Integrating Container Vulnerability Response with other applications

  • Release version: Australia
  • Updated April 1, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Container Vulnerability Response with other applications

    Container Vulnerability Response (CVR) in ServiceNow extends its capabilities by integrating with various container security and vulnerability management applications. It collects vulnerability data for container images deployed at runtime and enriches this data with contextual runtime information, such as hosts, Kubernetes clusters, services, and namespaces. This enriched data is linked to relevant Kubernetes entities in the Configuration Management Database (CMDB) through Kubernetes discovery. CVR also provides a comprehensive dashboard for vulnerability and remediation insights.

    Show full answer Show less

    Key Integrations

    • Palo Alto Networks Prisma Cloud Compute: Scans container images to detect vulnerabilities and feeds this data into CVR.
    • Atlassian Jira: Supports agile issue creation within the Vulnerability Manager Workspace to track remediation of Container Vulnerability Issues and Runtime Threats.
    • Tenable Vulnerability Integration: Imports vulnerability data from Tenable products into CVR.
    • AWS Integration for Security Exposure Management: Imports container vulnerability data from AWS security services.
    • Wiz Container Vulnerability Integration: Included within the Wiz Vulnerability Response Integration to import vulnerability data.

    Integration Processing and Performance Considerations

    During integration, data is processed in pages via multiple import queue entries that must complete within a one-hour time limit. Large payloads may cause processing delays or timeouts. To handle this, starting from CVR version 2.1.2, the system sends periodic timestamps (heartbeats) to indicate active processing. The Last Record Processed field tracks progress and helps identify stuck import entries to time them out and prevent delays.

    Two system properties control heartbeat behavior:

    • snseccmn.recordthresholdheartbeat: Number of processed records before sending a heartbeat timestamp.
    • snseccmn.maximumheartbeatdelay: Maximum allowed delay before timing out an import queue entry.

    Practical Benefits for ServiceNow Customers

    • Gain a unified view of container vulnerabilities enriched with runtime and Kubernetes metadata for better context.
    • Track and remediate vulnerabilities efficiently by integrating with popular security tools and agile issue trackers.
    • Benefit from automated data processing safeguards that maintain integration reliability and prevent processing delays.
    • Leverage ServiceNow’s reporting dashboards to monitor vulnerability trends and remediation progress comprehensively.

    Extend the capabilities of Container Vulnerability Response by integrating with other applications.

    Container Vulnerability Response integrates with container security products to pull vulnerability data for those images which are deployed to runtime. It then enriches the vulnerability data with the runtime contextual information such as hosts, Kubernetes clusters, services, and namespaces where these container images are deployed. With ServiceNow’s Kubernetes discovery, you can see the references created from vulnerabilities to the relevant Kubernetes entities in your Configuration Management Database (CMDB). In addition to enriching the metadata, ServiceNow also offers a comprehensive reporting dashboard to provide insights into the vulnerability and remediation trends.

    Container Vulnerability Response provides integrations with the following applications:

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 2.1.2 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.