Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
The Vulnerability Response integration with the Fortify on Demand product imports applications and application vulnerabilities to use with Application Vulnerability Response. Application Vulnerability Response is a feature in the ServiceNow Vulnerability Response application that helps you prioritize and remediate application vulnerabilities.
This integration imports applications and application vulnerabilities that result from Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) into the Application Vulnerability Response feature. Some features of this integration:
- Data import - Scheduled jobs run automatically in your Now Platform instance to import applications, scan summaries, and application vulnerable items.
- CI Lookup Rules - Lookup rules are used to search for configuration items (CIs) in the CMDB with matching information from the Fortify Application Vulnerability Integration.
The following enhancements and changes support internal security directives:
- Enhancements to the Fortify Application Vulnerability Integration application to align with ServiceNow Platform Security guidance.
- Preload and customization-detection fix scripts run once per upgrade.
- Translation packaging updated so newly activated locales automatically pick up Fortify-specific translations without requiring an instance repair.
- The following app for Vulnerability Response must be installed and activated:
- Vulnerability Response
- Permissions and roles
- Role required: System Admin (admin) or Application Security Manager (a user who is a member of the App-Sec Manager group)