Comment on page
Helm 2.57.3 release notes
If you haven’t uploaded any SBOM yet or created one manually, you will see a new Get started modal pop up when you sign in to Helm. You’ll have four different options:
- You need help with your FDA submission: You can request help from our expert Services team and leverage our best practices, templates, and checklists in improving your FDA submission.
- You have a CycloneDX format. You can upload your SBOM file all in one step.
- You have an SBOM in another format. You can contact us and we’ll get right back to you to get you moving.
- You don’t know what an SBOM is or don’t have one yet. We’re here to help. Our expert Services team will help you create your SBOM, assess your current state, and help you identify and mitigate cybersecurity risks.
You can now choose to export your original SBOM or your enhanced SBOM with identified vulnerabilities. This will include the source name (currently always the NVD), a link to the vulnerability, both its v2 and v3 CVSS scores and vector strings, when the vulnerability was first detected, when it was updated, and more. Refer to Export your SBOM for more information.
We’ve simplified your upload experience. If you’re uploading your first SBOM, you’ll see an Add SBOM drop-down button, from which you can select Upload SBOM. You can now browse to your SBOM file and specify your product name and product version in one step. Once you’ve uploaded at least one SBOM, this drop-down button changes to Manage SBOMs. In that case, you’ll be able to either select an existing product name and version, or create a new product name/version pair.
If you upload an SBOM file, you can hover over the FAIL status to get more information on why the file failed to upload, including scenarios such as: missing required fields, additional fields present that are not defined in the JSON schema when the schema does not allow additional properties, and field values not matching expected data types.
Hover over the FAIL status to understand what you need to fix in your SBOM file
- Products page now displays the original dependency component name from your SBOM, rather than the name we normalize to use for matching, enabling you to jump from search results on the Discover page to the expected product.
- In Dashboard, the Product Versions with SBOMs percentage calculation is now accurate
- Added Select product and Select version labels to Dashboard drop-downs
We are working on adding some great new functionality, including:
- Windows KB patching,
- a customer-facing API to automatically ingest SBOMs as part of your CI/CD process,
- the ability to copy/paste from a CSV or other file to create an SBOM,
- more human-readable information,
- complete CycloneDX ingestion and export,
- SPDX support,
- and other cool new things.
We'd love to get your feedback on these to make sure what we're creating will improve your management and mitigation of your software supply chain risk. It will also give you a great opportunity to let us know features and feature enhancements you'd like us to consider adding! Note that this link will create a support ticket that will let us know you're interested, then we'll contact you directly to set up some time to do some feature walkthroughs. Thank you so much for your insights and expertise!