Skip to content
/ vulnerability-response Public

A GitHub Action to facilitate integrating with ServiceNow SBOM Workspace.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ServiceNow/vulnerability-response

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
dist
dist
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

ServiceNow SBOM Upload

This action needs to be added at step level in a job to upload a SBOM document to a ServiceNow instance.

Product Links

Usage

This action facilitates uploading a SBOM document to the SBOM Workspace. Configuring the action input parameter's provider, repository, and path values determines which SBOM document the action will upload.

Prerequisites

  • The Vulnerability Response application must already be installed on the provided ServiceNow instance

  • The following repository secrets must be set:

    Secret Name Example Description
    SN_INSTANCE_URL https://instance.service-now.com/ The URL of the ServiceNow instance with an accessible SBOM Workspace. Ensure the URL has the scheme (https), subdomain (instance), domain (service-now), and top-level domain (com) for your instance.
    SN_SBOM_USER username The username used to log into the ServiceNow instance.
    SN_SBOM_PASSWORD password The password used to log into the ServiceNow instance.
    GH_TOKEN gh_78dajnkrffj2806fuz7578o A GitHub token used to access the repository that is storing the SBOM document.

    The GH_TOKEN must be generated with the repo scope.

    GitHub repository secrets documentation.

Usage

The action may be launched from any supported GitHub Action trigger. The example below is sensitive to push events.

on: [push]

jobs:
  sbom-upload:
    runs-on: ubuntu-latest
    name: SBOM Workspace Upload
    steps:
      - name: Upload
        id: upload
        uses: ServiceNow/vulnerability-response@<RELEASE TAG>
        with:
          sn-sbom-user: ${{ secrets.SN_SBOM_USERNAME }}
          sn-sbom-password: ${{ secrets.SN_SBOM_PASSWORD }}
          sn-instance-url: ${{ secrets.SN_INSTANCE_URL }}
          gh-token: ${{ secrets.GH_TOKEN }}
          gh-account-owner: <REPOSITORY OWNER>
          repository: <REPOSITORY NAME>
          provider: 'repository'
          path: 'sboms/sample_sbom.txt'

Non-Optional, Public Inputs: Configuration

These inputs configure the behavior of the action.

Input Name Example Description
gh-account-owner github-account The account that owns the target repository.
repository github-repository The name of the repository that holds the target SBOMs.
provider repository The value repository must be supplied here.
path sboms/sample_sbom.json The absolute path within the provided repository to the SBOM document.

Optional, Public Inputs: API Parameters

These inputs are passed as search parameters to underlying SBOM Workspace upload endpoint. Refer to API documentation for further details.

Input Name Type Description
business-application-id <Sys ID> SYS ID of the business application to map with the root application of given SBOM.
business-application-name String Name of business application to map with the root application of given SBOM.
build-id String Build ID of the SBOM build.
product-model-id <Sys ID> SYS ID of product model to map with the root application of given SBOM.
requested-by Boolean Determines if devops workflow is executed.
lifecycle-stage production | pre_production Life cycle stage of the entity (i.e., production, pre_production).
fetch-vulnerability-info Boolean Flag to run the vulnerability intelligence integration.
fetch-package-info Boolean Flag to run the package intelligence integration.

Non-Optional, Secret Inputs

Secret Name Example Description
sn-sbom-user username The username used to authenticate into the instance that has SBOM Workspace installed.
sn-sbom-password password The password used to authenticate into the instance that has SBOM Workspace installed.
sn-instance-url https://instance.service-now.com/ The URL of the ServiceNow instance that has SBOM Workspace installed.
gh-token gh_78dajnkrffj2806fuz7578o A GitHub token used to access the repository that is storing the SBOM document.

Annotated Fields

  • uses: Points to the ServiceNow SBOM Upload GitHub Action. Replace <RELEASE TAG> with the appropriate version of the Action.
  • gh-account-owner: The account name that owns the target repository. Replace <REPOSITORY OWNER> with the appropriate account owner string. It can be found within the URL of the calling repository.
  • repository: The repository name that holds the target SBOM document. Replace <REPOSITORY NAME> with the appropriate repository string. It can be found within the URL of the calling repository.

Results

On successful upload, the following output is display, indicating the SBOM has been uploaded and is enqueued for processing:

{
  result: {
    status: 'success',
    message: 'Queued for processing.',
    bomRecordId: 'abc123xyzabc123xyzabc123xyzabc123'
  }
}

About

A GitHub Action to facilitate integrating with ServiceNow SBOM Workspace.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages