Automate Security Workflows in ServiceNow with the JFrog Xray Spoke

Automate your Security Workflows in ServiceNow with JFrog Xray Spoke

In 2022, JFrog and ServiceNow engaged in a series of meaningful conversations around the state of DevSecOps and how the industry could benefit from tighter integrations with IT-Operations tools. The idea of “DevSecOps + ServiceOps” is a theme that JFrog and ServiceNow are now exploring and today, we’re excited to announce an integration that will further help software development teams automate many of the tasks needed to start dealing with security and license compliance issues in real-time. 

The new JFrog Xray Spoke (available in the ServiceNow IntegrationHub) provides building-block actions for JFrog Xray and Artifactory as well. These building blocks can be mixed with actions from other spokes for a truly customized and automated experience for your company.

For example, any CVE that JFrog Xray finds in your application components can be sent as an event to ServiceNow Flow Designer to kick off an automated workflow that do things such as: 

  • Route issues to specific team members for resolution
  • Trigger an approval workflow 
  • Ignore certain kinds of violations automatically 
  • Generate violation reports 
  • Tag an artifact or repository with custom metadata

The JFrog Xray Spoke can also help teams be alert to license compliance violations and automate workflows to respond. This enables you to meet audit demands and avoid penalties for improper use of code segments obtained from the open source community.

JFrog Xray Spoke Capabilities in ServiceNow

The JFrog Xray Spoke connects your JFrog Platform to ServiceNow so that you can automate remediation of security and license policy violations through workflows created in Flow Designer. 

Trigger Workflows on Xray Policy Violations

Xray performs regular scans of the binaries in Artifactory repositories that you designate, and identifies all known vulnerabilities in the packages used as dependencies, as well as their license types. You can specify rules for Xray to look for the specific CVEs, severity level, or other criteria that you care most about.

When you create a security or license policy in JFrog Xray based on those rules, you can specify an automatic action to trigger a webhook through the JFrog Platform event service when Xray discovers that policy has been violated. You will use this JFrog feature to send a violation event message from Xray to ServiceNow.

Need More Information?
To see how to create Xray policies and watches, view this support video.

Using Flow Designer, you can use the event message from Xray to trigger a ServiceNow workflow, and perform an automated response sequence through any of your operations ecosystem tools that are connected to ServiceNow.

The Xray event message also includes important information in its JSON payload about the policy violation that you can use to create complex, multi-branch ServiceNow workflows. 

For example, do you want to email your CISO office anytime a high CVE issue is found? That can be automated. Do you want to message or email a development team when issues have been found in a specific build? That too can be done through this integration. 

Drive JFrog Actions from ServiceNow

The JFrog Xray Spoke empowers you to perform actions in Xray and Artifactory from a ServiceNow workflow to automate many of the steps your team might otherwise do manually to respond to security issues.. For example, you can re-scan artifacts and builds in Artifactory, update permissions for JFrog Platform users and groups, create new Ignore Rules in Xray, or manage custom JFrog properties for artifacts.

Xray - create ignore rules

You can combine the JFrog actions of the Xray Spoke with other ServiceNow actions to create rich workflow responses to security and license violations. In this way, JFrog Xray’s monitoring and governance of your mission-critical software supply chain can be made a fully acting partner in your ServiceNow-driven ITSM ecosystem.Make Xray a fully acting partner in your ServiceNow-driven ITSM ecosystem

Example ServiceNow Workflow

The following example workflow in Flow Designer shows how the JFrog Xray Spoke might be used to respond to a security issue.

The example ServiceNow workflow is set to trigger on receipt of a security policy violation event message from Xray.

Trigger ServiceNow rest API

The first action of the workflow creates a violation record from the data payload received in the event webhook from Xray. 

Xray- webhook actions

We’ll then use the severity information to decide how to respond to the violation.

security severity information

A High Severity violation will generate and export a new report in Xray, notify the response team by email, notify the CISO office through Slack, and create a new issue in Jira for developers. 

A Medium Severity violation will just tag the artifact with a custom property to “investigate later,” notify the response team by email, and create a new issue in Jira.

A Low Severity violation will create a new ignore rule in Xray to prevent future notification of this violation.

How to Get Started

You can get the JFrog Xray Spoke from the ServiceNow Integration Hub. Once installed into ServiceNow, you’ll need to connect ServiceNow to your JFrog Platform account by adding your JFrog identity token as a new set of API Key Credentials, along with your JFrog Platform Deployment URL.

You’ll also need to create a ServiceNow webhook in your JFrog Platform, and set up your Xray security and license policies to trigger that webhook.

For details, see the Xray Integration with ServiceNow Spoke documentation

Everything is now ready for you to create ServiceNow workflows through Flow Designer that are triggered by an Xray event message! Watch this quick demo to see how you can use actions from the JFrog Xray Spoke:

For more help or if you have ideas for more actions to add from the JFrog Platform, email partner-support@jfrog.com.