Vulnerability Response - no NVD match for CWE-540

Joanna17
Tera Contributor

Hi! 

 

I'm going through the Vulnerability Response module and I'm trying to understand nuances of NVD and CWE integrations. I have a case of some github related vulnerabilities that match CWE-540 (inclusion of sensitive information in source code), however I cannot see any reference for github vulnerability connected with CWE-540 in NVD. What should I do in this case? Can I match vulnerability item with CWE instead of CVE record? Or should I use something that looks the most appropriate from what is already in the NVD? 

Thanks for any suggestions!

 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Got'cha ...

Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future?  That really seems like the happy-path here 🙂 

 

-------------------------------------------------------------

 

For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?

I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?

 

-------------------------------------------------------------

 

For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...

 

That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field

 

andy_ojha_1-1729192570316.png

 

------------------------------------------------------------------------

For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.

You would want to leverage the CVE data for the Vulnerability on VITs

https://github.com/advisories/GHSA-mjvf-4h88-6xm3

 

 

andy_ojha_0-1729192118712.png

 

View solution in original post

6 REPLIES 6

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

 

Are you looking to create findings in Application Vulnerability Response (AVR) - with Application Vulnerable Items (AVITs).

 

Are you leveraging the Store App Integration for GitHub w/ SecOps Application VR (AVR)?


Or were you looking for a one-off ability to manually create a handful of findings linked to CWEs?


------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------

 

The Vulnerability Entry (sn_vul_entry) table - has the field for "CWE" 

 

You will see certain records (e.g. CVEs) with a primary CWE populated there 

andy_ojha_0-1729013692252.png

 

 

------------------------------------------------------------------------------------------------------------

 

Part of how you approach this will depend on how the data is going to be popualted
 - CVEs and CWEs should be populated via the native integrations available today 

You'll see this presents several Vulnerability Entries linked to that CWE 

Then it'll depend on what is bringing the findings in to create VITs or AVITs (manual, integration such as the Store App for GitHub with SecOps AVR)

 

andy_ojha_1-1729013875372.png


------------------------------------------------------------------------------------------------------------

Hi! Thank you for your reply! 

 

So in my case, for some internal reasons, we need to use VR (and not AVR) for this, and the data would be from 3rd party integration (custom integration with secret scanner).

I did the same search as you in the sn_vul_entry with CWE filter and the CVE matches didn't contain anything GitHub related. If there's nothing github related, how the vulnerability entry will be selected? 

 

This is my first time with the vulnerability response module and I'm still trying to fully understand how it works - thank you for your help!

andy_ojha
ServiceNow Employee
ServiceNow Employee

Got'cha ...

Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future?  That really seems like the happy-path here 🙂 

 

-------------------------------------------------------------

 

For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?

I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?

 

-------------------------------------------------------------

 

For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...

 

That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field

 

andy_ojha_1-1729192570316.png

 

------------------------------------------------------------------------

For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.

You would want to leverage the CVE data for the Vulnerability on VITs

https://github.com/advisories/GHSA-mjvf-4h88-6xm3

 

 

andy_ojha_0-1729192118712.png

 

Thank you, this was really helpful! After some digging we will need to go with creating a new library entry. I tried creating a test one, but it seems that the id hasn't got populated.

Do you know how the ID gets created? Is there's any additional step that needs to be completed for this field to be populated? 

 

Joanna17_0-1731403893733.png

 

Thank you!