ServiceNow | SAST/DAST ScanningSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Customers are responsible for evaluating and selecting a DAST/SAST scanning tool that best fits their business needs. ServiceNow does not endorse or recommend any particular product.ServiceNow's Application Vulnerability tool works with application vulnerability scanners and the Common Weakness Enumeration (CWE) to assesses DAST and SAST results to identify vulnerable applications and coordinate fixes with developer teams. ServiceNow does not provide internal scan reports to customers and does not perform security scans on customer instances. Customers are responsible for conducting their own scans as required. ServiceNow engages a third-party vendor to perform a penetration test prior to each release and the high-level attestation reports are made for customers to see if they meet their internal or external compliance requirements. These reports are available for customers to access from our CORE Repository on Trust Center. ServiceNow CORE (Compliance Operations Readiness Evidence) is available from our Trust Portal, ServiceNow Trust Portal enables ServiceNow customers to have self-serve access to the documentation they need to help support internal audit and assessment requirements, prepare for onsite audits, and address regulatory requirements and is provided at no additional cost.To gain access to Trust Center, please contact your internal ServiceNow Administrator to provide you access to the below portal: https://support.servicenow.com/now?id=ns_trust_centerOnce access has been provisioned to the CORE Directory on Trust Center, you can find the CORE Directory:https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0959484 Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ServiceNow Penetration Test Summary Reportshttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0966026Customers can engage any internal or third-party vendors to perform a penetration test.Below is our Customer Instance Security Testing | Policy and Procedure, please take time to read and understand it before submitting the findings which will help customers know all about this program and process.https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0538598https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1119943A HealthScan can be initiated either by the customer or through their Support Account Manager, providing a report on the security posture of the instance.The ServiceNow Security Center feature on the application also provides the hardening security posture of the instance.We have ServiceNow Open Source Disclosure Files @ https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216811