LogoLogo
Get FDA readyServicesSolutionsGuardian helpGet a demo
  • Helm help center home
  • Get Started
    • Helm features
    • Quickstart process
    • Understand data sources and update frequency
    • Get familiar with the Helm UI
      • Understand your dashboard
      • Helm terminology
    • Don't have an SBOM?
      • Why SBOMs are critical to your present and future
      • Generate CycloneDX SBOM with open-source tools
      • Generate SPDX SBOM with open-source tools
        • Generate SBOM with Yocto on Linux
      • Convert your SBOM from CSV to CycloneDX
      • Get expert Services help
    • Upload your first SBOM
      • Upload or convert .zst SBOM files from Yocto on Linux
  • Automate and integrate
    • Automate and integrate risk prioritization and management
    • Automate SBOM and vulnerability management via Helm API SDK
    • Automate SBOM management via GitHub action
    • Automate SBOM management via MS Azure DevOps extension
    • Create and manage lifecycle rules to automate EOS and EOL information across all products
  • Match components
    • Match unmatched components
    • Understand match statuses
    • Understand match sources
    • Create and manage alias rules to match and rematch components across all products
  • manage sboms
    • Manage SBOM
      • Manage component
      • Manage licenses
      • Create, edit, or merge SBOMs
      • Export your SBOM
      • Upload new version of SBOM with each release
      • Archive a product or product version
    • Find out what products contain a particular component
  • manage vulnerabilities
    • Check whether a particular vulnerability impacts your products
    • Manage vulnerabilities
      • Identify and prioritize exploitable vulnerabilities
        • Get email notifications for new vulnerabilities
        • Send email with vulnerability details for future prioritization
        • Understand issue severity level
          • Understand the CVSS vulnerability scoring system
      • Rescore vulnerabilities in bulk or individually
      • Remediate vulnerabilities in bulk or individually
      • Patch Windows vulnerabilities in bulk or individually
      • Export vulnerabilities
  • Ensure FDA readiness
    • FDA-ready SBOM and vulnerability reports
      • Meet FDA requirements with your FDA SBOM report
      • VEX and VDR reports
    • Understand new FDA cybersecurity requirements for cyber devices
      • Is my device a cyber device?
      • What if I already submitted my cyber device?
    • What should my cybersecurity management plan entail?
      • What does risk management entail?
      • Verification & Validation: Build the right product/service/system in the right way
      • Why do I need a Quality Management System (QMS)?
      • Cybersecurity is everyone's responsibility
  • Terminology
    • Cybersecurity terminology
    • What is CPE?
      • How do I read a CPE string?
  • Administration
    • Manage users
    • Manage products
    • Modify your organization name
  • what's new
    • Changelog
Powered by GitBook

© Copyright MedCrypt 2024, All rights reserved.

On this page
  • Product details
  • Component details
  • Match details
  • Lifecycle details
  • Review details
  • Edit component
  • Auto-enrichment of CPEs and PURLs
  • Automatically add missing component license information
  • Delete component

Was this helpful?

Export as PDF
  1. manage sboms
  2. Manage SBOM

Manage component

You can view details about a component, including its licenses, how it was matched, and any review information. In the Software Bill of Materials (Products) page, select Actions ... > Manage component to modify component details.

Product details

  • Product name: This is your product name.

  • Product version: This is your product version.

Component details

  • Component name: This is the component (dependency) name (e.g., firmware, software, framework, library, file, operating system, etc.) that is installed on the physical representations of your device (e.g., Windows, OpenSSL). This is the component name from your SBOM.

  • Version: This is the version for this component name (e.g., 10.1 for Windows) from your SBOM.

  • Supplier: This is the organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows). This is the component supplier from your SBOM.

  • Matched dependency name: During matching, Helm may enrich your component name to increase match accuracy. This field will only display if the name was enriched.

  • Matched dependency version: During matching, Helm may enrich your component version to increase match accuracy. This field will only display if the version was enriched.

  • Matched dependency supplier: During matching, Helm may enrich your supplier name to increase match accuracy. This field will only display if the supplier was enriched.

  • Original CPE: This is the original PURL assigned to this component in your SBOM file. Example format: (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)

  • Enriched CPE: This is the PURL that was added or enriched from the respective package manager during the component matching process. This will only display if populated. You cannot edit this.

