Integrate your GitHub Advanced Security deployment with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The GitHub Application Vulnerability Integration is incorporated with the following integrations:
- The Code Scanning Integration provides Static Application Security Testing (SAST) data.
- The Dependabot Integration provides Software Composition Analysis (SCA) data.
- GitHub Secret Scanning Integrations import vulnerabilities for potentially exploitable Client Secrets.
These integrations are compatible with both cloud-based and on-premises GitHub Advanced Security configurations.
When scanners generate alerts through the code scanning and dependabot integrations, they initiate the creation of a vulnerability in Application Vulnerability Response. The vulnerability's state is determined by the triage flags selected by an end user.
New :
We have introduced a new integration 'GitHub Organizations Integration" which can fetch the Organization's data created within an enterprise GitHub account, when an enterprise API is selected on the configuration screen.
Fixed :
- Enterprise API Configuration is now enabled.
- OAuth authentication issues have been fixed.
- Pagination issues have been resolved with Dependabot integration.
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles:
Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)