[ServiceNow] SOAR-18473: bump SDK and address vulnerabilities (#3008) (…

…#3046) * SOAR-18473: bump SDK and address vulnerabilities * update the help md * plugin.spec sync * fixing validator * Updating help.md (formatting) --------- Co-authored-by: Robert <[email protected]>
rapid7 · Jan 15, 2025 · d7b5853 · d7b5853
1 parent 7a8fa77
commit d7b5853
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 20 deletions.
diff --git a/plugins/servicenow/.CHECKSUM b/plugins/servicenow/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "3bab886667ceb9dba39181f6a441fa10",
-	"manifest": "d7118569399e88fcb3953984c8f4f2ad",
-	"setup": "40aeb0a629c0d9382edab6c3ca043b97",
+	"spec": "c3ae1da25557460ad543d9434f6eeb51",
+	"manifest": "de3b4607248ad49ab38f25c2899f629a",
+	"setup": "dead9576e6a14815dcb13463a4315083",
 	"schemas": [
 		{
 			"identifier": "create_change_request/schema.py",

diff --git a/plugins/servicenow/Dockerfile b/plugins/servicenow/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.3
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python

diff --git a/plugins/servicenow/bin/icon_servicenow b/plugins/servicenow/bin/icon_servicenow
@@ -6,8 +6,8 @@ from sys import argv
 
 Name = "ServiceNow"
 Vendor = "rapid7"
-Version = "8.0.3"
-Description = "ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes"
+Version = "8.0.4"
+Description = "[ServiceNow](https://www.servicenow.com/) is a tool for managing incidents and configuration management. This plugin allows users to manage all aspects of incidents including creation, search, and updates. Additionally, incident changes can be monitored and processed for use in a Rapid7 InsightConnect workflow.Note: This plugin affects only the underlying tables in a ServiceNow instance, not its UI. Hence, this plugin will work seamlessly with Virtual Task Boards"
 
 
 def main():

diff --git a/plugins/servicenow/help.md b/plugins/servicenow/help.md
@@ -2,7 +2,7 @@
 
 [ServiceNow](https://www.servicenow.com/) is a tool for managing incidents and configuration management. This plugin allows users to manage all aspects of incidents including creation, search, and updates. Additionally, incident changes can be monitored and processed for use in a Rapid7 InsightConnect workflow.
 
-Note: This plugin affects only the underlying tables in a ServiceNow instance, not its UI. Hence, this plugin will work seamlessly with Virtual Task Boards.
+Note: This plugin affects only the underlying tables in a ServiceNow instance, not its UI. Hence, this plugin will work seamlessly with Virtual Task Boards
 
 # Key Features
 
@@ -17,12 +17,12 @@ Note: This plugin affects only the underlying tables in a ServiceNow instance, n
 * ServiceNow username, password, client ID, and client secret (for OAuth authentication) 
 * ServiceNow instance name
 
-Please note that to use certain actions it's necessary to use scopes that have permissions on certain tables. Depending on the actions, it's necessary to add specific auth scopes:
+* Please note that to use certain actions it's necessary to use scopes that have permissions on certain tables. Depending on the actions, it's necessary to add specific auth scopes:
 
-- Create/Read/Update/Delete Incident and Incident Attachments (table `incident` with permissions create/read/write/delete)
-- Create/Read/Update/Delete Security Incident (table `sn_si_incident` with permissions create/read/write/delete)
-- Create/Read/Update/Delete Vulnerability (table `sn_vul_vulnerable_item` with permissions create/read/write/delete)
-- Create Change Request (table `sn_chg_rest` with create permissions)
+  - Create/Read/Update/Delete Incident and Incident Attachments (table `incident` with permissions create/read/write/delete)
+  - Create/Read/Update/Delete Security Incident (table `sn_si_incident` with permissions create/read/write/delete)
+  - Create/Read/Update/Delete Vulnerability (table `sn_vul_vulnerable_item` with permissions create/read/write/delete)
+  - Create Change Request (table `sn_chg_rest` with create permissions)
 
 # Supported Product Versions
 
@@ -1681,11 +1681,12 @@ Example output:
 
 
 ## Troubleshooting
-  
-*This plugin does not contain a troubleshooting.*
+
+* This plugin does not contain a troubleshooting.
 
