Skip to main content

Snyk and ServiceNow collaborate on new SBOM solution

Written by:

Sarah Conway

May 16, 2023

0 mins read

ServiceNow’s biggest event of the year — Knowledge 2023 — is here, and Snyk is excited to be a part of it with some big news!

Back in January, we announced Snyk Security for Application Vulnerability Response to bring Snyk Open Source software composition analysis to ServiceNow Security Operations. This integration, available from the ServiceNow Store, pushes Snyk insights on vulnerabilities in open source dependencies into the ServiceNow Application Vulnerability Response dashboard. 

We’re proud to be the first partner to bring software composition analysis to ServiceNow. The combination of Snyk’s developer-first security platform and ServiceNow workflows helps you accelerate developer security with centralized visibility, prioritization, and automation.

Now we’re excited to partner with ServiceNow again to support an upcoming feature in ServiceNow Application Vulnerability Response to secure your applications and its associated software bill of materials (SBOM). ServiceNow’s strategic investment in Snyk, announced in early January, is helping us further enhance our industry-leading developer security platform and drive this new integration into ServiceNow’s SBOM module. 

The SBOM is the ingredients list to your code that makes it easier to validate components and identify any vulnerabilities. Gartner predicts adoption of SBOMs will grow from less than 20% in 2022 to 60% in 2025. SBOMs are an important part of securing your code, especially when it uses open source components, as most modern apps do. Legacy open source packages can create challenges, as a study from the Linux Foundation found that production applications are being deployed with components that are no longer supported or have known vulnerabilities. 

With this new SBOM solution (expected in late summer), you’ll be able to know whether any part of your software supply chain is at risk and take quick action to remediate vulnerabilities. The new integration will surface risks identified in your software supply chain using Snyk on top of the SBOM ServiceNow collects from external sources. Snyk offers the most comprehensive, accurate, and timely database for open source vulnerabilities. Snyk’s security intelligence empowers developers with the latest vulnerability data and actionable fixes in the tools and ecosystems they use.

Snyk’s security intelligence combines public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI.

In addition, our internal security researchers contribute their expertise, which combined delivers highly verified, detailed information and fixes for open source and container vulnerabilities.

The end result provides greater visibility to your application security risk and the ability to prioritize workflows, which creates greater efficiency for your developers and more secure applications for your organization.

You can learn more about this integration and how it will protect your software supply chain at Knowledge 2023 in Las Vegas from May 16-18.

State of Open Source Security Report

Snyk analyzed responses from over 500 organizations and anonymized data collected from Snyk product usage to shed light on the current security posture of OS software and trends.