Xanadu |
- Customize the calculation of Age and Age closed parameters of a application vulnerable item
- Starting with v24.0.6 of Vulnerability Response, the Age and Age Closed durations of am Application Vulnerable item can be configured to be calculated from the date in the Created, Opened, or First Found fields.
- Open the search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI
- Starting with v24.0.6 of Vulnerability Response, automatically open your search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI, by adjusting the application scope in the unified navigation bar to Vulnerability Manager Workspace or IT Remediation Workspace respectively. These application scopes are available to you based on your assigned role.
- Vulnerability Manager Workspace access to the sn_vul.app_read_all role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vul.app_read_all role, you can view the application vulnerable items in the Vulnerability Manager Workspace.
- IT Remediation Workspace access to the sn_vul.app_read_assigned role
- Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vul.app_read_assigned role, you can view the application vulnerable items assigned to you and your assignment groups in the IT Remediation Workspace and remediate them.
- Navigate to the List page in the Vulnerability Manager Workspace or IT Remediation Workspace by selecting the links from the All menu
- Starting with v24.0.6 of Vulnerability Response, when you enable the 'sn_vul_cmn_ws.navigate_to_workspace' system property, selecting predefined filter links in the Application Vulnerability Response module from the 'All' menu will automatically
open these links in the List page in the Vulnerability Manager Workspace or IT Remediation Workspace based on your role.
- Hide the record count on the lists in the Vulnerability Manager Workspace and IT Remediation Workspace
- Starting with v24.0.6 of Vulnerability Response, you can hide the record count on the lists in the List page in the Vulnerability Manager Workspace and IT Remediation Workspace, by adding the table names to the glide.ui.list.seismic.omit.count system property.
- Enable automatic refresh for the Home page dashboard in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, when creating and editing filters in the Application Vulnerabilities tab on the Home page of the Vulnerability Manager Workspace, you can configure the widgets to refresh automatically. Otherwise, you can manually refresh the widgets by selecting the Refresh button on the Application Vulnerabilities
tab.
- Re-evaluating remediation properties for all records in the Vulnerability Manager Workspace
- Starting with v24.0.6 of Vulnerability Response, you can evaluate the remediation properties for all the Application Vulnerable Items from the Application Vulnerable Items list by selecting the All items in the
Record selection field of the Re-evaluate remediation properties modal in the Vulnerability Manager Workspace.
- New Properties module
- Starting with v24.0.6 of Application Vulnerability Response, a new Properties module has been added to the navigation menu under the Administration section. This module enables direct modification
of the values, offering a user-friendly method to manage and update system properties directly from the interface.
- View, classify, and assign software license information you upload with your SBOM files
- Use the License administration module in the SBOM Workspace to help you determine your over-all license compliance and risk exposure to the open-source and vendor-supplied software components you use in your application development.
- View all the licenses that are used in your organization in the License administration module.
- Classify existing licenses as: "Permitted", "Restricted", "Banned", or "Unclassified", and create new licenses.
- For unassigned or missing licenses, you can manually assign licenses to components used by your applications.
- Closed application vulnerable items in the SBOM Workspace reopen automatically
- A Closed application vulnerable item (AVIT) for a component with an associated vulnerability is reopened automatically and visible in the SBOM Workspace if the following conditions are met:
- The Reopen AVITs if detected (sn_sbom_resp.reopen_avits_if_detected) system property is activated. This system property is activated by default.
- The AVIT with the associated vulnerability is detected again by a third-party integration's vulnerability scans or the component with the vulnerability is part of a subsequent SBOM upload.
- The substate of the Closed AVIT is not one of the following: Mitigation Control in Place, Not Affected, or False Positive. AVITs
with these substates are not reopened by the system property.
Deactivate the system property only if you do not want Closed AVITs to reopen automatically.
