API SDK documentation
Access to the Helm API is now available for users.
Need C#? Our C# SDK is currently in feature preview. If you'd like to use this instead of our Python SDK, contact us.
Contact us if you would like access to our Helm API.
Download Helm API SDK
API details
The Helm API SDK enables you to automate API calls to the Helm application. It is currently available as a Python SDK. The Medcrypt Helm API is in protobuf, with the API SDK providing Python bindings as well as helper bash scripts with which to call the SDK.
SDK Version:
2.74.2
Download the API SDK file below, then verify that the MD5 checksum is `b65e44c7c6c11b740237a146b044f91e . Note that our API documentation is hosted on Gitbook, thus you will see an interim page that Gitbook is verifying the safety of this file -- this page unfortunately does not go away, but your file will complete downloading successfully.
Start using the Helm API
Once you have been granted access to our Helm API, you'll need to download our API SDK, then generate your API key to make calls to the API.
To do so:
Click the Developers option on the sidebar. This will display the Developers page.
If you haven't followed the download instructions in the section above yet, do so now. If you're in the UI, you can also click the Get API SDK button (which will take you to this page).
Click the attached file in the section above to download it. Note that the Gitbook file security verification page does not go away, but the file does download successfully.
Verify that the SDK MD5 checksum is
550bee6dd3d7a5d80e5fb72bcebf16bc
After uncompressing this file, you will find a
readme.txt
document that contains the rest of the steps to execute the API.Make sure that you have the Python libraries that are in the
requirements.txt
file installed before continuing.In the Helm UI, you'll see your API user name which is also the Helm email address that you have API access for. This will be your
client_id
that you will update in the scripts in the next steps.In the Helm UI, click Generate API key. This will be your
client_secret
that you will update in the scripts in the next steps.We'll now switch over to the command line. From the command line,
cd
to the directoryapi/run
. You'll need to updateclient_id
,client_secret,
and other parameters in three scripts:run_upload_sbom.sh
,run_unmatched_sbom_entries.sh
, andrun_vuln_list.sh
.In the
run_upload_sbom.sh
script, update yourclient_id
andclient_secret
.Specify any other necessary parameters in this file. Refer to each script for specific parameters to update.
Run
./run_upload_sbom
.Repeat steps 10-12 for the
run_unmatched_sbom_entries.sh
andrun_vuln_list.sh
scripts.
API methods
These are the API methods and definitions available in this API.
listorganizations: Lists the organizations that the user has access to.
listorganizationproducts: Lists the products a given organization has.
listorganizationproductversions: Lists the product versions of a particular product for that organization.
createorganizationproduct: Creates a new product under that organization with the provided product name. The user will have access to this product.
createorganizationproductversions: Creates a new product version under a selected product with the provided version name.
submitsbom:
Uploads an SBOM provided in the
--sbom_files
parameter.Allows the user to upload an SBOM under an existing product and product version.
Users can create a new product, product version, and upload an SBOM under this new version.
Command line parameters
These are the parameters you'll use when calling the API from the command line.
--client_id
: This is your API account username. In the Helm UI, this is the API user name.--client_secret
: This is your API key that you will generate from the Helm UI.--sbom_files
: This is the path to the SBOM file on your system.--product_name
: This is the name of the product that you want to create a version for.--version:
This is the product version that you want to create and upload an SBOM for.--api-url
: This is the API URL provided by Medcrypt.--file_type
: This is the file type you'll be uploading. It only needs to be set if you are uploading a SPDX SBOM. If so, set toSPDX
.--start_date
: This is the start date at which to begin filtering vulnerabilities.--end_date
: This is the end date at which to begin filtering vulnerabilities.
Last updated