Our integration with code security scanning tools announced with Quebec goes live with today's store release of ServiceNow DevOps (1.27.1).
A key capability of this release is the new integration and data model updates for Code Security Scanning tools with SonarQube being the first tool supported out-of-the-box. Code security, like many other aspects of product delivery, is 'moving left' to be an automated activity within a delivery pipeline. But that brings challenges to large organizations such as in maintaining visibility across engineering and security teams.
Now, security scan information can be a part of a connected audit trail linking the release process all the way from ideation to operations thanks to the connectivity and data model of the DevOps module. Scan results and links back to the original scan are now available as a part of the data model for easy sharing and reporting. The scan information also contributes to automated change creation and approval policies when using ServiceNow DevOps allowing for highly sophisticated change automation policies that allow for decisions based on many steps in the development pipeline, as well as information we already have about production, such as currently-open incidents. This capability from the ServiceNow DevOps product adds a pre-production perspective to the existing support we provide to security operations teams through our SecOps solutions.
Check out the latest release on the ServiceNow store and see the product documentation here.
ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
