Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Technical Dept of Homegrown Applications in EA Workspace TPM/TRM

GGriessler
Tera Guru

‎10-06-2025 02:03 AM

Hi,

 

we recently came across requirements regarding Technical Dept, for which we are not sure how to utilize the TPM/TRM to take care of them.

 

1.) How can technical dept, that is not related to the lifecycle, but instead shortcuts taken during development/customization be represented?

2.) Can we import information regarding vulnerabilities for applications, maybe via the SecOps module, and where/how would that be represented?

3.) Can we import information regarding vulnerabilities for homegrown applications or open-source applications and how would that be represented?

 

Thanks for any input!

0 Helpfuls
  • 513 Views
2 REPLIES 2

Mathew Hillyard
Mega Sage

4 weeks ago

Hi @GGriessler 

1. I’m not sure what you need exactly but it seems to suggest a technology standard with a shortened lifecycle? Is that correct, or do you mean that you want certain examples of that technology bypasses certain stages?

2. and 3. This is available via (infrastructure) vulnerability response. You integrate with a vulnerability scanner like Qualys or Tenable; the vulnerabilities are stored in the Third-party Vulnerability table and the CI, including both commercial and homegrown applications, are stored in the Vulnerable Item table. Each Vulnerable Item references the Third-party Vulnerability and CI. It uses the CMDB IRE to match the details supplied by the scanner to a CI in the CMDB using Lookup Rules.

 

I hope this helps!

Mat

0 Helpfuls

GGriessler
Tera Guru
In response to Mathew Hillyard

4 weeks ago

Hi Mat,

 

thanks a lot for the explanation on 2 and 3

 

regarding 1.)

I'm talking about something different here.

Shortcuts not in the sense of bypassing stages, but reducing quality during development, which leads to potential quality issues further down the road.

 

For Example, deciding to reuse a not well fitting interface via a third party tool because of time/resource constraints.

Something like that should as well be documented somewhere, as shutting down the third party tool will impact this application.

Would that be just documented somewhere in the Interface and potentially marked via a configuration or could something like that also be tracked via TPM?

 

Kind regards

Gerhard

0 Helpfuls