November 7, 20230 mins read
Whether internally developed or purchased, your applications can be exposed to a host of vulnerabilities, especially via open source components that are widely used in today’s software. A recent survey found that 60% of data breach victims were compromised due to a known but unpatched vulnerability. Effective prevention and risk management requires being able to understand the vulnerability risk profile for each component of your Software Supply Chain.
Many organizations are adopting a software bill of materials (SBOM) to track the contents of their applications, but the real value of SBOMs comes from knowing when one of those components puts your organization at risk due to a vulnerability.
The new Snyk Vulnerability Intelligence for SBOM integration brings visibility to your SBOMs in ServiceNow Vulnerability Response for a more accurate understanding of risk within the enterprise supply chain. Snyk has the first and only software composition analysis integration (SCA) for ServiceNow, and we’re excited to continue our partnership with this new collaboration.
Get a complete picture of your software component risk
The SBOM integration for ServiceNow Vulnerability Response allows you to add SBOMs for your internally developed and purchased applications manually or via APIs. The package URLs in those SBOMs are used to determine if any components contain vulnerabilities. A centralized dashboard shows infrastructure, cloud, container and application risk, with Snyk identifying vulnerability severity within the context of your applications and software packages. Snyk also provides valuable fix information for vulnerabilities of individual components along with links to help developers, AppSec and SecOps teams understand the full scope of the vulnerability.
Snyk’s guidance makes vulnerability remediation quick and simple, while ServiceNow workflows ensure no fixes are missed. Rules can be created to automatically generate application vulnerable items (AVITs) in ServiceNow Vulnerability Response whenever new vulnerabilities are discovered by Snyk in your SBOMs based on your business requirements. These records allow you to assign remediation tasks to owners, track remediation progress, and notify stakeholders for visibility.
By including Snyk data in ServiceNow SBOM Workspace dashboards, it’s easy to track and fix SBOM risk within ServiceNow remediation workflows. For those who are less technical, the visuals are an effective and powerful view of the SBOM.
Protecting your business from the latest security threats
The new Snyk SBOM integration can also play a key role in managing the risk introduced by new zero-day issues. For example, when a new zero-day is introduced, such as the recent http2 or curl high-severity vulnerabilities, you can quickly search your SBOMs in ServiceNow to identify which applications and components are affected by the vulnerability, along with suggested remediation requirements. Then, to eliminate the risk of any vulnerabilities, you can use familiar ServiceNow Vulnerability Response workflows rather than create a new process.
Other great features of the Snyk Vulnerability Intelligence for SBOM include the ability to analyze third-party SBOMs of purchased applications for vulnerabilities before deployment into your environment and to provide documentation for GRC requirements.
How to get started
Ready to safeguard your entire software supply chain? Download the Snyk Vulnerability Intelligence for ServiceNow integration from the ServiceNow Store.