# Get started with Helm

## Overview

The **Get Started** page in Helm serves as the primary onboarding hub for new and existing users. Whether you're just starting out or looking to enhance your cybersecurity efforts, this page guides you through the essential steps to begin managing your cybersecurity risks effectively.Whether you're just starting out or looking to enhance your cybersecurity efforts, we have the tools and expertise to help you succeed.&#x20;

## Take control of your cybersecurity risk today

### Upload SBOM

Upload CycloneDX, SPDX, or Yocto SBOM to start managing your cybersecurity risks and proactively responding to threats.

**How to get started**

1. Navigate to the products page.
2. Click **Upload SBOM**.
3. Select your SBOM file (CycloneDX, SPDX, or Yocto format).
4. Follow the upload wizard to complete the process.

## Generate SBOM

{% hint style="warning" %}
We are currently working on this tool and it should be available in a future release.
{% endhint %}

Create FDA-compliant SBOMs with our downloadable SBOM generator tool. Supports Windows 11 and Ubuntu 20.x.

## Check FDA readiness

Take our FDA readiness survey to ensure SBOM and vulnerability management compliance and avoid delays.

**Why this matters**

* Identify compliance gaps before submission.
* Get tailored recommendations for improvement.
* Avoid regulatory delays and rejections.

## Expert consultation

Consult with our former FDA reviewers and cybersecurity analysts for specialized guidance on regulatory compliance.

**What you get**

* Access to former FDA policy experts.
* Customized guidance for your device type.
* Support throughout the approval process.

## Integrate into your CI/CD pipeline

Helm provides many ways to ensure you have a comprehensive and accurate view of your overall risk that is tailored to your product's particular security posture, enabling you to spend your limited time on the vulnerabilities that matter most.

### Integrate with our Helm API

Leverage our powerful [Helm API](https://helm.docs.medcrypt.com/automate-and-integrate/api-sdk-documentation) to automatically create product versions, upload SBOMs, retrieve vulnerabilities and unmatched components, as well as generate FDA-ready reports.

**Key capabilities**

* Automated product and version management
* Programmatic SBOM uploads
* Vulnerability data retrieval
* Report generation
* Integration with existing workflows

### Integrate with GitHub action

Use our [GitHub action](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-github-actions) to automatically create product versions, upload SBOMs, retrieve vulnerabilities and unmatched components, as well as generate FDA-ready reports. Requires API access.

**Setup requirements**

* GitHub repository access
* Helm API credentials
* SBOM files in your repository

### Integrate with Microsoft Azure DevOps

Use our [Microsoft Azure DevOps extension](https://helm.docs.medcrypt.com/automate-and-integrate/automate-sbom-management-via-ms-azure-devops-extension) to auto-create product versions, upload SBOMs, retrieve vulnerabilities and unmatched components, as well as generate FDA-ready reports.&#x20;

**Setup requirements**

* Azure DevOps project access
* Helm API credentials
* SBOM files in your pipeline

### Integrate with AWS

{% hint style="warning" %}
We are currently working on this integration and it should be available in a future release.
{% endhint %}

[Configure Amazon Web Services](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-aws) to automate SBOM uploads from S3 buckets and incorporate vulnerability data into your existing AWS workflows.

**Planned features**

* S3 bucket integration
* Automated data export
* AWS service compatibility
* Trigger-based exports

### Integrate with Jira

{% hint style="warning" %}
We are currently working on this integration and it should be available in a future release.
{% endhint %}

[Connect Helm with Jira](https://helm.docs.medcrypt.com/automate-and-integrate/automatically-send-vulnerabilities-to-jira) to auto create, track, and update tickets for critical vulnerabilities, streamlining your remediation workflow.

**Planned features**

* Automatic ticket creation
* Vulnerability tracking

### Get help and get unstuck fast

Access comprehensive guidance to maximize your vulnerability management capabilities and ensure regulatory compliance.

### Quickstart process

Follow step-by-step instructions to upload your first SBOM, analyze vulnerabilities, and implement remediation strategies.

