ReversingLabs Integration with ServiceNow
ServiceNow manages SBOMs, but many vendors don’t provide them. Spectra Assure® generates SBOMs from binaries and fills the gaps in ServiceNow’s SBOM ecosystem.
Within the Now Platform, users can create custom Application Vulnerable Items (AVI) rules that highlight an issue if certain conditions are met. For example, a custom rule to detect the Log4Shell vulnerability identified within any of the SBOMs being examined. For each AVI identified, a ticket is created to facilitate remediation actions, responsible owner, status tracking, risk reporting, etc.
All uploaded SBOMs are categorized as a “BOM Entity” (comparable to “Software Version” in Spectra Assure). By selecting a BOM Entity, users can view all components and dependencies that make up a software version, including their corresponding vulnerabilities. Within an SBOM, additional information will be displayed at the component level to support the investigation, such as the number of component versions behind the latest release and what other BOM entities rely on that component.
Using the components tab, users can view a summary of all software components uploaded. ServiceNow enriches these components with additional intelligence for consideration, such as if any of the components detected are stale (> 2 major versions behind the latest) or abandoned (latest component version > 2 years old).
On the Home tab, users can view a summary of all software versions (e.g. BOM entities) uploaded and how many AVIs have been identified across the entire software ecosystem.
Watch to learn how to upgrade your CI/CD pipeline with binary analysis, threat detection, and secure code signing.
Learn More about Trust Secured: Conquer Software-Based Threats in the CI/CD PipelineIn the last year, ReversingLabs observed a 289% increase in threats involving open-source repositories.
Learn More about Integrating Software Supply Chain Security into Security OperationsReduce alert fatigue and eliminate inefficient workflows to address new software supply chain TTPs by using ReversingLabs SSCS.
Learn More about Empowering the SOC: Exposing Hidden Software Supply Chain Threats