Exploring supported applications for Software Bill of Materials
Summarize
Summary of Exploring supported applications for Software Bill of Materials
The Software Bill of Materials (SBOM) applications in ServiceNow integrate with third-party vulnerability intelligence and other tools to enhance the data of uploaded SBOM files. These integrations help you identify stale or abandoned components and assess vulnerabilities, enabling better prioritization and remediation efforts within your software management processes.
Show less
Supported Applications and Integrations
ServiceNow supports several key applications and third-party integrations that enrich SBOM data with vulnerability intelligence, allowing you to manage and prioritize risks effectively. These applications are available from the ServiceNow Store and include:
- Vulnerability Response: Required if you install the SBOM Response application. It provides the Vulnerability Manager Workspace and workflows to remediate application vulnerabilities associated with SBOM components.
- Vulnerability Response Integration with NVD and SBOM Response: Enhances vulnerability data by importing information from National Vulnerability Database (NVD) and Common Weakness Enumeration (CWE) integrations, improving vulnerability context and severity insights.
- Veracode Vulnerability Integration and SBOM Response: Allows import of Veracode SBOM files and includes vulnerability data discovered via Veracode. Supports CycloneDX and SPDX SBOM formats starting with version 4.3 of the Veracode integration and version 3.0 of SBOM Core.
- GitHub Integration with ServiceNow AI Platform: Enables uploading of SBOM files directly from GitHub repositories and CI/CD pipelines. GitHub Actions can be used to protect environments during software development by validating SBOM files before deployment. This feature is available from version 4.0 of SBOM Core.
Practical Benefits for ServiceNow Customers
- Gain enhanced visibility into vulnerabilities affecting software components through enriched data from multiple trusted sources.
- Improve vulnerability prioritization and remediation workflows using integrated vulnerability management tools.
- Streamline SBOM data import and enrichment processes with support for common SBOM standards and formats.
- Integrate SBOM management seamlessly into development pipelines via GitHub, enabling proactive security during software delivery.
Third-party vulnerability intelligence and other integrations with the Software Bill of Materials applications can enhance the data of your uploaded files.
Supported applications benefits
Third-party vulnerability intelligence and other integrations with the Software Bill of Materials applications permit you to view counts for components that are considered stale and abandoned, as well as information about if you can fix any vulnerabilities associated with components.
The ServiceNow® applications and third-party integrations listed in the following table are supported by the SBOM applications. These applications provide you with enriched vulnerability data, vulnerability intelligence, and other key information that can help you view and prioritize the vulnerabilities associated with SBOM files. All these applications and integrations are available from the ServiceNow® Store.
| Benefit | Application | Supported versions | Users |
|---|---|---|---|
|
Vulnerability Response is required if you install the SBOM Response application. Install The Vulnerability Response application prior to installing SBOM Response. Application Vulnerability Response features are installed with Vulnerability Response. These features enable access to the Vulnerability Manager Workspace in the Vulnerability Response application and the vulnerability workflow to help you remediate application vulnerable items (AVIT)s. |
Vulnerability Response |
For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes. |
|
| View enhanced NVD vulnerability and severity data. View imported data from the NVD and CWE integrations to enrich any vulnerability data you might find in your SBOM data. See Importing data with the NVD and CWE integrations and managing third-party libraries for more information. |
Vulnerability Response Integration with NVD and SBOM Response |
For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes. |
|
Import software bills of material files with the Veracode Vulnerability Integration. The Veracode Vulnerability Integration includes the following enhancements with Veracode SBOM files:
See Veracode Vulnerability Integration for more information. |
Veracode Vulnerability Integration and SBOM Response |
Starting with version 4.3 of the Veracode Vulnerability Integration. If you have the Veracode Vulnerability Integration already installed, you can also upload imported Veracode SBOM data in CycloneDX (JSON and XML) and SPDX (XML) formats starting with version v3.0 of SBOM Core. For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes. |
|
|
Upload SBOM files to the ServiceNow AI Platform from your GitHub repositories. Determine if SBOM files generated in your CI/CD (continuous integration and continuous delivery/deployment) pipelines have been successfully queued in your ServiceNow AI Platform instance. Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment. |
Obtain any required GitHub Actions for SBOM upload in the GitHub Marketplace. | Starting with version 4.0 of SBOM Core. |