Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Integrate your GitHub Advanced Security deployment with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The GitHub Application Vulnerability Integration is incorporated with the following integrations:
- The Code Scanning Integration provides Static Application Security Testing (SAST) data.
- The Dependabot Integration provides Software Composition Analysis (SCA) data.
- GitHub Secret Scanning Integrations import vulnerabilities for potentially exploitable Client Secrets.
These integrations are compatible with both cloud-based and on-premises GitHub Advanced Security configurations.
When scanners generate alerts through the code scanning and dependabot integrations, they initiate the creation of a vulnerability in Application Vulnerability Response. The vulnerability's state is determined by the triage flags selected by an end user.
Fixed:
Updated GitHub integration configuration ACL to allow users with sn_vul_github.configure_integration role to create records in sn_vul_github_config table. This role replaces the nobody role, which was overly restrictive.
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles:
Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)