0
2.7.1
Zurich, Yokohama, Xanadu, Washington DC, Vancouver
The Vulnerability Response integration with the Fortify on Demand product imports applications and application vulnerabilities to use with Application Vulnerability Response. Application Vulnerability Response is a feature in the ServiceNow Vulnerability Response application that helps you prioritize and remediate application vulnerabilities.
This integration imports applications and application vulnerabilities that result from Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) into the Application Vulnerability Response feature. Some features of this integration:
- Data import - Scheduled jobs run automatically in your Now Platform instance to import applications, scan summaries, and application vulnerable items.
- CI Lookup Rules - Lookup rules are used to search for configuration items (CIs) in the CMDB with matching information from the Fortify Application Vulnerability Integration.
Fixed:
- Resolved the incorrect consolidation of vulnerabilities across different application releases in the Fortify On-Demand Integration. Previously, vulnerabilities were assigned using only the application ID, ignoring the release ID, causing all versions of an application to show identical vulnerability data.
- The integration now correctly uses both application ID and release ID to assign vulnerabilities to their specific application versions.
- One-time cleanup needs to be performed for the AVITs from Fortify and re-run both the application list and vulnerability list integrations to ensure accurate version-specific vulnerability mapping.
- The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
- Permissions and roles
- Role required: System Admin (admin) or Application Security Manager (a user who is a member of the App-Sec Manager group)