Data transformation for the Vulnerability Response Integration with Black Duck
After you identify the data that you want to import, the data is retrieved from the Vulnerability Response Integration with Black Duck, processed through a set of data sources, and transformed in your instance.
Vulnerability Response Integration with Black Duck
The data from the API is first loaded into the Black Duck AppVul Item Import [sn_vul_blackduck_appvul_item_import] table, and the Black Duck AppVul Item Transform is used to transform the imported information.
To access this transform map, navigate to and search for Black Duck AppVul Item Transform. The following table lists the transform map fields by integration.
| Source field | Target field | Description |
|---|---|---|
| app_id | source_app_id | Application ID. |
| issueid | source_avit_id | AVIT ID. |
| app_name | app_name | Application name. |
| version | app_version | Application version. |
| build_id | source_scan_id | Build ID of the application. |
| account_id | account_id | Account ID. |
| sandbox_id | sandbox_id | Sandbox ID. |
| last_update_time | last_scan_date | Last updated time. |
| app_name + last_scan_date | scan_summary_name | Scan summary. |
| life_cycle_stage | source_sdlc_status | Source SDLC status. |
| level | source_severity | Source severity. |
| category_name | category | Category. |
| source_severity | source_severity | Source severity. |
| category_id + " CWE-" + cweId | source_entry_id | Source entry ID. |
| source_vulnerability_summary | source_vulnerability_summary | Source vulnerability summary. |
| source_recommendation | source_recommendation | Source recommendation. |
| description | description | Description from the source. |
| description | source_vulnerability_explanation | Source vulnerability explanation. |
| mitigation_status_desc | source_mitigation_status | Source mitigation status. |
| remediation_status | source_remediation_status | Source remediation status. |
| line | line_number | Line on which the flaw is found. |
| module | application_module | Application module. |
| sourcefile | source_notes | Source notes. |
| affects_policy_compliance | complies_with_policy | Values can be Yes or No based on the source information being true or false. |
| Sourcefilepath + sourcefile | location | Location mapping a static flaw. |
| url | location | Location mapping for a dynamic flaw. |
| scope, type, exploitLevel | source_additional_info | Name value field populated with the values from the source for static flaws. |
The following table lists the transform scripts that are run during the transformation process.
Black Duck transform map script timing and purpose
| When the script is run | Purpose |
|---|---|
| onStart (when an import set has created transformation). | Script that is used to process the record and updates the number of entities created, updated, or unchanged, and the ones that are imported as part of this integration. This script is for internal use and should not be modified or deleted. |
| onBefore (before an import set has completed transformation) | Script that is used to define the behavior for records that are invalid and must be ignored. Also, used to define the global object for record processing. This script is for internal use and shouldn’t be modified or deleted. |
Black Duck Integration state mapping
The following table shows the source states from the Black Duck Vulnerability Integration and their target states in your instance.
| Black Duck source states | Description of source states | Target state in the ServiceNow AI Platform |
|---|---|---|
| New | Vulnerability affects this component version. | Open |
| Needs Review | Can't be determined if a vulnerability affects this component version. | Open |
| Remediation Required | Remediation is required for this version. | Open |
| Remediation Complete | Remediation for this vulnerability is complete. | Closed |
| Mitigated | Vulnerability has been mitigated. | Closed |
| Patched | Vulnerability has been patched. | Closed |
| Ignored | Vulnerability has been ignored. | Closed |