in SBOM Management, you can link it to another part in the same bucket through a link type used to identify the dependency or relationship between the two parts.