0
2.2.0
Yokohama, Xanadu, Washington DC, Vancouver
Integrate your GitHub Advanced Security deployment with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The GitHub Application Vulnerability Integration is incorporated with the following integrations:
- The Code Scanning Integration provides Static Application Security Testing (SAST) data.
- The Dependabot Integration provides Software Composition Analysis (SCA) data.
- GitHub Secret Scanning Integrations import vulnerabilities for potentially exploitable Client Secrets.
These integrations are compatible with both cloud-based and on-premises GitHub Advanced Security configurations.
When scanners generate alerts through the code scanning and dependabot integrations, they initiate the creation of a vulnerability in Application Vulnerability Response. The vulnerability's state is determined by the triage flags selected by an end user.
Fixed:
- Resolved a gap where AVITs were not created if the CVE was absent in the response. The system is now made to fall back to using the GHSA ID to create a third-party entry with associated CWEs, ensuring that all findings are processed and AVITs are created without omissions. An issue was addressed where some updates were missing when deltas were pulled from GitHub Dependabot Alerts. A conditional query parameter was introduced using the sort field to ensure complete and consistent data retrieval.
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles:
Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)