Integrations
Overview
Helm provides many ways to ensure you have a comprehensive and accurate view of your overall risk that is tailored to your product's particular security posture, enabling you to spend your limited time on the vulnerabilities that matter most.
Current integrations include:
Prerequisites
Valid Helm account with appropriate permissions
API access enabled (contact support to request access)
Helm API
The Helm API allows users to efficiently manage SBOMs, assess vulnerabilities, and generate detailed reports.
Key capabilities
Upload single or multiple SBOMs
Retrieve all vulnerabilities or filter to focus on CISA KEV vulnerabilities
Generate FDA SBOM reports or CycloneDX VEX reports
Identify unmatched SBOM components
Getting started with Helm API
Request API access: Contact us to get access to the Helm API
Generate credentials: Create your API key from the Developers page in Helm.
GitHub action
You can easily integrate Helm into your CI/CD process to streamline and automate the process of creating product versions and uploading SBOMs to Helm. This GitHub action can be used independently or integrated into your existing workflows.
Supported formats:
CycloneDX JSON (SPDX support available upon request)
Benefits:
Efficiency: Automates the labor-intensive process of maintaining SBOMs.
Accuracy and consistency: Ensures every change is reflected in your SBOMs.
Seamless integration: Fits naturally into existing GitHub workflows.
Compliance: Facilitates regulatory requirements and stakeholder transparency.
Microsoft Azure DevOps extension
Our Microsoft Azure DevOps extension enables seamless integration of Helm into your CI/CD workflows, automating the creation of product versions and uploading of SBOMs to Helm.
Benefits
Efficiency: Automates SBOM maintenance, allowing focus on development.
Accuracy and consistency: Ensures every change is reflected in SBOMs.
Seamless integration: Fits naturally into existing Azure DevOps workflows.
Compliance and transparency: Facilitates regulatory adherence and stakeholder transparency.
Configure Azure DevOps integration
AWS integration
We are currently working on this integration and it should be available in a future release.
Configure Amazon Web Services to automate SBOM uploads from S3 buckets and incorporate vulnerability data into your existing AWS workflows.
Planned capabilities
S3 bucket integration for automated SBOM processing
Export vulnerability data to S3 for analysis
Trigger-based operations based on specific criteria
Integration with other AWS security services
Jira Integration
We are currently working on this integration and it should be available in a future release.
Connect Helm with Jira to auto create, track, and update tickets for critical vulnerabilities, streamlining your remediation workflow.
Planned capabilities
Automatic ticket creation for high-priority vulnerabilities
Link vulnerability data to development work items
Track remediation progress from discovery to resolution
Integration with existing project management workflows
Integration best practices
Security considerations
API key management: Store API credentials securely using your platform's secret management
Access control: Limit API access to necessary personnel and systems
Audit logging: Monitor API usage for security and compliance purposes
Workflow optimization
Automation: Configure appropriate triggers for your development workflow
Error Handling: Implement proper error checking and logging in your integrations
Testing: Test integrations in development environments before production deployment
Monitoring: Set up alerts for integration failures or performance issues
Multi-product management
Repository organization: Use reusable workflows for multiple products in the same repository
Version Management: Implement consistent product and version naming conventions
Need help?
Contact our support team for assistance with setting up any of these integrations or to discuss your specific workflow requirements.
Last updated
Was this helpful?