Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Vulnerability Response Integration with Veracode imports applications and application vulnerabilities using Application Vulnerability Response. Application Vulnerability Response is a feature in Vulnerability Response that helps you prioritize and remediate vulnerabilities.
Imports applications and application vulnerabilities resulting from Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), manual penetration testing results, and Software Bill of Materials (SBOM)s from Veracode into the Application Vulnerability Response feature. Some features of this integration:
- CI Lookup Rules - Lookup rules are used to search for configuration items (CIs) in the CMDB with matching information from the Veracode Vulnerability Integration.
- A shared API ingests DAST, SAST, SCA data and manual penetration testing results.
- A separate API is used to ingest SBOM data.
The following enhancements and changes support internal security directives:
- Dictionary fields on sn_vul_app_release and sn_vul_veracode_link_projects are now read-only. A one-time fix script applies the option to existing fields.
- Fix script renamed to a per-plugin name to prevent update set conflicts with other Vulnerability Response plugins.
- Translation packaging updated to match the platform-wide convention. Locales include but are not limited to: Arabic, Portuguese, Chinese, Czech, Dutch, Finnish, French, and French-Canadian.
The following applications must be installed and activated:
- Vulnerability Response.
- ServiceNow Software Bill of Materials applications are required to view the data you import with the Veracode Software Bill of Materials (SBOM) Integration.
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles
- Role required: System Admin (admin) or Application Security Manager (User part of App-Sec Manager group)