Vulnerability Response Integration with Black Duck
The Vulnerability Response integration with Vulnerability Response Integration with Black Duck uses the data that is imported from the Black Duck Software Composition Analysis (SCA) tool to help you determine the impact and priority of the flaws in your code.
Integration overview
With the Vulnerability Response Integration with Black Duck, you can collect SCA and make that data available to the ServiceNow AI Platform. Starting with v22.0.5 of Vulnerability Response, you can import the SCA vulnerabilities data to your instance so that you can identify the vulnerabilities in your software applications. For more information, see Exploring Software Bill of Materials and Exploring supported applications for Software Bill of Materials.
A shared API ingests the SCA data.
Every day, scheduled jobs invoke the integrations automatically in the order that they’re listed. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.
Available versions
| Release version | Release notes |
|---|---|
|
Vulnerability Response Integration with Black Duck 1.0.5 |
Application Vulnerability Response release notes |
User group and roles
The Vulnerability Response Integration with Black Duck is installed by a user with the admin role and is configured by a member of the App-Sec Manager group. For more information, see the Application Vulnerability Response user groups and roles.
For integration run statuses, see View the Vulnerability Response Integration with Black Duck import run status
To view data in the third-party vulnerabilities, see View vulnerability libraries.