New Video: How SolarWinds Uses Spectra Assure for Next-Gen SSCS
Watch Now
Don't Get Haunted by Software Supply Chain Risks - Check Out Our October Webinar Series
Register Now
Now Available! Software Supply Chain Security for Dummies
Get the Guide

ReversingLabs Integration with ServiceNow

The ServiceNow Now Platform® offers a comprehensive Software Bill of Materials (SBOM) management solution. However, not all vendors include an SBOM with their software. ReversingLabs Spectra Assure™ can generate an SBOM from a software binary and populate ServiceNow with the necessary information to provide a complete solution for their SBOM ecosystem.

ServiceNow

Populate the ServiceNow platform with an SBOM generated from Spectra Assure

Managing software supply chain risk in the ServiceNow Now Platform

Want things automated?

Try using our APIs.

Spectra Assure and ServiceNow have REST APIs that can be leveraged to automate this SBOM generation & ingestion workflow. See below links for API documentation:

Download SBOM from Spectra Assure: Read here
Upload SBOM to ServiceNow: Read here

Available RL Use Cases With SBOM Workspace

Custom Alerting Rules

Custom Alerting Rules

Within the Now Platform, users can create custom Application Vulnerable Items (AVI) rules that highlight an issue if certain conditions are met. For example, a custom rule to detect the Log4Shell vulnerability identified within any of the SBOMs being examined. 

For each AVI identified, a ticket is created to facilitate remediation actions, responsible owner, status tracking, risk reporting, etc.

SBOM Inspection

SBOM Inspection

All uploaded SBOMs are categorized as a “BOM Entity” (comparable to “Software Version” in Spectra Assure). By selecting a BOM Entity, users can view all components and dependencies that make up a software version, including their corresponding vulnerabilities. 

Within an SBOM, additional information will be displayed at the component level to support the investigation, such as the number of component versions behind the latest release and what other BOM entities rely on that component.

Component Summary

Component Summary

Using the components tab, users can view a summary of all software components uploaded. ServiceNow enriches these components with additional intelligence for consideration, such as if any of the components detected are stale (> 2 major versions behind the latest) or abandoned (latest component version > 2 years old).

SBOM Entity Summary

SBOM Entity Summary

On the Home tab, users can view a summary of all software versions (e.g. BOM entities) uploaded and how many AVIs have been identified across the entire software ecosystem.

Learn more about ReversingLabs’ integration capabilities.

Contact us

More Integration Insights

Awards

Awards