**What's covered**

* Account setup and security configuration
* [Initial SBOM upload process](https://helm.docs.medcrypt.com/get-started/upload-your-first-sbom) and [generation](https://helm.docs.medcrypt.com/get-started/dont-have-an-sbom/generate-cyclonedx-sbom-with-open-source-tools) options.
* Component matching and status resolution
* Vulnerability [analysis](https://helm.docs.medcrypt.com/manage-vulnerabilities/identify-and-prioritize-exploitable-vulnerabilities/understand-issue-severity-level/understand-the-cvss-vulnerability-scoring-system) and [prioritization](https://helm.docs.medcrypt.com/manage-vulnerabilities/identify-and-prioritize-exploitable-vulnerabilities).
* [Leveraging AI-powered guidance](https://helm.docs.medcrypt.com/manage-vulnerabilities/leverage-ai-powered-vulnerability-guidance) and [tech stack detection](https://helm.docs.medcrypt.com/manage-vulnerabilities/leverage-ai-powered-vulnerability-guidance#view-affected-technology-stacks) to identify and resolve vulnerabilities quickly
* [Automated data enrichment features](https://helm.docs.medcrypt.com/automate-and-integrate/automate-and-integrate-risk-prioritization-and-management#auto-enrich-data)
* [Individual and bulk remediation workflows](https://helm.docs.medcrypt.com/manage-vulnerabilities/remediate-vulnerabilities-in-bulk-or-individually)
* [Generating reports](https://helm.docs.medcrypt.com/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports)
* [Integration with CI/CD workflows](https://helm.docs.medcrypt.com/automate-and-integrate/integrations)
* Global search capabilities to quickly assess whether a [component](https://helm.docs.medcrypt.com/manage-sboms/find-out-what-products-contain-a-particular-component) or [vulnerability](https://helm.docs.medcrypt.com/manage-vulnerabilities/check-whether-a-particular-vulnerability-impacts-your-products) is in your portfolio

### Component matching

* [Create alias rules](https://helm.docs.medcrypt.com/match-components/create-and-manage-alias-rules-to-match-and-rematch-components-across-all-products) to auto-match components to known software, or select from match recommendations for a comprehensive risk view.
* [Understand match sources](https://helm.docs.medcrypt.com/match-components/understand-match-sources)
* [Understand match statuses](https://helm.docs.medcrypt.com/match-components/understand-match-statuses)

### Vulnerability prioritization

* [Identify exploitable vulnerabilities](https://helm.docs.medcrypt.com/manage-vulnerabilities/identify-and-prioritize-exploitable-vulnerabilities) by rescoring based on your device's context. Leverage threat intel from CISA KEV and exploit databases.&#x20;
* [Leverage AI guidance](https://helm.docs.medcrypt.com/manage-vulnerabilities/leverage-ai-powered-vulnerability-guidance) for short-term and upgrade recommendations to resolve vulnerabilities quickly.

### Compliance reporting

Generate our proprietary [FDA-ready SBOM](https://helm.docs.medcrypt.com/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports/meet-fda-requirements-with-your-fda-sbom-report), [VEX](https://helm.docs.medcrypt.com/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports/vex-and-vdr-reports), and [VDR](https://helm.docs.medcrypt.com/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports/vex-and-vdr-reports) [reports](https://helm.docs.medcrypt.com/ensure-fda-readiness/fda-ready-sbom-and-vulnerability-reports) to ensure successful regulatory submissions.

## **Ready to get started?**&#x20;

Here are the recommended next steps:

1. [**Start with an SBOM upload**](https://helm.docs.medcrypt.com/get-started/upload-your-first-sbom) to begin analyzing your vulnerabilities.
2. [**Take the FDA readiness survey**](https://docs.google.com/forms/d/e/1FAIpQLSeZT4tpUYIynp4npQNdE50u0NCQNEBIgz6RCoeJoykiIRI__Q/viewform) to understand your compliance status.
3. [**Explore integrations**](https://helm.docs.medcrypt.com/automate-and-integrate/integrations) that fit your development workflow.
4. [**Review our Quickstart process**](https://helm.docs.medcrypt.com/get-started/quickstart-process) for detailed implementation steps.
5. [**Consider expert consultation**](https://www.medcrypt.com/welcome-questionnaire?utm_source=Services) for specialized guidance.

## Experience the Medcrypt difference

Our team of former FDA policy experts and cybersecurity analysts provide comprehensive services throughout the total product lifecycle—from development to post-market monitoring. Combined with Guardian for device provisioning and Helm for vulnerability management, we offer complete support to help you create secure-by-design products and enhance cybersecurity at any lifecycle stage.

* **Assess your cybersecurity maturity:** Evaluate your current security posture, identify gaps, and receive a tailored improvement roadmap from our FDA experts to strengthen your medical device security. [Take this quick survey to get started!](https://docs.google.com/forms/d/e/1FAIpQLSeZT4tpUYIynp4npQNdE50u0NCQNEBIgz6RCoeJoykiIRI__Q/viewform)
* [**Enterprise-grade device security and communication**](https://www.medcrypt.com/solutions/guardian)**:** Secure your connected devices with hardware-backed cryptography. Guardian provides device provisioning and authenticated communication channels to protect IoT devices and ensure data integrity throughout their entire lifecycle.
* [**Explore our FDA expert services**](https://www.medcrypt.com/services/overview)**:** Our comprehensive services have helped clients reduce FDA approval time from 180 to 45-60 days with a 100% approval rate across over 200 projects and more than 60 clients.&#x20;
* **Expert guidance throughout your device lifecycle:** Get expert pre-market guidance on FDA cybersecurity readiness and threat modeling, as well as post-market support for incident response, vulnerability management, and regulatory compliance. [Request a consultation](https://www.medcrypt.com/welcome-questionnaire?utm_source=Helm).

***

## **Need help**?

Our [support team](mailto:support@medcrypt.com) is available to guide you through any aspect of getting started!