- Reevaluate the remediation properties for application vulnerable items in the Vulnerability Manager Workspace
- Select the application vulnerable items conditionally for reevaluating the following remediation properties in the Vulnerability Manager Workspace:
- Assignments
- Remediation tasks
- Remediation target date
- Exceptions (Vulnerability Response v24.0.6)
- Risk score
- Software Bill of Materials enhancements for CycloneDX SBOM files
- The following enhancements were made to support SBOM files in CycloneDX format:
Import additional information in CycloneDX SBOM files with the (sn_sbom_core.collect_properties) property. This property is deactivated by default. Activate the property to import information that is generally not supported. Any
information imported from these properties is uploaded to the SBOM Component Property [sn_sbom_comp_property] table for the following:
- Uploaded SBOM files
- Metadata
- Individual vulnerabilities
- Components
View imported component data for declared and concluded licenses for SBOM files in versions 1.4 and later of CycloneDX in two new license fields: SBOM parsing support is enhanced for the following CycloneDX versions and component types:
- Version 1.5: Platform, Data, Device driver, Machine Learning model
- Version 1.6: Cryptographic
- Enhancements to SBOM Response for PaCE
- The Policy as Code Engine (PaCE) application is available for SBOM Response.
- Determine if components are stale or abandoned with the Run PaCE policies for SBOM Response scheduled job. The scheduled job is deactivated by default.
- View components that are identified as stale or abandoned as Non-compliant in the PaCE interface that is available in the SBOM Workspace.
- Upload SBOM files to the ServiceNow AI Platform® from your GitHub repositories
- Determine if SBOM files generated in your CI/CD (continuous integration and continuous delivery/deployment) pipelines have been successfully queued in your ServiceNow AI Platform instance.
- Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment.
- Obtain any required GitHub Actions for SBOM upload in the GitHub Marketplace.
- Enhancements to Bill of Materials records for the Veracode Vulnerability Integration
- Veracode is mapped to the Source field for records in the Bill of Materials [sn_sbom_doc] table for the Veracode
SBOM files that you upload.
- Remediation Task Rules for Container Vulnerability Response
- Define and group container vulnerable items automatically based on the remediation task rules.
- GitHub Secrets Scanning
- Ingest secrets detected in your organization’s code along with the application security testing results, enabling ease of accessibility for developers to mitigate these results.
- Enhanced processing performance of scheduled job
- The Rollup application vulnerable item values to vulnerability and group scheduled job is enhanced to create background jobs with multithreading capabilities. This upgrade involves segmenting the job
into several smaller child jobs, which are executed either in parallel or concurrently. This modification enables processing of multiple records simultaneously, thus significantly speeding up the overall task.
- Quick Start Tests for Application Vulnerability Response
-
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Application Vulnerability Response works as expected. If you customized Application Vulnerability Response, copy the quick start tests and configure them for your customizations.
- Set the Veracode integration to update SCA findings
- You can select the scan that takes precedence for the final updates for SCA findings data imported from Veracode. On the Veracode configuration page, ‘Default’ is the set value until you change it. You must select the
Include SCA findings check box and choose one from the list:
- Agent – the agent scan results make the final updates to SCA finding
- Upload – the upload scan results make the final updates to SCA finding
- Default – the last scan processed, either the agent or upload scan, makes the final updates to SCA findings
Note: If you do not select the Include SCA findings check box on the configuration page, the scan you selected from the list is not used, and the last scan that is processed makes the final updates.
- Add and delete support for applications in Veracode imported from the ServiceNow AI Platform
- Set the value for the [sn-vul-veracode.app-mark-unseen-apps-inactive] system property to ‘true’ to prevent errors if the Platform requests applications already deleted by Veracode. If this property is set to ‘true’
(activated), the successful import of the Application List Integration marks any unseen applications in the Platform as ‘inactive’.
- Application Penetration testing enhancements
- New workspace that permits you to use the penetration testing workflow in the Next Experience UI. Alignment of penetration testing for mobile application security with the recognized standards of the Mobile Application
Security Verification Standard (MASVS) via a questionnaire in the penetration testing workflow.
|
Yokohama |
- Enhancements to Application Vulnerability Response
- The Unassign workflow is supported for application vulnerable items (AVITs) and remediation tasks (AVULs).
- Streamline application vulnerability assignments with the Unassign UI action from the more actions menu on an AVIT.
