Methods Available for Creating an SBOM Part

The following provides information about the methods available for creating an SBOM part manually. You select this method from the How would you like to create your SBOM part? field, as described in Fields Used to Define an SBOM Part, when you create an SBOM part.

Using Component Lookup

When you use the Component Lookup feature to create a missing SBOM part—representing, for example, a top-level item, a direct and transitive dependency, or a container, it processes your criteria to gather a list of component-version-license instances from which you then select the instance you want. To gather component candidates, the Lookup process uses several resources including the SBOM catalog of components, the Revenera Data Library, and external sites. The list of results enables you to associate the SBOM part with the correct component version and license for accurate licensing and security-vulnerability reporting.

Using Freeform Input

At times, you might need to add a part to your SBOM that does not represent a typical self-contained component, but instead represents an individual source or binary file, a code fragment, an image and icon, or a documentation file. This type of item is most likely not available for selection from the Component Lookup. To create an SBOM part that is likely not officially cataloged anywhere, you can provide freeform input to represent the item.