- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2024 02:28 AM
Hi!
I'm going through the Vulnerability Response module and I'm trying to understand nuances of NVD and CWE integrations. I have a case of some github related vulnerabilities that match CWE-540 (inclusion of sensitive information in source code), however I cannot see any reference for github vulnerability connected with CWE-540 in NVD. What should I do in this case? Can I match vulnerability item with CWE instead of CVE record? Or should I use something that looks the most appropriate from what is already in the NVD?
Thanks for any suggestions!
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2024 12:29 PM
Got'cha ...
Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future? That really seems like the happy-path here 🙂
-------------------------------------------------------------
For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?
I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?
-------------------------------------------------------------
For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...
That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field
------------------------------------------------------------------------
For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.
You would want to leverage the CVE data for the Vulnerability on VITs
- https://github.com/advisories/GHSA-mjvf-4h88-6xm3

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2024 10:38 AM
Hey there,
Are you looking to create findings in Application Vulnerability Response (AVR) - with Application Vulnerable Items (AVITs).
Are you leveraging the Store App Integration for GitHub w/ SecOps Application VR (AVR)?
Or were you looking for a one-off ability to manually create a handful of findings linked to CWEs?
------------------------------------------------------------------------------------------------------------
- There is a table called "Application Vulnerability Entries" -> sn_vul_app_vul_entry
- https://docs.servicenow.com/bundle/xanadu-security-management/page/product/vulnerability-app-vuln-mg...
- This table is a child table of Vulnerability Entry (primarily used in App VR)
- When you look at an Application Vulnerable Item (AVIT), the Vulnerability reference field would typically point to a record on this table with a primary CWE or Weakness
------------------------------------------------------------------------------------------------------------
The Vulnerability Entry (sn_vul_entry) table - has the field for "CWE"
You will see certain records (e.g. CVEs) with a primary CWE populated there
------------------------------------------------------------------------------------------------------------
Part of how you approach this will depend on how the data is going to be popualted
- CVEs and CWEs should be populated via the native integrations available today
You'll see this presents several Vulnerability Entries linked to that CWE
Then it'll depend on what is bringing the findings in to create VITs or AVITs (manual, integration such as the Store App for GitHub with SecOps AVR)
------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2024 01:01 AM
Hi! Thank you for your reply!
So in my case, for some internal reasons, we need to use VR (and not AVR) for this, and the data would be from 3rd party integration (custom integration with secret scanner).
I did the same search as you in the sn_vul_entry with CWE filter and the CVE matches didn't contain anything GitHub related. If there's nothing github related, how the vulnerability entry will be selected?
This is my first time with the vulnerability response module and I'm still trying to fully understand how it works - thank you for your help!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2024 12:29 PM
Got'cha ...
Do we have plans to look at using the ServiceNow built Store App integration for GitHub and App VR at some point, in the future? That really seems like the happy-path here 🙂
-------------------------------------------------------------
For the Secret Scanning bit - perhaps you could create a new record in the Application Vuln Entry table, linked to that CWE-540, and then use that as the referenced Vulnerability for each Secret Scanning finding (VIT) you create?
I am not sure if other CVEs or CWEs would be relevant for the Secrets scanning findings?
-------------------------------------------------------------
For the Code Scanning bit, I think you would want to see what type of data is coming form your intermediary tool - ideally they'd have something like a library with the GitHub Security Advisory, that links to one ore more CWEs ...
That would be used to create records in the Application Vuln Entry table, and then your VITs (would really suggest using AVR/AVITs, but I suppose this should work in VR/VIT would reference those in the Vulnerability field
------------------------------------------------------------------------
For GitHub Dependabot Alerts / Vuln Advisories work, consider that a given CVE, may have one or more CWE tied to it.
You would want to leverage the CVE data for the Vulnerability on VITs
- https://github.com/advisories/GHSA-mjvf-4h88-6xm3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 01:44 AM
Thank you, this was really helpful! After some digging we will need to go with creating a new library entry. I tried creating a test one, but it seems that the id hasn't got populated.
Do you know how the ID gets created? Is there's any additional step that needs to be completed for this field to be populated?
Thank you!