API SDK documentation

Access to the Helm API is now available for users.

Need C#? Our C# SDK is currently in feature preview. If you'd like to use this instead of our Python SDK, contact us.

Download Helm API SDK

API details

The Helm API SDK enables you to automate API calls to the Helm application. It is currently available as a Python SDK. The Medcrypt Helm API is in protobuf, with the API SDK providing Python bindings as well as helper bash scripts with which to call the SDK.

SDK Version: 2.74.2
Download the API SDK file below, then verify that the MD5 checksum is `b65e44c7c6c11b740237a146b044f91e . Note that our API documentation is hosted on Gitbook, thus you will see an interim page that Gitbook is verifying the safety of this file -- this page unfortunately does not go away, but your file will complete downloading successfully.

Start using the Helm API

Once you have been granted access to our Helm API, you'll need to download our API SDK, then generate your API key to make calls to the API.

To do so:

Click the Developers option on the sidebar. This will display the Developers page.
If you haven't followed the download instructions in the section above yet, do so now. If you're in the UI, you can also click the Get API SDK button (which will take you to this page).
Click the attached file in the section above to download it. Note that the Gitbook file security verification page does not go away, but the file does download successfully.
Verify that the SDK MD5 checksum is 550bee6dd3d7a5d80e5fb72bcebf16bc
After uncompressing this file, you will find a readme.txt document that contains the rest of the steps to execute the API.
Make sure that you have the Python libraries that are in the requirements.txt file installed before continuing.
In the Helm UI, you'll see your API user name which is also the Helm email address that you have API access for. This will be your client_id that you will update in the scripts in the next steps.
In the Helm UI, click Generate API key. This will be your client_secret that you will update in the scripts in the next steps.
We'll now switch over to the command line. From the command line, cd to the directory api/run. You'll need to update client_id, client_secret, and other parameters in three scripts: run_upload_sbom.sh, run_unmatched_sbom_entries.sh, and run_vuln_list.sh.
In the run_upload_sbom.sh script, update your client_id and client_secret.
Specify any other necessary parameters in this file. Refer to each script for specific parameters to update.
Run ./run_upload_sbom.
Repeat steps 10-12 for the run_unmatched_sbom_entries.sh and run_vuln_list.sh scripts.

API methods

These are the API methods and definitions available in this API.

listorganizations: Lists the organizations that the user has access to.
listorganizationproducts: Lists the products a given organization has.
listorganizationproductversions: Lists the product versions of a particular product for that organization.
createorganizationproduct: Creates a new product under that organization with the provided product name. The user will have access to this product.
createorganizationproductversions: Creates a new product version under a selected product with the provided version name.
submitsbom:
- Uploads an SBOM provided in the --sbom_files parameter.
- Allows the user to upload an SBOM under an existing product and product version.
- Users can create a new product, product version, and upload an SBOM under this new version.

Command line parameters

These are the parameters you'll use when calling the API from the command line.

--client_id: This is your API account username. In the Helm UI, this is the API user name.
--client_secret: This is your API key that you will generate from the Helm UI.
--sbom_files: This is the path to the SBOM file on your system.
--product_name: This is the name of the product that you want to create a version for.
--version: This is the product version that you want to create and upload an SBOM for.
--api-url: This is the API URL provided by Medcrypt.
--file_type: This is the file type you'll be uploading. It only needs to be set if you are uploading a SPDX SBOM. If so, set to SPDX.
--start_date: This is the start date at which to begin filtering vulnerabilities.
--end_date: This is the end date at which to begin filtering vulnerabilities.

PreviousHow do I read a CPE string?NextManage users

Last updated 1 month ago

Download Helm API SDK

API details

SDK Version: 2.74.2

Download the API SDK file below, then verify that the MD5 checksum is `b65e44c7c6c11b740237a146b044f91e . Note that our API documentation is hosted on Gitbook, thus you will see an interim page that Gitbook is verifying the safety of this file -- this page unfortunately does not go away, but your file will complete downloading successfully.

Start using the Helm API

Once you have been granted access to our Helm API, you'll need to download our API SDK, then generate your API key to make calls to the API.

To do so:

Click the Developers option on the sidebar. This will display the Developers page.

If you haven't followed the download instructions in the section above yet, do so now. If you're in the UI, you can also click the Get API SDK button (which will take you to this page).

Click the attached file in the section above to download it. Note that the Gitbook file security verification page does not go away, but the file does download successfully.

Verify that the SDK MD5 checksum is 550bee6dd3d7a5d80e5fb72bcebf16bc

After uncompressing this file, you will find a readme.txt document that contains the rest of the steps to execute the API.

Make sure that you have the Python libraries that are in the requirements.txt file installed before continuing.

In the Helm UI, you'll see your API user name which is also the Helm email address that you have API access for. This will be your client_id that you will update in the scripts in the next steps.

In the Helm UI, click Generate API key. This will be your client_secret that you will update in the scripts in the next steps.

We'll now switch over to the command line. From the command line, cd to the directory api/run. You'll need to update client_id, client_secret, and other parameters in three scripts: run_upload_sbom.sh, run_unmatched_sbom_entries.sh, and run_vuln_list.sh.

In the run_upload_sbom.sh script, update your client_id and client_secret.

Specify any other necessary parameters in this file. Refer to each script for specific parameters to update.

Run ./run_upload_sbom.

Repeat steps 10-12 for the run_unmatched_sbom_entries.sh and run_vuln_list.sh scripts.

API methods

These are the API methods and definitions available in this API.

listorganizations: Lists the organizations that the user has access to.

listorganizationproducts: Lists the products a given organization has.

listorganizationproductversions: Lists the product versions of a particular product for that organization.

createorganizationproduct: Creates a new product under that organization with the provided product name. The user will have access to this product.

createorganizationproductversions: Creates a new product version under a selected product with the provided version name.

submitsbom:

Uploads an SBOM provided in the --sbom_files parameter.
Allows the user to upload an SBOM under an existing product and product version.
Users can create a new product, product version, and upload an SBOM under this new version.

Command line parameters

These are the parameters you'll use when calling the API from the command line.

--client_id: This is your API account username. In the Helm UI, this is the API user name.

--client_secret: This is your API key that you will generate from the Helm UI.

--sbom_files: This is the path to the SBOM file on your system.

--product_name: This is the name of the product that you want to create a version for.

--version: This is the product version that you want to create and upload an SBOM for.

--api-url: This is the API URL provided by Medcrypt.

--file_type: This is the file type you'll be uploading. It only needs to be set if you are uploading a SPDX SBOM. If so, set to SPDX.

--start_date: This is the start date at which to begin filtering vulnerabilities.

--end_date: This is the end date at which to begin filtering vulnerabilities.