  • Original PURL: This is the original CPE assigned to this component in your SBOM file. Example format: (e.g., scheme:type/namespace/name@version?qualifiers#subpath)

  • Enriched PURL: This is the CPE that was added or enriched by our AI copilot during the component matching process. This will only display if populated. You cannot edit this.

Match details

This is how Helm matched or attempted to match your component.

  • Matched by:

    • System: Helm automatically matched this component based on an exact match in the NVD, which could be from a CPE, PURL package manager, or name/version/supplier.

    • Alias: Helm automatically matched this component based on an alias your team has created.

    • System alias: Helm automatically matched this component based on a global alias we have created.

    • User name: This user manually matched this component to a suggested match or created a new alias to link it to known software.

Lifecycle details

When building a new device, you can ensure that your component is actively maintained or prioritize upgrading to a more stable version. When updating devices in the field, you can prioritize upgrades for components that are nearing end-of-support or end-of-life. This will help you ensure that the stability and security of your device throughout its lifecycle.

Review details

This shows the last review added for this component. You can also add your own review or view all review information.

  • Review status: Shows whether the component has been reviewed or needs to be reviewed. You can click this badge to set a new status.

  • Last reviewed on: Shows the last time a user reviewed this component.

  • Last reviewed by: Shows who last reviewed this component.

  • Last review: This is the last review note made on this component to inform the team or progress, final status, or critical risk.

Edit component

  1. On the component you want to edit, click Actions ... > Manage component.

  2. Click Edit on the section you would like to edit. Note that you cannot edit the Match details section.

  3. If you edit fields in the Component details section, then save your changes, you will be prompted to reload this component. Note that this will assess the component anew, which will lose any previous metadata, including matching, EOS/EOL, licensing, or review information that you have manually added.

  4. f you don't see your updated component display, make sure Auto-refresh is on or click Refresh to manually update the page.​​

Auto-enrichment of CPEs and PURLs

Helm will automatically update and enrich your component's CPE or PURL if we are able to detect or derive a more precise match.

  • Enriched CPE: If Helm's AI copilot locates a match or a more precise match for your component's CPE, it will automatically populate that information into the Enriched CPE field for that component. If you already had a CPE, that is still retained in the Original CPE field.

  • Incomplete CPE: Helm will interpret incomplete CPEs (with at least 5 of the possible 13 segments of a CPE), Helm will now fill in missing CPE segments with a wildcard (*).

  • Enriched PURL: If Helm's AI copilot locates a match or a more precise match for your component's PURL, it will automatically populate that information into the Enriched PURL field for that component. If you already had a PURL, that is still retained in the Original PURL field.

This information will be included see this information in the components table in now export this enriched info for any FDA reports that include SBOM components, including your enriched SBOM, FDA SBOM, or VDR report.

Automatically add missing component license information

Helm will detect and automatically enrich missing licenses for any new SBOM components that do not have any license associated with them. You can also have Helm automatically add license information for your existing components.

  1. For any component that you want to enrich with license information, click Actions > Reload component.

  2. You'll be prompted to confirm this reload, as it will discard any metadata (e.g., review information, match status, associated vulnerabilities, etc.). This will then re-identify associated vulnerabilities, so you may see some discrepancy in your number of vulnerabilities for that component. This reduces your manual effort of tracking down licensing information, ensuring you have the latest license information available from our data sources.

Delete component

Click Actions > Remove (Delete) component. You will be prompted to confirm, as you cannot recover deleted components. This will only delete this component from this product version.

PreviousManage SBOMNextManage licenses

Last updated 14 days ago

Was this helpful?

Match status: This shows the current , as well as what were matched on.

Vuln source: This is the source where we located this component. This is currently always NVD. If it was not in the NVD, it will show a badge.

Level of support: Specify whether the component is actively maintained or not. You can specify a date or text value. This will be populated into your or .

EOS/EOL: Provide an EOS or EOL date or other text value. This will be populated into your or .

You can also to automatically update lifecycle information for particular component criteria across products in the Rules manager.

match status
sources
FDA SBOM report
SBOM CSV report
FDA SBOM report
SBOM CSV report
create rules
Not found