Automate and integrate risk prioritization and management

Helm provides many ways to ensure you have a comprehensive and accurate view of your overall risk that is tailored to your product's particular security posture, enabling you to spend your limited time on the vulnerabilities that matter most.

Bulk rescoring, remediation, & patching

• Comprehensive bulk rescoring capabilities: Rescore vulnerabilities at multiple levels according to your product's security posture, ensuring you're focusing on the most exploitable vulnerabilities:

  • Rescore selected vulnerabilities across your entire product portfolio (multiple products and versions)

  • Rescore all vulnerabilities within a single product version

  • Rescore vulnerabilities across selected components within a product version

  • Toggle on auto-update to automatically rescore vulnerabilities that have exploitability and fixability changes across any of these rescoring levels

• Bulk vulnerability remediation: Remediate vulnerabilities en masse across one or more products or components.

• Bulk Windows patching: Patch Windows vulnerabilities en masse across a product version or multiple products by aligning digital KB patch levels with their physical device counterparts, or by leveraging our Windows KB patch recommendations.

Bulk component management and automation

• Bulk component lifecycle updates: Create automated lifecycle rules to ensure consistent Level of support and EOS/EOL information across products.

• Bulk component editing: Edit level of support, EOS/EOL, and license information across multiple components simultaneously for efficient SBOM maintenance.

Auto-enrich data

• Automated lifecycle rules: Set rules to automatically update component Level of support and EOS/EOL information across all products, ensuring consistency and regulatory compliance.

• Automatic vulnerability updates: All vulnerabilities are automatically updated with severity and exploitability information.

• On-demand license enrichment: Reload components to automatically add missing licenses (only for components that do not already have associated licensing information), ensuring you're not missing valuable license risk that could even impact your IP.

• Automatic CPE/PURL enrichment: If we identify inaccurate CPEs or PURLs in your SBOM, Helm will attempt to provide an enriched CPE or PURL that matches to the correct software. You can override this default if desired, though this is not recommended.

• Auto-rescore vulnerabilities: Auto-rescore all vulnerabilities that have exploitability or fixability updates.

• Ubuntu patching automation: Any Ubuntu vulnerabilities that have already been fixed in your current version are automatically shown as patched.

Automate and integrate

• Component alias automation: For components we're unable to match, you can create aliases to automatically match these to known software for future SBOMs.

• API automation: Use our Helm API to automate many tasks, such as creating product versions, uploading SBOMs, returning all vulnerabilities and generating reports, as well as returning only unmatched components or only CISA KEV vulnerabilities.

• CI/CD integration:

  • Integrate our GitHub action your CI/CD process or use it independently to automate product version creation and SBOM uploads.

  • Integrate our Microsoft Azure DevOps extension into your CI/CD pipeline to automate product version creation and SBOM uploads.

Compliance and reporting

• Export your FDA-ready SBOM to ensure you have everything you need for FDA submission.

• Export FDA-ready SBOM, VEX, and VDR reports to meet compliance and regulatory requirements.