ReversingLabs Integration with ServiceNow
ServiceNow manages SBOMs, but many vendors don’t provide them. Spectra Assure® generates SBOMs from binaries and fills the gaps in ServiceNow’s SBOM ecosystem.
Populate the ServiceNow platform with an SBOM generated from Spectra Assure
Managing software supply chain risk in the ServiceNow Now Platform
Available RL Use Cases With SBOM Workspace
Custom Alerting Rules
Within the Now Platform, users can create custom Application Vulnerable Items (AVI) rules that highlight an issue if certain conditions are met. For example, a custom rule to detect the Log4Shell vulnerability identified within any of the SBOMs being examined. For each AVI identified, a ticket is created to facilitate remediation actions, responsible owner, status tracking, risk reporting, etc.
SBOM Inspection
All uploaded SBOMs are categorized as a “BOM Entity” (comparable to “Software Version” in Spectra Assure). By selecting a BOM Entity, users can view all components and dependencies that make up a software version, including their corresponding vulnerabilities. Within an SBOM, additional information will be displayed at the component level to support the investigation, such as the number of component versions behind the latest release and what other BOM entities rely on that component.
Component Summary
Using the components tab, users can view a summary of all software components uploaded. ServiceNow enriches these components with additional intelligence for consideration, such as if any of the components detected are stale (> 2 major versions behind the latest) or abandoned (latest component version > 2 years old).
SBOM Entity Summary
On the Home tab, users can view a summary of all software versions (e.g. BOM entities) uploaded and how many AVIs have been identified across the entire software ecosystem.
Learn more about ReversingLabs’ integration capabilities.
Awards
