Got'cha ...
Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future? That really seems like the happy-path here 🙂
-------------------------------------------------------------
For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?
I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?
-------------------------------------------------------------
For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...
That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field
------------------------------------------------------------------------
For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.
You would want to leverage the CVE data for the Vulnerability on VITs
- https://github.com/advisories/GHSA-mjvf-4h88-6xm3
Hey there,
Are you looking to create findings in Application Vulnerability Response (AVR) - with Application Vulnerable Items (AVITs).
Are you leveraging the Store App Integration for GitHub w/ SecOps Application VR (AVR)?
Or were you looking for a one-off ability to manually create a handful of findings linked to CWEs?
------------------------------------------------------------------------------------------------------------
- There is a table called "Application Vulnerability Entries" -> sn_vul_app_vul_entry
- https://docs.servicenow.com/bundle/xanadu-security-management/page/product/vulnerability-app-vuln-mg...
- This table is a child table of Vulnerability Entry (primarily used in App VR)
- When you look at an Application Vulnerable Item (AVIT), the Vulnerability reference field would typically point to a record on this table with a primary CWE or Weakness
------------------------------------------------------------------------------------------------------------
The Vulnerability Entry (sn_vul_entry) table - has the field for "CWE"
You will see certain records (e.g. CVEs) with a primary CWE populated there
------------------------------------------------------------------------------------------------------------
Part of how you approach this will depend on how the data is going to be popualted
- CVEs and CWEs should be populated via the native integrations available today
You'll see this presents several Vulnerability Entries linked to that CWE
Then it'll depend on what is bringing the findings in to create VITs or AVITs (manual, integration such as the Store App for GitHub with SecOps AVR)
------------------------------------------------------------------------------------------------------------
Got'cha ...
Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future? That really seems like the happy-path here 🙂
-------------------------------------------------------------
For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?
I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?
-------------------------------------------------------------
For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...
That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field
------------------------------------------------------------------------
For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.
You would want to leverage the CVE data for the Vulnerability on VITs
- https://github.com/advisories/GHSA-mjvf-4h88-6xm3
Thank you, this was really helpful! After some digging we will need to go with creating a new library entry. I tried creating a test one, but it seems that the id hasn't got populated.
Do you know how the ID gets created? Is there's any additional step that needs to be completed for this field to be populated?
Thank you!
