LogoLogo
Get FDA readyServicesSolutionsGuardian helpGet a demo
  • Helm help center home
  • Get Started
    • Helm features
    • Quickstart process
    • Understand data sources and update frequency
    • Get familiar with the Helm UI
      • Understand your dashboard
      • Helm terminology
    • Don't have an SBOM?
      • Why SBOMs are critical to your present and future
      • Generate CycloneDX SBOM with open-source tools
      • Generate SPDX SBOM with open-source tools
        • Generate SBOM with Yocto on Linux
      • Convert your SBOM from CSV to CycloneDX
      • Get expert Services help
    • Upload your first SBOM
      • Upload or convert .zst SBOM files from Yocto on Linux
  • Automate and integrate
    • Automate and integrate risk prioritization and management
    • Automate SBOM and vulnerability management via Helm API SDK
    • Automate SBOM management via GitHub action
    • Automate SBOM management via MS Azure DevOps extension
    • Create and manage lifecycle rules to automate EOS and EOL information across all products
  • Match components
    • Match unmatched components
    • Understand match statuses
    • Understand match sources
    • Create and manage alias rules to match and rematch components across all products
  • manage sboms
    • Manage SBOM
      • Manage component
      • Manage licenses
      • Create, edit, or merge SBOMs
      • Export your SBOM
      • Upload new version of SBOM with each release
      • Archive a product or product version
    • Find out what products contain a particular component
  • manage vulnerabilities
    • Check whether a particular vulnerability impacts your products
    • Manage vulnerabilities
      • Identify and prioritize exploitable vulnerabilities
        • Get email notifications for new vulnerabilities
        • Send email with vulnerability details for future prioritization
        • Understand issue severity level
          • Understand the CVSS vulnerability scoring system
      • Rescore vulnerabilities in bulk or individually
      • Remediate vulnerabilities in bulk or individually
      • Patch Windows vulnerabilities in bulk or individually
      • Export vulnerabilities
  • Ensure FDA readiness
    • FDA-ready SBOM and vulnerability reports
      • Meet FDA requirements with your FDA SBOM report
      • VEX and VDR reports
    • Understand new FDA cybersecurity requirements for cyber devices
      • Is my device a cyber device?
      • What if I already submitted my cyber device?
    • What should my cybersecurity management plan entail?
      • What does risk management entail?
      • Verification & Validation: Build the right product/service/system in the right way
      • Why do I need a Quality Management System (QMS)?
      • Cybersecurity is everyone's responsibility
  • Terminology
    • Cybersecurity terminology
    • What is CPE?
      • How do I read a CPE string?
  • Administration
    • Manage users
    • Manage products
    • Modify your organization name
  • what's new
    • Changelog
Powered by GitBook

© Copyright MedCrypt 2024, All rights reserved.

On this page

Was this helpful?

Export as PDF
  1. Get Started

Quickstart process

PreviousHelm featuresNextUnderstand data sources and update frequency

Last updated 22 days ago

Was this helpful?

Ready to leverage the power of Helm to streamline your vulnerability management? Let's get you up and running!

Sign in

When you create your account, you’ll automatically be enrolled in multi-factor authentication (MFA), also known as two-factor authentication (2FA). This means that you’ll need to provide a code from an authentication app. If you don’t already have an authentication application installed on your smartphone, you’ll need to choose one (e.g., Google Authenticator).

  1. You’ll receive a welcome email, inviting you to sign in to your Helm account.

  2. After signing in, you’ll be prompted to enable your MFA for security. At that time, you’ll be provided with recovery codes in case your phone is lost or stolen. Make sure to copy and paste these recovery codes into a safe place.

  3. When you first sign in and until you’ve uploaded your first SBOM, you’ll see a get started prompt. Choose the path that best suits you. If you accidentally closed that get started modal, don’t worry. You can always access it from Help item in the sidebar.

Need to use SSO? Helm supports Single Sign-On (SSO) if you have an identity provider set up on your end. to enable this on our end.

Step 1: Upload your Software Bill of Materials (SBOM) file:
  • Got an SBOM ready? to Helm.

Don’t have an SBOM yet? We've got you covered:

  • to use our SBOM generation tool.

  • Generate a or using our open-source tool suggestions.

  • Manually create your SBOM.

  • If you’re still unsure how to get started, so we can assist you.

