Get FDA readyServices
Solutions
Guardian helpGet a demo

Manage component

You can view details about a dependency components, including its licenses, how it was matched, and any review information. In the Software Bill of Materials (Products) page, select Actions ... > Manage component to modify dependency component details.

Product details

  • Product name: This is your product name.

  • Product version: This is your product version.

Component details

  • Name: This is the firmware, software, framework, library, file, or operating system that is installed on the physical representations of your device (e.g., Windows, OpenSSL).

  • Version: This is the version for this component name (e.g., 10.1 for Windows).

  • Supplier: This is the organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows).

  • Original CPE: This is the original PURL assigned to this component in your SBOM file. Example format: (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)

  • Enriched CPE: This is the PURL that was added or enriched from the respective package manager during the component matching process. This will only display if populated. You cannot edit this.

  • Original PURL: This is the original CPE assigned to this component in your SBOM file. Example format: (e.g., scheme:type/namespace/name@version?qualifiers#subpath)

  • Enriched PURL: This is the CPE that was added or enriched by our AI copilot during the component matching process. This will only display if populated. You cannot edit this.

Match details

This is how Helm matched or attempted to match your component.

  • Match status: This shows the current match status, as well as what sources were matched on.

  • Vuln source: This is the source where we located this component. This is currently always NVD. If it was not in the NVD, it will show a Not found badge.

  • Matched by:

    • System: Helm automatically matched this component based on an exact match in the NVD, which could be from a CPE, PURL package manager, name/version/supplier, or alias.

    • User name: This user manually matched this component to a suggested match or created a new alias to link it to known software.

Lifecycle details

When building a new device, you can ensure that your component is actively maintained or prioritize upgrading to a more stable version. When updating devices in the field, you can prioritize upgrades for dependency components that are nearing end-of-support or end-of-life. This will help you ensure that the stability and security of your device throughout its lifecycle.

  • Level of support: Specify whether the dependency component is actively maintained or not. You can specify a date or text value. This will be populated into your FDA SBOM report or SBOM CSV report.

  • EOS/EOL: Provide an EOS or EOL date or other text value. This will be populated into your FDA SBOM report or SBOM CSV report.

You can also create rules to automatically update lifecycle information for particular component criteria across products in the Rules manager.

Review details

This shows the last review added for this component. You can also add your own review or view all review information.

  • Review status: Shows whether the component has been reviewed or needs to be reviewed. You can click this badge to set a new status.

  • Last reviewed on: Shows the last time a user reviewed this dependency component.

  • Last reviewed by: Shows who last reviewed this component.

  • Last review: This is the last review note made on this component to inform the team or progress, final status, or critical risk.

Edit component

  1. On the component you want to edit, click Actions ... > Manage component.

  2. Click Edit on the section you would like to edit. Note that you cannot edit the Match details section.

  3. If you edit fields in the Component details section, then save your changes, you will be prompted to reload this component. Note that this will assess the component anew, which will lose any previous metadata, including matching, EOS/EOL, licensing, or review information that you have manually added.

  4. f you don't see your updated component display, make sure Auto-refresh is on or click Refresh to manually update the page.​​

Auto-enrichment of CPEs and PURLs

Helm will automatically update and enrich your component's CPE or PURL if we are able to detect or derive a more precise match.

  • Enriched CPE: If Helm's AI copilot locates a match or a more precise match for your component's CPE, it will automatically populate that information into the Enriched CPE field for that component. If you already had a CPE, that is still retained in the Original CPE field.

  • Incomplete CPE: Helm will interpret incomplete CPEs (with at least 5 of the possible 13 segments of a CPE), Helm will now fill in missing CPE segments with a wildcard (*).

  • Enriched PURL: If Helm's AI copilot locates a match or a more precise match for your component's PURL, it will automatically populate that information into the Enriched PURL field for that component. If you already had a PURL, that is still retained in the Original PURL field.

This information will be included see this information in the components table in now export this enriched info for any FDA reports that include SBOM components, including your enriched SBOM, FDA SBOM, or VDR report.

Automatically add missing component license information

Helm will detect and automatically enrich missing licenses for any new SBOM components that do not have any license associated with them. You can also have Helm automatically add license information for your existing components.

  1. For any component that you want to enrich with license information, click Actions > Reload component.

  2. You'll be prompted to confirm this reload, as it will discard any metadata (e.g., review information, match status, associated vulnerabilities, etc.). This will then re-identify associated vulnerabilities, so you may see some discrepancy in your number of vulnerabilities for that component. This reduces your manual effort of tracking down licensing information, ensuring you have the latest license information available from our data sources.

Delete component

Click Actions > Remove (Delete) component. You will be prompted to confirm, as you cannot recover deleted components. This will only delete this component from this product version.

PreviousArchive a product or delete a product versionNextView components and vulnerabilities for products

Last updated

© Copyright MedCrypt 2024, All rights reserved.