Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
The Vulnerability Response integration with the Fortify on Demand product imports applications and application vulnerabilities to use with Application Vulnerability Response. Application Vulnerability Response is a feature in the ServiceNow Vulnerability Response application that helps you prioritize and remediate application vulnerabilities.
This integration imports applications and application vulnerabilities that result from Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) into the Application Vulnerability Response feature. Some features of this integration:
- Data import - Scheduled jobs run automatically in your Now Platform instance to import applications, scan summaries, and application vulnerable items.
- CI Lookup Rules - Lookup rules are used to search for configuration items (CIs) in the CMDB with matching information from the Fortify Application Vulnerability Integration.
New
- If Fortify Application Vulnerability Integration for SecOps is installed, a tile to review the integration status run is displayed in the Administration Console.
Changed
- Modified integrations to adopt standardized data model and modularized feature sets for Application Vulnerability Response (AVR).
- The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
- Permissions and roles
- Role required: System Admin (admin) or Application Security Manager (a user who is a member of the App-Sec Manager group)