Software installations creation for container images and SBOM

kevinde-win · 3 weeks ago

I am looking for support in the context of software installation records based on container images/SBOM information.

Currentlly, softwares used withhin containers like docker or Kubernetes are a blind spot and we would like to have an inventory of those softwares used in containers.

The data is usually coming from the SBOM extracted from the container image but i feel that there is no real out of the box feature in ServiceNow that maps this data into SAM software installation records.

Would anyone already try to implement such solution and if successful what was done installed/developed to make this happen?

Thank you,

dreinhardt · 3 weeks ago

Hi @kevinde-win ,

ServiceNow ITOM supports the discovery of containered software and is able to handle it for SAM Pro. Would this be an option or do you want to go with SBOMs?

https://www.servicenow.com/docs/bundle/zurich-it-operations-management/page/product/service-mapping/...

Best, Dennis

Should my response prove helpful, please consider marking it as the Accepted Solution/Helpful to assist closing this thread.

kevinde-win · 2 weeks ago

Hi Dennis,

Thank you for the feedback.

I investigated already this path but this would require the deployment of MID server on each Kubernetes Cluster. Having over 500 clusters this would become unmanageable in terms of administration. On top of this, it is unclear how the MID server installed on the cluster is able to scan all running containers (connectivity wise) as the proposed solution uses Trivy to extract the SBOM from the container images.

Any thoughts?

Thank you,

Best regards,

Kevin