 # Version History
 
+* 8.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities
 * 8.0.3 - Update to resolve issue parsing response from ServiceNow if XML is received
 * 8.0.2 - Initial updates for fedramp compliance | Updated SDK to the latest version
 * 8.0.1 - Update Setuptool to version 70.0.0 | Update SDK to version 6.0.0

diff --git a/plugins/servicenow/plugin.spec.yaml b/plugins/servicenow/plugin.spec.yaml
@@ -3,8 +3,8 @@ extension: plugin
 products: ["insightconnect"]
 name: servicenow
 title: ServiceNow
-description: ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes
-version: 8.0.3
+description: "[ServiceNow](https://www.servicenow.com/) is a tool for managing incidents and configuration management. This plugin allows users to manage all aspects of incidents including creation, search, and updates. Additionally, incident changes can be monitored and processed for use in a Rapid7 InsightConnect workflow.\n\nNote: This plugin affects only the underlying tables in a ServiceNow instance, not its UI. Hence, this plugin will work seamlessly with Virtual Task Boards"
+version: 8.0.4
 connection_version: 8
 supported_versions: ["2023-10-28 Tokyo"]
 vendor: rapid7
@@ -26,7 +26,7 @@ hub_tags:
   features: []
 sdk:
   type: slim
-  version: 6.1.3
+  version: 6.2.2
   user: nobody
 key_features:
   - "Search, Read, Create, Delete, and Update incidents to accelerate ticketing operations"
@@ -36,7 +36,8 @@ key_features:
 requirements:
   - "ServiceNow username and password (for basic authentication)"
   - "ServiceNow username, password, client ID, and client secret (for OAuth authentication) "
-  - "ServiceNow instance name"
+  - "ServiceNow instance name\n"
+  - "Please note that to use certain actions it's necessary to use scopes that have permissions on certain tables. Depending on the actions, it's necessary to add specific auth scopes:\n\n  - Create/Read/Update/Delete Incident and Incident Attachments (table `incident` with permissions create/read/write/delete)\n  - Create/Read/Update/Delete Security Incident (table `sn_si_incident` with permissions create/read/write/delete)\n  - Create/Read/Update/Delete Vulnerability (table `sn_vul_vulnerable_item` with permissions create/read/write/delete)\n  - Create Change Request (table `sn_chg_rest` with create permissions)"
 links:
   - "[ServiceNow](https://www.servicenow.com/)"
 references:
@@ -45,7 +46,10 @@ references:
   - "[ServiceNow User Administration](https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/roles/concept/c_UserAdministration.html)"
   - "[ServiceNow Operators](https://docs.servicenow.com/bundle/quebec-platform-user-interface/page/use/common-ui-elements/reference/r_OpAvailableFiltersQueries.html)"
   - "[ServiceNow Plugin Setup Guide](https://docs.rapid7.com/insightconnect/servicenow)"
+troubleshooting:
+  - "This plugin does not contain a troubleshooting."
 version_history:
+  - "8.0.4 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities"
   - "8.0.3 - Update to resolve issue parsing response from ServiceNow if XML is received"
   - "8.0.2 - Initial updates for fedramp compliance | Updated SDK to the latest version"
   - "8.0.1 - Update Setuptool to version 70.0.0 | Update SDK to version 6.0.0"

diff --git a/plugins/servicenow/setup.py b/plugins/servicenow/setup.py
@@ -3,8 +3,8 @@
 
 
 setup(name="servicenow-rapid7-plugin",
-      version="8.0.3",
-      description="ServiceNow is a tool for managing incidents and configuration management. Using the ServiceNow plugin for Rapid7 InsightConnect, users can manage all aspects of incidents including creation, search, updates, as well as monitor them for changes",
+      version="8.0.4",
+      description="[ServiceNow](https://www.servicenow.com/) is a tool for managing incidents and configuration management. This plugin allows users to manage all aspects of incidents including creation, search, and updates. Additionally, incident changes can be monitored and processed for use in a Rapid7 InsightConnect workflow.Note: This plugin affects only the underlying tables in a ServiceNow instance, not its UI. Hence, this plugin will work seamlessly with Virtual Task Boards",
       author="rapid7",
       author_email="",
       url="",