Exploring supported applications for Software Bill of Materials

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Supported Applications for Software Bill of Materials

    The Software Bill of Materials (SBOM) applications enhance your vulnerability management by integrating third-party vulnerability intelligence and other tools, providing insights into component vulnerabilities within your uploaded SBOM files. These integrations allow for better visibility into stale components and associated vulnerabilities, enabling prioritized remediation efforts.

    Show full answer Show less

    Key Features

    • Vulnerability Response Integration: Required for using SBOM Response, this integration allows access to the Vulnerability Manager Workspace and workflow to remediate application vulnerabilities.
    • Enhanced Data Access: Users can view enriched National Vulnerability Database (NVD) data and Common Weakness Enumeration (CWE) information to improve vulnerability assessments.
    • Veracode Vulnerability Integration: This feature allows the import of SBOM files with integrated Veracode data, facilitating the identification of vulnerabilities during uploads.
    • GitHub Integration: Users can upload SBOM files from GitHub repositories, ensuring that files generated in CI/CD pipelines are correctly processed within ServiceNow.

    Key Outcomes

    By utilizing the supported applications and integrations, ServiceNow customers can effectively manage and remediate vulnerabilities in their software components, enhance their security posture, and streamline their development processes through automated uploads and enriched data access.

    Third-party vulnerability intelligence and other integrations with the Software Bill of Materials applications can enhance the data of your uploaded files.

    Supported applications benefits

    Third-party vulnerability intelligence and other integrations with the Software Bill of Materials applications permit you to view counts for components that are considered stale and abandoned, as well as information about if you can fix any vulnerabilities associated with components.

    The ServiceNow® applications and third-party integrations listed in the following table are supported by the SBOM applications. These applications provide you with enriched vulnerability data, vulnerability intelligence, and other key information that can help you view and prioritize the vulnerabilities associated with SBOM files. All these applications and integrations are available from the ServiceNow® Store.

    Table 1. Supported applications and third-party integrations
    Benefit Application Supported versions Users

    Vulnerability Response is required if you install the SBOM Response application. Install The Vulnerability Response application prior to installing SBOM Response.

    Application Vulnerability Response features are installed with Vulnerability Response. These features enable access to the Vulnerability Manager Workspace in the Vulnerability Response application and the vulnerability workflow to help you remediate application vulnerable items (AVIT)s.

    		 Vulnerability Response

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes.
    View enhanced NVD vulnerability and severity data. View imported data from the NVD and CWE integrations to enrich any vulnerability data you might find in your SBOM data.

    See Importing data with the NVD and CWE integrations and managing third-party libraries for more information.

    		 Vulnerability Response Integration with NVD and SBOM Response

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes.
    Import software bills of material files with the Veracode Vulnerability Integration. The Veracode Vulnerability Integration includes the following enhancements with Veracode SBOM files:
    • If you have installed SBOM Response, you have the option to include vulnerabilities found by SBOM for the SBOM files you upload.
    • SBOM is mapped to the Source field for records in the Bill of Materials [sn_sbom_doc] table for the SBOM SBOM files that you upload.

    See Veracode Vulnerability Integration for more information.

    		 Veracode Vulnerability Integration and SBOM Response

    Starting with version 4.3 of the Veracode Vulnerability Integration.

    If you have the Veracode Vulnerability Integration already installed, you can also upload imported Veracode SBOM data in CycloneDX (JSON and XML) and SPDX (XML) formats starting with version v3.0 of SBOM Core.

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes.

    Upload SBOM files to the ServiceNow AI Platform from your GitHub repositories. Determine if SBOM files generated in your CI/CD (continuous integration and continuous delivery/deployment) pipelines have been successfully queued in your ServiceNow AI Platform instance.

    Protect your environments from potentially harmful components during software development cycles with GitHub Actions that you initiate from your GitHub environment.

    		 Obtain any required GitHub Actions for SBOM upload in the GitHub Marketplace. Starting with version 4.0 of SBOM Core.