Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Integrate your Black Duck account with ServiceNow Vulnerability Response to prioritize and remediate application vulnerabilities.
The Vulnerability Response Integration with Black Duck incorporates three integration steps:
- Project List Integration - This first integration step pulls and imports data into the Black Duck projects table. You run this integration first as the other integrations depend on the current project and application data that you import with it.
- Application List Integration - This integration step imports applications into the Discovered Applications [sn_vul_release] table for all the versions that are available in the Black Duck projects table.
- Application Vulnerable Item Integration - This integration step imports vulnerable items into your ServiceNow AI Platform based on the vulnerabilities detected by scanners for every discovered application in the system.
The following enhancements and changes support internal security directives:
- Enhancements to the Vulnerability Response Integration with Black Duck to align with ServiceNow Platform Security guidance.
- Fix scripts run once per upgrade.
- Fix script renamed to a per-plugin name to prevent update set conflicts with other Security Operations plugins.
Fixed:
- CVDB framework alignment — Four missing columns added to sn_vul_blackduck_cvd_attributes: short_description, source_risk_score, v3_impact_subscore, status_updated_on so the CVD attributes table fully matches what the Black Duck integration produces. The UI list and form sections now expose these values.
-
The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
For information on Vulnerability Response application compatibility see, "Vulnerability Response and Configuration Compliance Compatibility Matrix" under Supporting Links and Docs.
Permissions and roles- Roles required:
- System Admin (admin)
- Application Security Manager (User assigned to App-Sec Manager group)