- Reassign incorrectly assigned AVITs, clarify ownership for reassessment, and maintain accurate triage records in workspace views.
- You have the option to send unassign requests for approval prior to clearing the Assigned to and Assignment group fields on records.
- SBOM document upload via Github Action
- Upload valid Software Bill of Material (SBOM) documents to ServiceNow platform with the help of GitHub Action.
- Create application remediation tasks manually in the Vulnerability Manager Workspace
- With the sn_vul.app_sec_manager role, you can create application remediation tasks manually by selecting some or all the records in the Application vulnerable items’ lists in the Vulnerability Manager Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating application remediation tasks.
- Create application remediation tasks manually in the IT Remediation Workspace
- With the sn_vul.app_security_champion role, you can create application remediation tasks manually by selecting desired records in the Application vulnerable items’ lists in the IT Remediation Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating application remediation tasks.
- Manual Ingestion of vulnerabilities for application vulnerability response
- Import AVITs from external sources via a standardised template (e.g., CSV, Excel) and manage Penetration test findings lifecycle. Now, you can ingest vulnerability data, including details such as affected application,
vulnerability description, severity, remediation recommendations, including other necessary details. This enhancement allows you to simplifies the process of consolidating vulnerability data from diverse sources into a
centralised Penetration test workspace.
- Penetration Test Workspace
-
Monitor your penetration test requests and findings as well as your team's overall progress in the Penetration Test Workspace. Prioritize tests that need your attention, track findings, and view assignments with the
following data visualizations on the dashboard:
- Important items.
- Penetration test requests that are critical and by state.
- Reported findings.
- Overall remediation progress based on assignment.
- Enhancements to Penetration Test Assessment Requests
- Along with Full Penetration, Focused, and Re-test, the following assessment types are included for Penetration Test Assessment Requests forms in the Penetration Test Workspace:
- Emergency Release - Supports emergency releases that are required for rapid software updates to address critical issues like security vulnerabilities.
- Bug Bounty Program - Rewards ethical hackers to find and report security vulnerabilities.
- Release Approvals - Ensure that all necessary checks are completed before deploying new software.
- One-off reviews - Assess specific projects outside regular development and release cycles to evaluate performance and implement improvements.
- Executive Interest - Report on senior management's engagement and support for critical projects within the organization.
Enhancements to the Release Approval and Release Notes fields help you ensure quality and security for your pen test findings. The following states have been added to the Release approval field:
- Not Applicable (Default).
- Approved.
- Denied.
You can add details to justify your release approvals in the Release notes field.
- Associate CWEs for manual AVIT creation from Penetration Test Assessment Requests
- On the Penetration test findings tab on Penetration Test Assessment Requests, you have the option to associate Common Weakness Enumerations (CWE)s or Common Vulnerabilities and Exposures (CVE)s in the
Vulnerability field for manually created AVITs.
- Create change requests in Application Vulnerability Response
- Users with the sn_vul.app_sec_manager and sn_vul.app_sec_champion roles as well as users with the sn_vul.app_developer role who have the ITIL role can create change requests from remediation tasks in the Application Vulnerability Response application. Create change requests to expedite your investigation for application vulnerabilities (AVIT)s that require manual intervention.
- Create change requests with prepopulated information for scanned applications that are classified as configuration items (CI)s.
- The change request workflow in Application Vulnerability Response is similar to the workflow supported in Vulnerability Response. For more information about the Vulnerability Response change request workflow, see Change management for Vulnerability Response.
Note: Change requests are supported for Application Vulnerability Response only if the discovered application is associated with a configuration item (CI). You must set Product model to False in the Use
Product Model [sn_vul.use_product_model] system property to associate a discovered application with a CI.
- Enhancements to the Software Bill of Materials Workspace
-
- You can delete multiple BOM entity records and their related components with bulk edit from the Software Bill of Materials
SBOM SBOM Workspace.
- Any Application Vulnerable Items (AVIT)s that are associated with deleted BOM entities automatically transition to Closed.