Your component list should automatically refresh as your SBOM is being processed. If you don't see any components showing, check the .

Step 2: Ensure all of your components are matched to known software in the NVD

Once you’ve uploaded your SBOM, Helm will try to match your components to the NVD (National Vulnerability Database). Only components that are matched to the NVD will show vulnerabilities.

To view vulnerabilities for components that are Matched to NVD, click Vulnerabilities in the sidebar. This will display all vulnerabilities for these components.

To resolve other match statuses, click each status badge to start the resolution process.

  1. For components that have a , but no NVD badge, this could indicate that there are no published vulnerabilities for those components. However, components can also be named differently in the NVD, so you should check the NVD to see if there actually is a match.

  2. Try to , as this indicates Helm was unable to find a match in the NVD.

  3. When you determine the appropriate matches, for each component so that these will be auto-matched for all future SBOMs.

Step 3: Helm auto-enriches your data for enhanced vulnerability identification accuracy (Automatic)

There are many ways that Helm auto-enriches your data, including:

  • If we identify inaccurate CPEs or PURLs in your SBOM, Helm will automatically attempt to provide an enriched CPE or PURL that matches to the correct software. You can or your .

  • Helm will automatically update vulnerabilities with severity, exploitability, and source information.

  • Helm will automatically update components with source information.

  • For Windows vulnerabilities, Helm provides Windows KB patch recommendations.

You can also prompt Helm to auto-enrich information:

  1. to auto-update support level and EOS/EOL across all products.

  2. to automatically add missing licenses for any components that do not already have associated licenses. Helm does not overwrite existing licenses.

Step 4: Prioritize your most exploitable vulnerabilities
  1. . You can receive daily, weekly, and/or monthly updates.

  2. across your selected product version. If desired, you can also .

  3. .

  4. Enable the Date updated to keep track of updated vulnerabilities. You can to view these updates.

Step 5: Patch Windows vulnerabilities with WinKB recommendations
Step 6: Remediate vulnerabilities

You can remediate with CycloneDX and/or CycloneDX VEX statuses.

Step 7: Monitor your progress on your dashboard (Optional)
  • Quickly prioritize and remediate threats to your most impacted products and components

  • Zero in on critical vulnerabilities

  • Track progress on vulnerabilities you still need to remediate

Step 8: Export your FDA SBOM or other FDA-ready reports
Integrate to your CI/CD process (Optional)
Check whether you are impacted by a particular vulnerability (Optional)
Check whether your products contain a particular component (Optional)

If you already know which Windows KBs to add to your digital product, you can .

To patch individual vulnerabilities, KB patch to Patch available. You can view these across all products or select a product version.

.

vulnerabilities within a product, across products, or target a particular component's vulnerabilities with the click of a button, enabling you to speed triage and ensure remediation consistency of particular vulnerabilities across your product portfolio.

If desired, .

Quickly identify threats and track your progress on your , accessible via the Home icon on the sidebar.

Export your to ensure a smooth FDA submission.

Export .

Export or .

API: to automate many tasks, such as creating product versions, uploading SBOMs, returning all vulnerabilities and generating reports, as well as returning only unmatched components or only CISA KEV vulnerabilities.

GitHub: your CI/CD process or use it independently to automate product version creation and SBOM uploads.

, and if so, which products you'll need to focus on. Just enter the vulnerability ID in the global search bar at the top of any page.

Check, and if so, which ones. Just enter the component name in the global search bar at the top of any page.

bulk patch by adding these KBs to the product version
Bulk remediate
Dashboard
expert-crafted FDA SBOM
VEX
and VDR reports
enriched SBOM
original SBOM
Use our Helm API
Integrate our GitHub action
Check whether a particular vulnerability impacts your products
whether your products contain a particular component
Contact us
Upload your CycloneDX or SPDX SBOM file
Contact us
CycloneDX SBOM
SPDX SBOM
contact us
create an alias
export this enriched SBOM
original SBOM
Create rules
Reload any component
Enable email notifications for new vulnerabilities
Bulk rescore all vulnerabilities
filter
column
filter on date range
rescore individual vulnerabilities
Patch individual vulnerabilities
Resolve Select match statuses
Resolve Fix version statuses
Resolve Contact us statuses
Matched status with a package manager badge
resolve any Not found statuses
SBOM file upload status
Filter on most impactful vulnerabilities
individually remediate vulnerabilities