Integrating Application Vulnerability Response with other applications

  • Release version: Australia
  • Updated March 13, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Application Vulnerability Response with other applications

    Application Vulnerability Response (AVR) supports integration with third-party vulnerability management systems to enrich vulnerability data within your ServiceNow instance. These integrations enable you to import and manage application vulnerability information from external systems and vendors, enhancing your ability to track and remediate vulnerabilities effectively.

    Show full answer Show less

    Third-party Integrations

    AVR supports multiple third-party integrations, including but not limited to:

    • Wiz Vulnerability Response Integration
    • Fortify Vulnerability Integration
    • GitHub Application Vulnerability Integration
    • Invicti Vulnerability Integration
    • Veracode Vulnerability Integration
    • Black Duck Vulnerability Response Integration
    • Manual ingestion of vulnerabilities
    • Atlassian Jira Integration for agile issue creation

    Important: AVR does not support multi-source integrations, so if multiple third-party integrations are active, there is no automatic deduplication of application vulnerable items across these sources.

    Relationship with CSDM Tables

    AVR and related applications contribute to and consume data from Common Service Data Model (CSDM) tables. This interconnection allows other ServiceNow Security Operations products to leverage enriched vulnerability data, improving overall security management.

    Integration Processing and Performance

    During integration operations, data is processed in paged import queue entries with a one-hour processing limit per entry. To manage long processing times and avoid timeouts, AVR versions 18.2.4 and later send periodic timestamps (heartbeats) indicating active processing status.

    If an import queue entry exceeds the one-hour limit without progress (based on the Last Record Processed timestamp), the system will time out the entry to prevent delays.

    Two system properties control this behavior:

    • snseccmn.recordthresholdheartbeat: Sets how many records are processed before sending a heartbeat.
    • snseccmn.maximumheartbeatdelay: Defines the maximum allowable time without a heartbeat before timing out.

    Managing and Running Integrations

    Integrations are typically scheduled to run automatically but can be executed manually as needed. To run an integration manually, users require the snvul.appreadintegrations role and can navigate to:

    All > Application Vulnerability Response > Administration > Integrations

    From there, select the desired integration and click Execute Now.

    Vulnerability Response includes support for third-party integrations.

    Third-party integrations

    Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors. See the following overview topics for more information about supported integrations:
    Note:

    Multi-source integrations are not supported in Application Vulnerability Response. Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment, there is no application vulnerable item (AVI) deduplication across integrations.

    Vulnerability Response applications and CSDM tables

    The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications. See Vulnerability Response applications and CSDM tables for more information.

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Vulnerability integrations for Application Vulnerability Response are configured to run on a scheduled basis. However, you can run them manually when needed.

    Role required: sn_vul.app_read_integrations

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the record for the integration that you want to run.
    3. Click Execute Now.