JFrog Xray Spoke for ServiceNow

By giannit

Xray Workflows for IT Operations Staff, SREs and Developers

Benefits of Integration

The JFrog Xray Spoke enables enterprises to accomplish the following:

  • Enables out-of-the-box actions from Xray that your company can use in ServiceNow workflows to automate your overall security mitigation operations
  • Delivers Xray functionality through API calls to the ServiceNow NOW platform for seamless automated reporting and mitigation
  • Provides JFrog Xray data software security vulnerabilities and open source license compliance issues available to users in ServiceNow.   
  • Allows teams to generate reports, create ignore rules, add custom item properties, scan builds and artifacts, and create custom approval workflows.
get the jfrog spoke

 

Overview

The JFrog Xray Spoke enables teams to use low code functionality in the ServiceNow platform to build automated workflows with Xray and Artifactory, bringing DevSecOps and ServiceOps together seamlessly to empower teams to deliver safe software fast.

JFrog Xray is the universal software composition analysis (SCA) tool that enables DevSecOps teams to proactively identify open source vulnerabilities and license compliance violations before they manifest in production, and swiftly remediate across the entire application inventory.

With the JFrog Xray Spoke, security and license policy violations detected by Xray can trigger ServiceNow workflows for rapid response. Through the ServiceNow Flow Designer, ServiceOps teams can construct automated workflows that drive further Xray actions, such as generating violations reports, creating new ignore rules, re-scanning builds and artifacts, assigning custom item properties, or assigning new permissions to users and groups. When used with Spokes for other services such as messaging, e-mail, or ticket creation, the out-of-the-box actions of the JFrog Xray Spoke empower teams to respond reliably and rapidly with comprehensive security, operational, and administrative workflows in ServiceNow to automate your overall IT operations. 

Integration Features

The JFrog Spoke has actions that can be combined with other native Spokes from ServiceNow and other third-party tools to create enterprise-grade workflows for vulnerability and change management for all your ITSM needs.

Overall Features:

  • Track Xray Vulnerabilities
  • Track License Violations
  • Create Ignore Rules
  • Create Users and Groups
  • Update Permissions for Users and Groups
  • Approval Workflows
  • Generate and Send Violations Reports
  • Trigger Scans of new Artifacts and Builds
  • Manage Custom Item Properties

Use Cases

  • Production Engineering – Build workflows that help track where an artifact or component is in its security journey and help manage builds when important software security or compliance events are detected to enable quick remediation.
  • SRE/IT Admin Oversight – Configuring Xray related workflows that automatically inform the right development and compliance teams can ensure robust and secure applications at every step in the release lifecycle. 
  • Quality Assurance – QA teams can configure custom workflows that monitor and mitigate software security violations based on their organization’s unique delivery process and use other Spoke actions to automate many tasks.
  • Shift Left Security – Developers and Dev managers configure Xray policies and watches to continuously scan targeted artifact repositories used for milestone dev builds. Notifications sent to the Xray Spoke help development teams mitigate security vulnerabilities and enable resolution at the earliest point in the development lifecycle.
get the jfrog spoke

Release Fast Or Die