Checkmarx SAST Vulnerability Integration with ServiceNow - Change Log

Addition of a SCA deltas result API. Risks that have been closed or marked as Not Exploitable in SCA will appear as Closed in ServiceNow.

Bugs Fixed:

Washington DC support.

LOC (Lines of Code) information in the SNOW Static Scan Size column of theApplication Vulnerability Scan Summaries table

SAST Unique Identifier, Similarity Id , and Hash of PathNode (Line + Column + FileName), mapped into the Source AVIT ID in SNOW.

In ServiceNow, the vulnerabilities result state changes to closed when resolved in SAST.

If there is a Business Application or Application in the SAST project’s Custom Fields, this information will be mapped to the Business Application column of the Discovered Application and Application Vulnerability Item tables on SNOW.

SAST project’s Custom Fields are mapped to the Source Additional Info column in the Discovered Application table on SNOW.

You may filter up to 10 custom Result States when synchronizing between SAST and SNOW.

Added support for SCA Standalone. Three new integrations were added to synchronize SCA projects, scans, and results to SNOW.

Bug fixes

Added new DevOps Integration which will permit users with the DevOps Change Velocity license to view third-party scan summaries from Security Operations in DevOps.

Bug fixes

Bug fixes

Synchronization of a specific list of projects ( You can add up to 10 projects at a time on the Configuration page to filter out projects in the Application Release Table)

Addition of branch project in the plugin (Branched project is now mapped to a project list)

Custom States will be mapped to SNOW.

Bug fixes

SNOW Vancouver compatibility

The Scan Summary Name column includes scanId , the Last Scan date in AVIT, and the Scan Summary Table.

Added OWSAP Top 10 and SANS 25 information for SAST vulnerabilities in OWASP and Short Description column of Application Vulnerability Entry Table (sn_vul_app_vul_entry.LIST)