ServiceNow Lightstep Incident Response for Xray

Benefits of Integration

On-call management and observability platform that enables SREs and IT Operations staff to accomplish the following through ServiceNow Lightstep Incident Response:

  • Notify teams of key Xray security and license compliance alerts
  • Identify incidents earlier in their DevOps pipeline
  • Engage the necessary teams for timely response and remediation 
  • Displays Xray alerts spanning high-level service maps to specific signals contributing to issues in production
  • Optimize on-call management with automated, rapid response tools

Overview

Securing your software supply chain requires proactively identifying compliance issues and security vulnerabilities early in your software development lifecycle. With the combination of JFrog Xray software security code scanning and Lightstep Incident Response, organizations can identify software vulnerabilities immediately as events arise and engage the necessary teams for timely response and remediation.

JFrog Xray is the universal software composition analysis (SCA) solution that enables SREs, IT SysAdmins and developers on DevSecOps teams to proactively identify open source software vulnerabilities and license compliance violations before they manifest in production, and swiftly remediate across the entire application inventory.

Integration Features

Lightstep Incident Response is a service event management tool for SREs and IT Operations staff to connect all their various tools to manage response to outages.  The JFrog integration with ServiceNow Lightstep delivers notifications and actionable alerts to Xray you wish to make visible, such as software binary security vulnerabilities and open source license compliance issues. Notifications can be paused, deleted, or invoke the JFrog Platform for more details from within the Lightstep incident reporting monitor.

Xray can send software security vulnerability and open source license compliance notifications to the Lightstep monitor based on policies setup in JFrog Xray. 

Use Cases

  • SRE/IT Admin Oversight – Configuring Xray policy settings can ensure robust, continuous scanning of all production releases. Notifications sent through the Lightstep Incident Reporting monitor enable rapid response to all relevant security vulnerabilities that are discovered.
  • Quality Assurance – QA teams can configure Xray policies and watches to monitor software security violations and license compliance issues through Lightstep for prompt resolution.
  • Shift Left Security – Developers and Dev managers configure Xray policies and watches to continuously scan targeted artifact repositories used for milestone dev builds. Notifications sent through Lightstep alert the development team of security vulnerabilities and enable resolution at the earliest point in the development lifecycle.

Release Fast Or Die