- View risk score details of a vulnerable items in the Work notes section
- Starting with v25.0.3 of Application Vulnerability Response, the system property sn_sec_cmn.risk_score_changes_add_worknotes is inactive by default. If you enable it, only then you can see all the changes related to the
risk score of an application vulnerable item in the Work notes section. Additionally, the work notes are updated only if there’s a change in the risk score.
|
Zurich |
- Enhanced Compensatory controls
- When new vulnerable items are ingested and associated with a remediation task that already has an approved compensating control, the reduced risk rating is now automatically inherited by those new vulnerable items.
- Improved vulnerability assessment workflows
-
- CI filtering for vulnerability assessments: You can now filter which configuration items are included in a vulnerability assessment using a condition builder.
- Business Application population on AVITs: AVITs created from SBOM assessment results now include Business Application information, helping you understand application impact and prioritize remediation.
- Priority roll‑down from vulnerability assessments: Updates to the priority of a vulnerability assessment now automatically roll down to associated VITs and AVITs, ensuring consistent prioritization based on the highest
severity.
- Remediation task rule execution mode
- You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one
remediation task. The default Match All mode continues to evaluate all applicable rules.
- GitHub Application Vulnerability Integration – Generic secrets support
- The GitHub Secret Scanning Integration now imports generic secrets in addition to standard secrets from your GitHub repositories. A new Manage generic secrets in ServiceNow configuration option lets you control whether
generic secrets are ingested. Imported secrets are mapped to Application Vulnerable Items (AVIs) with the scan type Secret, while generic secrets are mapped with the scan type Generic Secret.
- Enhancements to Application Vulnerability Response
- The Unassign workflow is supported for application vulnerable items (AVITs) and remediation tasks (AVULs).
- Streamline application vulnerability assignments with the Unassign UI action from the more actions menu on an AVIT.
- Reassign incorrectly assigned AVITs, clarify ownership for reassessment, and maintain accurate triage records in workspace views.
- You have the option to send unassign requests for approval prior to clearing the Assigned to and Assignment group fields on records.
- SBOM document upload via Github Action
- Upload valid Software Bill of Material (SBOM) documents to ServiceNow platform with the help of GitHub Action.
- Create application remediation tasks manually in the Vulnerability Manager Workspace
- With the sn_vul.app_sec_manager role, you can create application remediation tasks manually by selecting some or all the records in the Application vulnerable items’ lists in the Vulnerability Manager Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating application remediation tasks.
- Create application remediation tasks manually in the IT Remediation Workspace
- With the sn_vul.app_security_champion role, you can create application remediation tasks manually by selecting desired records in the Application vulnerable items’ lists in the IT Remediation Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating application remediation tasks.
- Tenable Web Application Scanning Vulnerability Response Integration
- The Tenable.was integration now supports on‑demand execution of both application and vulnerability imports, allowing you to quickly ingest web applications, findings, and scan metadata into ServiceNow. Imported data
automatically populates Discovered Applications, Vulnerability Entries, Scan Summaries, and AVITs, with full visibility through integration run tracking.
- Manual Ingestion of Vulnerabilities for Application Vulnerability Integration
- Import AVITs from external sources via a standardised template (e.g., CSV, Excel) and manage Penetration test findings lifecycle. Now, you can ingest vulnerability data, including details such as affected application,
vulnerability description, severity, remediation recommendations, including other necessary details. This enhancement allows you to simplifies the process of consolidating vulnerability data from diverse sources into a
centralised Penetration test workspace.
- Penetration Test Workspace
-
Monitor your penetration test requests and findings as well as your team's overall progress in the Penetration Test Workspace. Prioritize tests that need your attention, track findings, and view assignments with the
following data visualizations on the dashboard:
- Important items.
- Penetration test requests that are critical and by state.
- Reported findings.
- Overall remediation progress based on assignment.
- Enhancements to Penetration Test Assessment Requests
- Along with Full Penetration, Focused, and Re-test, the following assessment types are included for Penetration Test Assessment Requests forms in the Penetration Test Workspace:
- Emergency Release - Supports emergency releases that are required for rapid software updates to address critical issues like security vulnerabilities.
- Bug Bounty Program - Rewards ethical hackers to find and report security vulnerabilities.
