0
6.2.2
Yokohama, Xanadu, Washington DC, Vancouver
SBOM Response provides you with visibility into the risks associated with using open-source components in your organization. You can respond to identified risks with the workflow and automation capabilities of the NOW Platform.
- Identify and assess the risks associated with using open-source components.
- Define application vulnerable item (AVIT) creation rules based on risks to trigger the remediation workflows.
Fixed :
- Fixed an issue in OSV integration where conflicts arose with existing NVD entries due to CVE IDs in the payload, resulting in broken component-vulnerability links. The integration now handles such cases to prevent duplicate or invalid records.
Improvements to deps.dev Integration - Optimized the sorting logic for package version lists and replaced the onComplete script with a Business Rule triggered on version updates, improving performance and accuracy in stale/abandoned package detection.
OSV Integration Optimization - Removed unnecessary caching to reduce memory usage and prevent potential out-of-memory issues during large data processing. Business Application Population Enhancement - Now populating business_application on AVIT and app release records only when the associated component has a business application, aligning with customer requirements.
Required role: sn_sbom_resp.sbom_analyst
Dependencies:
- The SBOM Core and Data Model for SBOM applications must be installed to parse and ingest the data from uploaded SBOMs in your instance.