0
30.1.1
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Integrate your Black Duck account with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The Vulnerability Response Integration with Black Duck incorporates three integration steps:
- Project List Integration - This first integration step pulls and imports data into the Black Duck projects table. You run this integration first as the other integrations depend on the current project and application data that you import with it.
- Application List Integration - This integration step imports applications into the Discovered Applications [sn_vul_release] table for all the versions that are available in the Black Duck projects table.
- Application Vulnerable Item Integration - This integration step imports vulnerable items into your ServiceNow AI Platform based on the vulnerabilities detected by scanners for every discovered application in the system.
New:
Enhancements to Black Duck AVIT mapping to include componentVersionName.
Fixed:
- Black Duck integration configuration so it correctly stores the MID Server name instead of the internal sys_id when saving credentials. This enhancement resolves ECC queue entries that are stuck in the "Ready" state with the error message, "No response for ECC message request after waiting for 30 seconds in ECC Queue."
- The integration now processes deleted or archived projects. Integration runs continue processing remaining projects even when individual projects return 404 errors. Activate the sn_vul_blackduck.mark_unseen_projects_inactive property to automatically deactivate projects no longer present in Black Duck.
-
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles- Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)