Integrating Application Vulnerability Response with other applications

  • Release version: Xanadu
  • Updated March 4, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Application Vulnerability Response with other applications

    Application Vulnerability Response (AVR) supports integration with third-party vulnerability management systems to enrich vulnerability data within your ServiceNow instance. These integrations enable automated retrieval of application vulnerability information from external vendors and tools, such as Fortify on Demand, GitHub, Invicti, Veracode, Black Duck, and Jira for manual vulnerability ingestion.

    Show full answer Show less

    Note that multi-source integrations are not supported, meaning that if multiple third-party integrations are active, there is no deduplication of application vulnerable items (AVIs) across them.

    Key Features

    • Third-party integrations: Connect AVR to various external vulnerability tools to import and consolidate vulnerability data.
    • Manual issue creation: Within the Vulnerability Manager Workspace, you can manually create agile issues to track remediation of application vulnerabilities.
    • Integration processing: Data is imported asynchronously in paged batches through import queue entries, with mechanisms to track progress and detect stuck or timed-out imports.
    • Heartbeat mechanism: Starting in version 18.2.4, periodic timestamps (heartbeats) are sent during import processing to indicate active progress, helping prevent false timeouts.
    • Configurable system properties: Controls such as the record threshold for heartbeats and maximum allowed delay before timing out an import queue entry can be adjusted for your environment.
    • Scheduled and manual execution: Integrations typically run on a schedule but can be triggered manually by users with the appropriate role.

    Practical Use and Requirements

    • Role needed: To run integrations manually, users require the snvul.appreadintegrations role.
    • Execution steps: Navigate to All > Application Vulnerability Response > Administration > Integrations, open the desired integration record, and select "Execute Now" to trigger the import.

    Why This Matters

    By integrating external vulnerability data sources, ServiceNow customers can maintain a more complete and up-to-date view of application vulnerabilities directly within the platform. This facilitates better vulnerability management, prioritization, and remediation tracking without manual data entry or reconciliation across disparate systems.

    Understanding the import process and timeout handling ensures smoother integration operation and helps in troubleshooting potential import delays or failures.

    Vulnerability Response includes support for third-party integrations.

    Third-party integrations

    Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors. See the following overview topics for more information about supported integrations:
    Note:

    Multi-source integrations are not supported in Application Vulnerability Response. Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment, there is no application vulnerable item (AVI) deduplication across integrations.

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Vulnerability integrations for Application Vulnerability Response are configured to run on a scheduled basis. However, you can run them manually when needed.

    Role required: sn_vul.app_read_integrations

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the record for the integration that you want to run.
    3. Click Execute Now.