Vulnerability Response Integration with Black Duck release notes

Store Release Notes

Release

store

ft:locale

en-US

ft:publication_title

Store Release Notes

ft:clusterId

rnst

bundleId

rnst

Vulnerability Response Integration with Black Duck release notes

Release version: Store

Updated June 11, 2026

1 minute to read

Version history for the Vulnerability Response Integration with Black Duck application on the ServiceNow Store.

Important:

For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version 30.2.1 - June 2026 (USEM)

The following enhancements and changes support internal security directives:
- Query ACLs added to Black Duck configuration and project tables: sn_vul_blackduck_config and sn_vul_blackduck_project, plus narrow field-specific ACLs for u_source on the Black Duck app-import and project-import staging tables to align with ServiceNow Platform Security guidance.
- Fix scripts run exactly once per upgrade.
- Fix script renamed to a per-plugin name to prevent update set conflicts with other Security Operations plugins.
Fixed: CVDB framework alignment — Four missing columns added to sn_vul_blackduck_cvd_attributes: short_description, source_risk_score, v3_impact_subscore, status_updated_on so the CVD attributes table fully matches what the Black Duck integration produces. The UI list and form sections now expose these values.

Version 30.1.1 - April 2026 (USEM)

New: Enhancements to Black Duck AVIT mapping to include componentVersionName.
Fixed:
- Black Duck integration configuration so it correctly stores the MID Server name instead of the internal sys_id when saving credentials. This enhancement resolves ECC queue entries that are stuck in the "Ready" state with the error message,"No response for ECC message request after waiting for 30 seconds in ECC Queue."
- Integration now gracefully handles deleted or archived projects. Integration runs continue processing remaining projects even when individual projects return 404 errors. Activate the sn_vul_blackduck.mark_unseen_projects_inactive property to automatically deactivate projects no longer present in Black Duck.

Version 1.1.2 - April 2026

New: Enhancements to Black Duck AVIT mapping to include componentVersionName.
Fixed:
- Black Duck integration configuration so it correctly stores the MID Server name instead of the internal sys_id when saving credentials. This enhancement resolves ECC queue entries that are stuck in the "Ready" state with the error message,"No response for ECC message request after waiting for 30 seconds in ECC Queue."
- Integration now gracefully handles deleted or archived projects. Integration runs continue processing remaining projects even when individual projects return 404 errors. Activate the sn_vul_blackduck.mark_unseen_projects_inactive property to automatically deactivate projects no longer present in Black Duck.

Version 1.1.1 - December 2025

Removed: Admin override check has been removed from the ACLs.

Version 1.0.5 - May 2024

Integrate your Black Duck account with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.