0
6.1.0
Zurich, Yokohama, Xanadu Patch 5, Xanadu, Washington DC Patch 5
DevOps Vulnerability Integrations is an additional feature set that is available for ITSM Pro customers. You need to install this application separately besides installing DevOps Change Velocity. It helps you to connect your security tools to DevOps Change Velocity. It enables you to retrieve application vulnerabilities found during Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST) or Software Composition Analysis (SCA) scanning. These vulnerabilities are generally identified by third-party systems such as Veracode or other application vulnerability scanners that are available as out-of-the-box integrations for you to use.
Customers can use this extensible security framework to connect to any security tool that is not supported in the base system of their own. This will allow an organization-wide view of risk exposure for application vulnerabilities. They will have a complete track of application vulnerabilities right from the beginning of the development cycle. Code delivery becomes more reliable even with rapid iterations and, if incidents do arise, they can be resolved more quickly.
- A new security integration framework and data model has been added specifically for application security tools. It is an extensible framework that also allows you to create custom integrations with any application security tools.
- Connect Checkmarx which is integrated with your CI/CD pipelines to DevOps Change Velocity to retrieve security scan results. This helps you determine how vulnerable your code is. Checkmarx scans that are configured on GitHub Actions, Jenkins, and Azure DevOps pipelines are supported in the base system. You can view the security scan results in the related list of a Change Request in your ServiceNow instance or in the Pipeline UI. You can use security results in defining change policies and conditions for change automation.
Changed
- No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
-
Supported on the ServiceNow Xanadu Patch 5 or later releaseRequired Plugins
- ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
- ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
- ServiceNow IntegrationHub Action Template - Data Stream (com.glide.hub.action_type.datastream)
- Legacy IntegrationHub Usage Dashboard (com.glide.hub.usage.dashboard)
- To integrate with ServiceNow ITBM Agile 2.0, the Agile Development 2.0 (com.snc.sdlc.agile.2.0) plugin must be activated.
- To integrate with Jenkins, the ServiceNow DevOps plugin for Jenkins is required
- From the ServiceNow store: (https://store.servicenow.com/sn_appstore_store.do#!/store/application/9a304cc7db185810df5ff3251d9619f3)
- From Jenkins Marketplace: https://plugins.jenkins.io/servicenow-devops/
- To integrate with Azure DevOps, the ServiceNow DevOps extension on Visual Studio Marketplace (https://marketplace.visualstudio.com/items?itemName=ServiceNow.vss-services-servicenow-devops) is required.
App spokes
- Jenkins V2 Spoke – 1.2.0
Jenkins server (if integrating with Jenkins)
- 2.387.3 (minimum version)