- Release Approvals - Ensure that all necessary checks are completed before deploying new software.
- One-off reviews - Assess specific projects outside regular development and release cycles to evaluate performance and implement improvements.
- Executive Interest - Report on senior management's engagement and support for critical projects within the organization.
Enhancements to the Release Approval and Release Notes fields help you ensure quality and security for your pen test findings. The following states have been added to the Release approval field:
- Not Applicable (Default).
- Approved.
- Denied.
You can add details to justify your release approvals in the Release notes field.
- Associate CWEs for manual AVIT creation from Penetration Test Assessment Requests
- On the Penetration test findings tab on Penetration Test Assessment Requests, you have the option to associate Common Weakness Enumerations (CWE)s or Common Vulnerabilities and Exposures (CVE)s in the
Vulnerability field for manually created AVITs.
- Create change requests in Application Vulnerability Response
- Users with the sn_vul.app_sec_manager and sn_vul.app_sec_champion roles as well as users with the sn_vul.app_developer role who have the ITIL role can create change requests from remediation tasks in the Application Vulnerability Response application. Create change requests to expedite your investigation for application vulnerabilities (AVIT)s that require manual intervention.
- Create change requests with prepopulated information for scanned applications that are classified as configuration items (CI)s.
- The change request workflow in Application Vulnerability Response is similar to the workflow supported in Vulnerability Response. For more information about the Vulnerability Response change request workflow, see Change management for Vulnerability Response.
Note: Change requests are supported for Application Vulnerability Response only if the discovered application is associated with a configuration item (CI). You must set Product model to False in the Use
Product Model [sn_vul.use_product_model] system property to associate a discovered application with a CI.
- Enhancements to the Software Bill of Materials Workspace
-
- You can delete multiple BOM entity records and their related components with bulk edit from the Software Bill of Materials
SBOM SBOM Workspace.
- Any Application Vulnerable Items (AVIT)s that are associated with deleted BOM entities automatically transition to Closed.
- View risk score details of a vulnerable items in the Work notes section
- Starting with v25.0.3 of Application Vulnerability Response, the system property sn_sec_cmn.risk_score_changes_add_worknotes is inactive by default. If you enable it, only then you can see all the changes related to the
risk score of an application vulnerable item in the Work notes section. Additionally, the work notes are updated only if there’s a change in the risk score.
|
Australia |
- Wiz Vulnerability Response Integration
- Import application, Software Composition Analysis (SCA), findings, Secrets (passwords, tokens and keys) data with the following Wiz Vulnerability integrations:
- Application List Integration
- SCA Findings Integration
- Secret Findings Integration
You can configure these integrations on the Wiz Vulnerability Integration configuration page along with the other Wiz Vulnerability integrations. View imported application list data such as Product Model and Source application ID from Wiz on the Discovered Applications [sn_vul_app_release] table records, and SCA and Secrets data on the Application Vulnerable Items [sn_vul_app_vulnerable_item] table records.
- GitHub Application Vulnerability Integration – Generic secrets support
- The GitHub Secret Scanning Integration supports imports of generic secrets in addition to standard secrets from your GitHub repositories. An enhanced Manage generic secrets in ServiceNow configuration option lets you control whether generic secrets are ingested. Imported secrets are mapped to Application Vulnerable Items (AVITs) with the scan type, Secret, while generic
secrets are mapped with the scan type, Generic Secret.
- Improved vulnerability assessment workflows
-
- CI filtering for vulnerability assessments: You can now filter which configuration items are included in a vulnerability assessment using a condition builder.
- Business Application population on AVITs: AVITs created from SBOM assessment results now include Business Application information, helping you understand application impact and prioritize remediation.
- Priority roll‑down from vulnerability assessments: Updates to the priority of a vulnerability assessment now automatically roll down to associated VITs and AVITs, ensuring consistent prioritization based on the highest
severity.
- Enhanced Compensatory controls
- When new vulnerable items are ingested and associated with a remediation task that already has an approved compensating control, the reduced risk rating is now automatically inherited by those new vulnerable items.
|