LogoLogo
Get FDA readyServicesSolutionsGuardian helpGet a demo
  • Helm help center home
  • Get Started
    • Helm features
    • Quickstart process
    • Understand data sources and update frequency
    • Get familiar with the Helm UI
      • Understand your dashboard
      • Helm terminology
    • Don't have an SBOM?
      • Why SBOMs are critical to your present and future
      • Generate CycloneDX SBOM with open-source tools
      • Generate SPDX SBOM with open-source tools
        • Generate SBOM with Yocto on Linux
      • Convert your SBOM from CSV to CycloneDX
      • Get expert Services help
    • Upload your first SBOM
      • Upload or convert .zst SBOM files from Yocto on Linux
  • Automate and integrate
    • Automate and integrate risk prioritization and management
    • Automate SBOM and vulnerability management via Helm API SDK
    • Automate SBOM management via GitHub action
    • Automate SBOM management via MS Azure DevOps extension
    • Create and manage lifecycle rules to automate EOS and EOL information across all products
  • Match components
    • Match unmatched components
    • Understand match statuses
    • Understand match sources
    • Create and manage alias rules to match and rematch components across all products
  • manage sboms
    • Manage SBOM
      • Manage component
      • Manage licenses
      • Create, edit, or merge SBOMs
      • Export your SBOM
      • Upload new version of SBOM with each release
      • Archive a product or product version
    • Find out what products contain a particular component
  • manage vulnerabilities
    • Check whether a particular vulnerability impacts your products
    • Manage vulnerabilities
      • Identify and prioritize exploitable vulnerabilities
        • Get email notifications for new vulnerabilities
        • Send email with vulnerability details for future prioritization
        • Understand issue severity level
          • Understand the CVSS vulnerability scoring system
      • Rescore vulnerabilities in bulk or individually
      • Remediate vulnerabilities in bulk or individually
      • Patch Windows vulnerabilities in bulk or individually
      • Export vulnerabilities
  • Ensure FDA readiness
    • FDA-ready SBOM and vulnerability reports
      • Meet FDA requirements with your FDA SBOM report
      • VEX and VDR reports
    • Understand new FDA cybersecurity requirements for cyber devices
      • Is my device a cyber device?
      • What if I already submitted my cyber device?
    • What should my cybersecurity management plan entail?
      • What does risk management entail?
      • Verification & Validation: Build the right product/service/system in the right way
      • Why do I need a Quality Management System (QMS)?
      • Cybersecurity is everyone's responsibility
  • Terminology
    • Cybersecurity terminology
    • What is CPE?
      • How do I read a CPE string?
  • Administration
    • Manage users
    • Manage products
    • Modify your organization name
  • what's new
    • Changelog
Powered by GitBook

© Copyright MedCrypt 2024, All rights reserved.

On this page
  • Customize your SBOM export
  • SBOM contains component hashes
  • Export lifecycle and license data

Was this helpful?

Export as PDF
  1. manage sboms
  2. Manage SBOM

Export your SBOM

PreviousCreate, edit, or merge SBOMsNextUpload new version of SBOM with each release

Last updated 1 month ago

Was this helpful?

You can use this export function, or you can take advantage of our enhanced , as well as the only that ensures you meet FDA SBOM requirements!

There are two ways to export your SBOM:

  • Click the item in the sidebar, then click the corresponding export button on the report card.

  • Click the Manage SBOM drop-down button, then click Export SBOM.

When downloading (exporting) your SBOM to share with others or for auditing purposes, you can either export your original SBOM or your enhanced SBOM (with matches our system made automatically or that your team matched). You can also choose to include vulnerabilities and any associated CPE or PURL information in your export. SBOMs are currently exported in CycloneDX 1.4 format. If you are interested in exporting in another format, .

Customize your SBOM export

  • Export as file name: This is the filename that will be generated with your exported data.

  • Export details: You can choose to export your original SBOM or your enriched SBOM. Your enriched SBOM can include vulnerabilities, enriched CPE and PURL information, and more.

  • Export as file type: For your original SBOM, you can export in CycloneDX JSON, SPDX JSON or XML, and CSV. For your enriched SBOM, you can export in CycloneDX or SPDX JSON.

  • Include vulnerabilities: Check this box to export all of the vulnerabilities associated with this SBOM. This will include the source name (currently always the NVD), a link to the vulnerability, both its v2 and v3 CVSS scores and vector strings, when the vulnerability was first detected, when it was updated, and more.

  • Include enriched CPEs and PURLs from matching: Your original SBOM export will include all CPE/PURL information, but you can check this box to export all enriched CPE/PURL data, including those identified by Helm or during the matching and analysis process or that you manually matched or added.

SBOM contains component hashes

If your SBOM contained any component hashes when uploaded, that information was retained and will be exported intact to any .

Export lifecycle and license data

You can export lifecycle data, including level of support and EOS/EOL infomration, as well as license data for your components to your or . You can also export lifecycle data to your CycloneDX SBOM.

Export lifecycle data to CycloneDX SBOM

Export Windows KB patch data to CycloneDX SBOM

CycloneDX SBOM

You can export Level of support and/or EOS/EOL to a CycloneDX SBOM provided that you use the following properties. This information will be populated into the respective columns in the Products table, as well as in the component details.

  • Level of support (date): Import will support cdx:lifecycle:milestone:endOfSupport property or eos_date (Medcrypt-specific property). Export will be the CycloneDX native property.

  • EOS/EOL (date): Import will support cdx:lifecycle:milestone:endOfLife property or eol_date (Medcrypt-specific property). Export will be the CycloneDX native property.

  • Level of support (text): Import will support medcrypt:lifecycle:milestone:endOfLifeText or eol_text. Export will be `medcrypt:lifecycle:milestone:endOfLifeText.

  • EOS/EOL (text): Import will support medcrypt:lifecycle:milestone:levelOfSupportText or eos_text. Export will be `medcrypt:lifecycle:milestone:levelOfSupportText.

You can import from and export lifecycle data, including level of support and EOS/EOL information, to your CycloneDX SBOM. Refer to for more info.

You can import from and export Windows KB patch data to your CycloneDX SBOM. Refer to for more info.

You can export lifecycle and license data for your components as an or export the .

Refer to the official in GitHub for definitions.

SBOM and vulnerability reports
FDA expert-crafted SBOM
Reports
let us know
SBOM report
FDA SBOM
SBOM CSV report
FDA SBOM
SBOM CSV report
CycloneDX property taxonomy
Including lifecycle information
Including Windows KB patch information