Get FDA ready Services
Solutions
Guardian help Get a demo

Quickstart process

Ready to leverage the power of Helm to streamline your vulnerability management? Let's get you up and running!

  1. Upload your Software Bill of Materials (SBOM) file.

Don't have an SBOM yet? No worries!

You can generate a CycloneDX SBOM using our open-source tool suggestions or whatever tool you prefer. You can also manually create your SBOM if that works better for you. If you’re not sure how to get started, that's what we're here for -- contact us so we can get you unstuck.

  1. Once you’ve uploaded your SBOM, our system will automatically make matches to the NVD if possible. This includes matching to a Package URL (PURL) string in one of our supported package managers (Cargo, NuGet, NPM, PyPI), a CPE string, an alias, or a dependency component name.

  2. For each Matched status where there is also an NVD token, that means that we've identified an exact match. You can now see vulnerabilities for that dependency component.

  3. For each Matched status where there is also a NOT IN NVD token, this means that it was matched to a particular token manager. You will also see the package manager token (e.g., Cargo, NPM, NuGet, Pypi). This means that we were unable to locate an exact match in the NVD, but that your software does exist in the respective package manager. Refer to the article link below for more information.

pageResolve a Matched status with NOT IN NVD and package manager tokens

What does it mean when there's no exact match?

If something doesn’t have an exact match in the NVD, that means that there are no known vulnerabilities in the NVD for the dependency component using that particular name. You'll need to identify an exact match in the NVD to see the vulnerabilities for that dependency component. Remember that sometimes software can have a different name in the NVD!

  1. For each Multiple matches status, this indicates that we found multiple exact matches in the NVD. Click Resolve to assess match suggestions. If you find the right software, you can link it immediately. You’ll need to resolve this by identifying an exact match in the NVD before you can see vulnerabilities for this dependency component. Refer to the article link below for more information.

pageResolve a Multiple matches status

Save time and effort by creating reusable aliases

If you're an Administrator on this account, you can create an alias for this dependency software to known software that you identify.

  1. For each Not found status, you’ll see a NOT IN NVD token. You’ll need to resolve this by identifying an exact match in the NVD before you can see vulnerabilities for this dependency component. Refer to the article link below for more information.

  1. In the Version column, if you see any warning or error indicators, you'll need to resolve these before you can see your vulnerabilities for that dependency component. Refer to the article link below for more information.

pageGet a warning icon next to your dependency component version?

  1. Once you’ve successfully matched each of your dependency components to software in the NVD, you’ll be able to see any reported vulnerabilities for it. Refer to the Vulnerabilities section for more information.

  2. If you want to quickly check on a particular vulnerability, you can enter the vulnerability ID in the global search bar at the top of any page. This will give you a list of all of your products that seem to be impacted by that vulnerability. See Discover (Global search) for more information.

  3. When you’re ready to assess a vulnerability and modify its Product impact, refer to the Manage a vulnerability section.

  4. You can assess your progress on your Dashboard (the Home icon on the sidebar). Refer to the Dashboard page for more information.

PreviousWhy SBOMs are critical to your present and futureNextUpload your first SBOM

Last updated

© Copyright MedCrypt 2023, All rights reserved.