0
30.0.0
Zurich, Yokohama, Xanadu
Note:
- Versions 30.0.X are part of the Innovation Lab (Early Access) release for Unified Security Exposure Management (USEM). These versions are intended for sub-production environments and a limited number of selected customers participating in the USEM Innovation Lab program.
- Upgrade Guidance: If you're not part of the USEM Innovation Lab program and want to upgrade without USEM, please select the latest GA version below 30.x.
Integrate your GitHub Advanced Security deployment with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The GitHub Application Vulnerability Integration is incorporated with the following integrations:
- The Code Scanning Integration provides Static Application Security Testing (SAST) data.
- The Dependabot Integration provides Software Composition Analysis (SCA) data.
- GitHub Secret Scanning Integrations import vulnerabilities for potentially exploitable Client Secrets.
These integrations are compatible with both cloud-based and on-premises GitHub Advanced Security configurations.
When scanners generate alerts through the code scanning and dependabot integrations, they initiate the creation of a vulnerability in Application Vulnerability Response. The vulnerability's state is determined by the triage flags selected by an end user.
- Changed
- Modified integrations to adopt standardized data model and modularized featuresets across Vulnerability Response (VR), and Configuration Compliance.
- Initial Release
- If Github Application Vulnerability Integration for SecOps is installed, a tile to review the integration status run is displayed in the Administration Console.
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles:
Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)