ServiceNow customers can now leverage JFrog Xray violations for on-call management, collaboration, and incident response.
This integration allows Lightstep to get security and license compliance data that will automatically alert your development teams and allow them to prioritize which issues to respond to. Additionally, this information can be leveraged by Lightstep’s platform of tools for observability and automation.
The continuous growth in use of open source software (OSS) components, exposes code bases to potential hidden vulnerabilities and license compliance violations. JFrog Xray is the Software Composition Analysis (SCA) tool that monitors and provides insights into your (OSS) packages regarding security and compliance. It is an integral part of the JFrog DevOps Platform, and is now natively integrated with ServiceNow Lightstep, which organizes all your security alerts, routes issues to teams based on criticality, and allows teams real-time information about the safety of your applications. By taking the best of both solutions you can achieve security, compliance and traceability for your software artifacts.
Impact Analysis
When a security vulnerability or license issue is detected in any GO package, Xray analyzes how it affects all other artifacts in your component graph and displays the impact chains in your organization, ensuring that your software services and applications are safe and compliant.
ServiceNow Spoke and Xray
Overview
The JFrog Xray Spoke on the ServiceNow platform focuses primarily on security and license compliance violations. This integration allows users to create workflows that trigger once an incoming violation is found.
Spokes provide users the ability to build steps that automate JFrog Xray actions taken during security mitigation such as generating reports, updating team permissions, and adding custom item properties.
Xray Provides Deep Recursive Scan Through All Layers
Unprecedented visibility of your artifacts and dependencies enables Xray to provide an impact analysis of any issues discovered in your software. Deep recursive scanning examines all the underlying layers and dependencies of components, even those packaged in Docker images and ZIP files. With the new JFrog Xray Spoke, you can use this data to build workflows that help teams automate many of the mitigation steps needed to address security and compliance issues.
Enterprise Ready
As scaling complexity grows, the need for software composition analysis becomes more important. Xray allows you to drill down or zoom out within your entire components graph and identify the real impact of every violation found. This can help you reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. Xray's highly available active-active cluster architecture ensures continuous security and governance to your software packages. Scale your environment to as many nodes as you need and enhance Xray's performance by delegating all shared workload across available cluster nodes. Seamlessly and instantly synchronize all data, configuration, cached objects and scheduled job changes across all cluster nodes.
Blog
Automate Security Workflows in ServiceNow with the JFrog Xray Spoke