ServiceNow SBOM Integration

ServiceNow - Snyk Vulnerability Intelligence for SBOM

The Snyk Vulnerability Intelligence for SBOM app brings Snyk package vulnerability intelligence to SBOMs stored in ServiceNow for a more accurate understanding of risk within the enterprise software supply chain. Together, Snyk and ServiceNow provide the tools to prioritize efficiently and remediate vulnerabilities.

Use cases for ServiceNow SBOM integration

Understand how and where to apply remediation

When a new vulnerability is discovered for a particular package, know which applications are using the package (by version) and what version is needed for remediation.

Compliance and reporting

Identify packages with vulnerabilities within infrastructure based on a complete list of SBOMs stored in ServiceNow to achieve compliance and reporting requirements.

Purchased software security validation

Validate purchased software to ensure the new applications are not introducing vulnerabilities from open-source packages.

Identify, prioritize, and track new high-risk vulnerabilities

Using rules in ServiceNow, application vulnerable items (AVITs) can be created automatically when Snyk discovers high or critical-severity vulnerabilities that put key applications at risk. The AVIT workflow tracks remediation progress and can include stakeholder notification for visibility.

Prerequisites for Snyk Vulnerability Intelligence for SBOM

• Snyk Vulnerability Intelligence for SBOM SKU

• Entitlements needed with ServiceNow. Contact your ServiceNow representative to inquire.

• A valid Purchase Order with Snyk for "Snyk Vulnerability Intelligence for SBOM" and the associated entitlement to activate the integration.

Getting started

From the ServiceNow Store, search Integrations for "Snyk". From there, select "Snyk Vulnerability Intelligence for SBOM". Once that integration is selected, follow the steps in the "Installation Guide" shown on that page.

As your customers upload SBOMs to ServiceNow, whether for purchased applications or internally developed applications, background jobs use the Package URL data found in SBOMs to query the Snyk Vulnerability Intelligence Database and add vulnerabilities to the "Third-Party Library" in ServiceNow.

The "Snyk SBOM Dashboard", included with the installation, provides key metrics from your environment in graphical format.

Demo video

Additional documentation

The "Snyk Vulnerability Intelligence for SBOM" ServiceNow Integration allows you to know when your software is at risk, how to fix it, and track the workflow to completion. In the event of a massive zero-day vulnerability, such as Log4j, you want to quickly see if the vulnerability is present in your environment and which applications are impacted.

Additionally, to better manage risk and compliance requirements, you need a complete list of the open-source and third-party software components used in application development, as well as the ability to identify and triage remediation for any vulnerabilities discovered in SBOM components. Snyk Vulnerability Intelligence for SBOM allows you to identify that risk.

Support

If you need help, contact Snyk Support.