# Integrations

## Overview

Helm provides many ways to ensure you have a comprehensive and accurate view of your overall risk that is tailored to your product's particular security posture, enabling you to spend your limited time on the vulnerabilities that matter most. 

Current integrations include:

* [Helm API](https://helm.docs.medcrypt.com/automate-and-integrate/api-sdk-documentation)
* [GitHub action](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-github-actions)
* [Microsoft Azure DevOps](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-ms-azure-devops-extension)
* [Jira](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-jira) (coming soon)
* [AWS](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-aws) (coming soon)

## Prerequisites

* Valid Helm account with appropriate permissions
* API access enabled ([contact support](mailto:support@medcrypt.com) to request access)

## Helm API

The [Helm API](https://helm.docs.medcrypt.com/automate-and-integrate/api-sdk-documentation) allows users to efficiently manage SBOMs, assess vulnerabilities, and generate detailed reports. 

### **Key capabilities**

* Upload single or multiple SBOMs
* Retrieve all vulnerabilities or filter to focus on CISA KEV vulnerabilities
* Generate FDA SBOM reports or CycloneDX VEX reports
* Identify unmatched SBOM components

### **Getting started with Helm API**

1. **Request API access:** [Contact us](mailto:support@medcrypt.com) to get access to the Helm API
2. [**Download the SDK** ](https://helm.docs.medcrypt.com/api-sdk-documentation#step-1-download-the-api-sdk-above)
3. **Generate credentials:**  Create your API key from the **Developers** page in Helm.
4. [**Configure scripts**](https://helm.docs.medcrypt.com/api-sdk-documentation#step-4-configure-sdk-scripts) 

## GitHub action

You can easily integrate Helm into your CI/CD process to streamline and automate the process of creating product versions and uploading SBOMs to Helm. This GitHub action can be used independently or integrated into your existing workflows.

**Supported formats:**

* CycloneDX JSON (SPDX support available upon request)

### **Benefits:**

* **Efficiency**: Automates the labor-intensive process of maintaining SBOMs.
* **Accuracy and consistency**: Ensures every change is reflected in your SBOMs.
* **Seamless integration**: Fits naturally into existing GitHub workflows.
* **Compliance**: Facilitates regulatory requirements and stakeholder transparency.

[Set up GitHub action](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-github-actions)

## Microsoft Azure DevOps extension

Our [Microsoft Azure DevOps extension](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-ms-azure-devops-extension) enables seamless integration of Helm into your CI/CD workflows, automating the creation of product versions and uploading of SBOMs to Helm.

### **Benefits**

* **Efficiency**: Automates SBOM maintenance, allowing focus on development.
* **Accuracy and consistency**: Ensures every change is reflected in SBOMs.
* **Seamless integration**: Fits naturally into existing Azure DevOps workflows.
* **Compliance and transparency**: Facilitates regulatory adherence and stakeholder transparency.

[Configure Azure DevOps integration](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-ms-azure-devops-extension)

## AWS integration

{% hint style="warning" %}
We are currently working on this integration and it should be available in a future release.
{% endhint %}

[Configure Amazon Web Services](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-aws) to automate SBOM uploads from S3 buckets and incorporate vulnerability data into your existing AWS workflows.

### **Planned capabilities**

* S3 bucket integration for automated SBOM processing
* Export vulnerability data to S3 for analysis
* Trigger-based operations based on specific criteria
* Integration with other AWS security services

## Jira Integration

{% hint style="warning" %}
We are currently working on this integration and it should be available in a future release.
{% endhint %}

[Connect Helm with Jira](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-jira) to auto create, track, and update tickets for critical vulnerabilities, streamlining your remediation workflow.

### **Planned capabilities**

* Automatic ticket creation for high-priority vulnerabilities
* Link vulnerability data to development work items
* Track remediation progress from discovery to resolution
* Integration with existing project management workflows

## Integration best practices

### Security considerations

* **API key management**: Store API credentials securely using your platform's secret management
* **Access control**: Limit API access to necessary personnel and systems
* **Audit logging**: Monitor API usage for security and compliance purposes

### Workflow optimization

* **Automation**: Configure appropriate triggers for your development workflow
* **Error Handling**: Implement proper error checking and logging in your integrations
* **Testing**: Test integrations in development environments before production deployment
* **Monitoring**: Set up alerts for integration failures or performance issues

### Multi-product management

* **Repository organization**: Use reusable workflows for multiple products in the same repository
* **Version Management**: Implement consistent product and version naming conventions

***

## **Need help?** 

[Contact our support team](mailto:support@medcrypt.com) for assistance with setting up any of these integrations or to discuss your specific workflow requirements.