Manage component

You can view details about a component, including its licenses, how it was matched, and any review information. In the Software Bill of Materials (Products) page, select Actions ... > Manage component to modify component details.

Product details

Product name: This is your product name.
Product version: This is your product version.

Component details

Component name: This is the component (dependency) name (e.g., firmware, software, framework, library, file, operating system, etc.) that is installed on the physical representations of your device (e.g., Windows, OpenSSL). This is the component name from your SBOM.
Version: This is the version for this component name (e.g., 10.1 for Windows) from your SBOM.
Supplier: This is the organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows). This is the component supplier from your SBOM.
Matched dependency name: During matching, Helm may enrich your component name to increase match accuracy. This field will only display if the name was enriched.
Matched dependency version: During matching, Helm may enrich your component version to increase match accuracy. This field will only display if the version was enriched.
Matched dependency supplier: During matching, Helm may enrich your supplier name to increase match accuracy. This field will only display if the supplier was enriched.
Original CPE: This is the original PURL assigned to this component in your SBOM file. Example format: (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)
Enriched CPE: This is the PURL that was added or enriched from the respective package manager during the component matching process. This will only display if populated. You cannot edit this.
Original PURL: This is the original CPE assigned to this component in your SBOM file. Example format: (e.g., scheme:type/namespace/name@version?qualifiers#subpath)
Enriched PURL: This is the CPE that was added or enriched by our AI copilot during the component matching process. This will only display if populated. You cannot edit this.

Match details

This is how Helm matched or attempted to match your component.

Match status: This shows the current , as well as what were matched on.
Vuln source: This is the source where we located this component. This is currently always NVD. If it was not in the NVD, it will show a badge.
Matched by:
- System: Helm automatically matched this component based on an exact match in the NVD, which could be from a CPE, PURL package manager, or name/version/supplier.
- Alias: Helm automatically matched this component based on an alias your team has created.
- System alias: Helm automatically matched this component based on a global alias we have created.
- User name: This user manually matched this component to a suggested match or created a new alias to link it to known software.

Lifecycle details

When building a new device, you can ensure that your component is actively maintained or prioritize upgrading to a more stable version. When updating devices in the field, you can prioritize upgrades for components that are nearing end-of-support or end-of-life. This will help you ensure that the stability and security of your device throughout its lifecycle.

Level of support: Specify whether the component is actively maintained or not. You can specify a date or text value. This will be populated into your or .
EOS/EOL: Provide an EOS or EOL date or other text value. This will be populated into your or .

You can also to automatically update lifecycle information for particular component criteria across products in the Rules manager.

Review details

This shows the last review added for this component. You can also add your own review or view all review information.

Review status: Shows whether the component has been reviewed or needs to be reviewed. You can click this badge to set a new status.
Last reviewed on: Shows the last time a user reviewed this component.
Last reviewed by: Shows who last reviewed this component.
Last review: This is the last review note made on this component to inform the team or progress, final status, or critical risk.

Edit component

On the component you want to edit, click Actions ... > Manage component.
Click Edit on the section you would like to edit. Note that you cannot edit the Match details section.
If you edit fields in the Component details section, then save your changes, you will be prompted to reload this component. Note that this will assess the component anew, which will lose any previous metadata, including matching, EOS/EOL, licensing, or review information that you have manually added.
f you don't see your updated component display, make sure Auto-refresh is on or click Refresh to manually update the page.

Auto-enrichment of CPEs and PURLs

Helm will automatically update and enrich your component's CPE or PURL if we are able to detect or derive a more precise match.

Enriched CPE: If Helm's AI copilot locates a match or a more precise match for your component's CPE, it will automatically populate that information into the Enriched CPE field for that component. If you already had a CPE, that is still retained in the Original CPE field.
Incomplete CPE: Helm will interpret incomplete CPEs (with at least 5 of the possible 13 segments of a CPE), Helm will now fill in missing CPE segments with a wildcard (*).
Enriched PURL: If Helm's AI copilot locates a match or a more precise match for your component's PURL, it will automatically populate that information into the Enriched PURL field for that component. If you already had a PURL, that is still retained in the Original PURL field.

This information will be included see this information in the components table in now export this enriched info for any FDA reports that include SBOM components, including your enriched SBOM, FDA SBOM, or VDR report.

Automatically add missing component license information

Helm will detect and automatically enrich missing licenses for any new SBOM components that do not have any license associated with them. You can also have Helm automatically add license information for your existing components.

For any component that you want to enrich with license information, click Actions > Reload component.
You'll be prompted to confirm this reload, as it will discard any metadata (e.g., review information, match status, associated vulnerabilities, etc.). This will then re-identify associated vulnerabilities, so you may see some discrepancy in your number of vulnerabilities for that component. This reduces your manual effort of tracking down licensing information, ensuring you have the latest license information available from our data sources.

Delete component

Click Actions > Remove (Delete) component. You will be prompted to confirm, as you cannot recover deleted components. This will only delete this component from this product version.

PreviousManage SBOM NextManage licenses

Last updated 14 days ago

Was this helpful?