Create and manage lifecycle rules to automate EOS and EOL information across all products

Overview

Lifecycle rules ensure consistency across your product portfolio by automatically applying Level of Support and End-of-Life (EOL)/End-of-Support (EOS) information to components in all current and future SBOMs. Administrators can create lifecycle rules in Helm's Rules manager to streamline compliance with FDA cybersecurity requirements.

Each rule defines conditions based on supplier name, component name, and component version and applies specified lifecycle information when all conditions are met. These rules take precedence over user-provided lifecycle data and can be reordered by dragging and dropping in the Lifecycle Rules list. The applied information is included in your FDA SBOM report, ensuring accuracy and automation.

Benefits of lifecycle rules

• Streamline FDA compliance: Automatically include required lifecycle information in FDA reports

• Ensure consistency: Apply the same lifecycle data across your entire product portfolio

• Save time: Update lifecycle information once and have it apply everywhere

• Improve accuracy: Eliminate manual data entry errors with automated rules

• Maintain flexibility: Easily adjust rules as product lifecycle information changes

Understanding the impact of lifecycle rules

When lifecycle rules are applied, they affect:

• Existing SBOMs: All previously uploaded SBOMs will have the lifecycle information applied

• Future SBOMs: Any new uploads will automatically have the rules applied

• FDA SBOM reports: The lifecycle information will be included in FDA compliance reports

• User-provided data: Rules take precedence over any manually entered lifecycle information

Add lifecycle rule

1. Click the Add lifecycle rule button. This will switch you to the Edit rules mode.

2. For each condition, make sure that the Enabled switch is turned on (is blue).

3. Set each condition by selecting the corresponding field and comparator, then specifying the expected matching value. As you add conditions, the rule name will be automatically updated in the following format, provided that particular condition is set:

   • Standard format: [Supplier name]/[Component name]/[Version].

   • Version range format: For version ranges, the name will reflect the conditions specified in the following format: [Supplier name]/[Component name] [less than 10.1], such as Google Chrome less than 10.1.

   • You cannot currently edit rule names. If this is important to you, let us know!

4. To add additional version conditions, click Add version condition. Each condition uses AND logic, so everything must be true for the effects to apply.

5. You can set the version as either an exact match or set conditions for a version range.

   • For an exact match, set the version as is equal to.

   • For version ranges, you can set the following conditions: is less than and/or is greater than.

   • You can specify either a version exact match or up to two version conditions for a version range.

6. Set each effect below the conditions by selecting the corresponding field, comparator, then specifying the expected matching value.

   • For Level of support and EOS/EOL (end-of-support and end-of-life) information, you can specify either is equal to date, then select a specific date, or set it as is equal to text, then provide the respective text value.

7. When finished adding rules, updating rules, and/or changing rule priority, click Save & apply lifecycle rules. Note that unsaved changes will only persist during your Helm session, so make sure to save and apply anything you don't want to be discarded.

After you confirm these changes, Helm will apply them to existing and future SBOMs.

Set priority order of lifecycle rules

Lifecycle rules are applied according to their position on the rules list.

1. Drag-and-drop them higher to increase their priority or lower to decrease their priority.

2. Click Save & apply changes. This will apply any changes you have made, including adding new rules, marking rules for deletion, and reprioritizing.

Edit lifecycle rule

1. Click the Edit rules toggle button to edit rules.

2. Make any modifications to conditions and/or actions to perform.

3. To change rule priority, click the drag icon next to the rule name to drag it to a different position in the list. Rule priority is determined by the order of the rules in the list. If multiple rules impact a component, the one highest in the list takes precedence.

4. To delete a rule, click the Delete action. You will be prompted to confirm, but this deletion will not take effect before you click Save & apply on the main rules list.

5. When you're finished making changes, click Save & apply lifecycle rules. Note that unsaved changes will only persist during your Helm session, so make sure to save and apply anything you don't want to be discarded.

6. After you confirm these changes, Helm will apply them to existing and future SBOMs.

Delete lifecycle rule

Deleted rules will be unapplied from existing SBOMs, and will not be applied to future SBOMs. You cannot recover a deleted rule.

1. Click the Rules item in the sidebar.

2. Click the Lifecycle rules tab.

3. Click Mark for deletion on the lifecycle rules you want to delete.

4. If you need to change priority of any rules as a result of these impending deletions, drag-and-drop the respective rules higher or lower in the list.

5. Click Save & apply changes button. This will display a confirmation panel showing the impact of your potential deletions across your portfolio.

6. If you are deleting the only rule you have, you will be prompted to confirm applying all unsaved changes. In that case, you'll now see a blank rule, so that you can add more rules in the future.

7. Confirm your changes. You'll see a success notification that the rule will no longer be applied to existing or future SBOMs.

Troubleshooting and best practices

• Rule naming: You cannot currently edit rule names. They are automatically generated based on conditions.

• Rule conflicts: When multiple rules could apply to the same component, the rule higher in the list takes precedence.

• Session persistence: Always save your changes before navigating away, as unsaved changes will be lost.

• Verification: After applying rules, check a sample of components to verify the rules are working as expected.